Home page logo

fulldisclosure logo Full Disclosure mailing list archives

DDIVRT-2013-51 DALIM Dialog Server 'logfile' Local File Inclusion
From: ddivulnalert <ddivulnalert () ddifrontline com>
Date: Wed, 6 Mar 2013 15:03:56 -0600

DDIVRT-2013-51 DALIM Dialog Server 'logfile' Local File Inclusion


Date Discovered
February 14, 2013

Discovered By
Digital Defense, Inc. Vulnerability Research Team
Credit: 0x00string, Ryan Oliver and r () b13$

Vulnerability Description
The DALIM Dialog Server contains a local file inclusion vulnerability within the 'logfile' file viewing component. An 
authenticated remote attacker can use this weakness to view arbitrary files from the DALIM Dialog Server's root file 

Solution Description
DALIM has provided a software update which addresses this issue in the form of DiALOG_Server- The update is 
available from DALIM.

Tested Systems / Software
Apple Mac OS X running DALIM Dialog server 6.0

Vendor Contact
Vendor Name: Dalim Software GmbH
Vendor Website: http://www.dalim.com/
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
  • DDIVRT-2013-51 DALIM Dialog Server 'logfile' Local File Inclusion ddivulnalert (Mar 06)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]