16 Dezember 2006

Multiple flaws in VHCS 2.x

Román Medina-Heigl Hernández (a.k.a. RoMaNSoFt) published several security flaws in VHCS 2.x

URL:http://www.rs-labs.com/adv/RS-Labs-Advisory-2006-1.txt

I recommend all users to patch bug #3 and #4

There is no workaround for bug #4, so you should disable the script:

[...]/vhcs2/gui/admin/add_user.php

Just add die(); at the first line. (As long as you don't need to add new admin users, you can safely do this)

BTW: These guys take advantage of bug #4:
http://old.zone-h.org/defacements/filter/filter_defacer=AnadoluHackers.org

So, if you don't want to see your website in this list, fix this bug on your own!


cu Maik
von Maik Irmscher um 11:02
Labels: ,

0 Kommentare:

Kommentar veröffentlichen

Abonnieren Kommentare zum Post (Atom)