[Full-disclosure] Re: ekg insecure temporary file creation and arbitrary code execution

From: Adam Wysocki (gophi_at_apcoh.org)
Date: 07/06/05

Next message: rlh_at_hush.ai: "[Full-disclosure] Researching IMISERV (wupdt.exe)"

Previous message: Sune Kloppenborg Jeppesen: "[Full-disclosure] [ GLSA 200507-06 ] TikiWiki: Arbitrary command execution through XML-RPC"
In reply to: ZATAZ Audits: "[Full-disclosure] ekg insecure temporary file creation and arbitrary code execution"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 6 Jul 2005 22:05:09 +0200 (CEST)
To: ZATAZ Audits <exploits@zataz.net>

05.07.05 exploits@zataz.net wrote:

> Vendor informed: yes

Hi,

What do you understand by "Vendor informed"? We haven't received any
email from you neither to private addresses nor ekg-users/ekg-devel
mailing lists. Please also note that the script you pointed at is
contributed by a third-party author and isn't part of ekg itself,
neither is installed by default.

Greetings,

Adam Wysocki
ekg team

-- 
Adam Wysocki * http://www.gophi.rotfl.pl/ * GG 1234 * Fido 2:480/138
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Next message: rlh_at_hush.ai: "[Full-disclosure] Researching IMISERV (wupdt.exe)"

Previous message: Sune Kloppenborg Jeppesen: "[Full-disclosure] [ GLSA 200507-06 ] TikiWiki: Arbitrary command execution through XML-RPC"
In reply to: ZATAZ Audits: "[Full-disclosure] ekg insecure temporary file creation and arbitrary code execution"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]