[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] Solved -Several flaws in e-business designer (eBD)

To: <full-disclosure@xxxxxxxxxxxxxxxxx>
Subject: [Full-disclosure] Solved -Several flaws in e-business designer (eBD)
From: "Blanca Pons de Dalmases" <bpons@xxxxxxxxxxxxx>
Date: Fri, 16 Jun 2006 10:32:44 +0200

A Bug in the eBD HTML editor has been discovered. It will allow an user to 
modify the images of the /imgfiles folder (the files raised in the option 
resources > images).


Oasyssoft, the producer, has installed the patch in all our servers, so all 
MyeBD users are updated since the end of may.

Anyway, you will find here the emergency Patch instalation 
http://lists.oasyssoft.com/ebd-devel/200605/binNr7awTFdvt.bin  for being 
installed at your servers. Althought this patch is for version 3.1.4, it is 
also available in all eBD versions.

The other mentioned vulnerabilities have no relation to eBD. System Managers 
are in charge of configuring their servers in a secure way, whether or not they 
are executing eBD .

If you require further information, please contact us at 
ebd.soporte@xxxxxxxxxxxxxx

Blanca Pons 
bpons@xxxxxxxxxxxxx
Dir. Marketing y Comunicacióne-business designerC/ Sardenya 56 Local
08005 Barcelona
Tel: 902 181 349
Fax: 932 217 303
www.oasyssoft.com2655 Le Jeune Rd. Suite 517
Coral Gables, FL 33134 United States
Phone: +1(305) 448 2148
Fax: +1(305) 448 0097
www.ebdsoft.com
eBD es un producto OasyssoftEste mensaje (así como los archivos adjuntos o los 
links que contiene) puede contener información privilegiada o confidencial. Si 
no es usted el destinatario indicado, queda notificado de que la utilización, 
divulgación y/o copia sin autorización está prohibida en virtud de la 
legislación vigente. Si ha recibido este mensaje por error, le rogamos que nos 
lo comunique inmediatamente por esta misma vía y proceda a su destrucción.

This email (and any attachments or hyperlinks within it) may contain 
information that is confidential, legally privileged or otherwise protected 
from disclosure. If you are not the intended recipient of this email, you are 
not entitled to use, disclose, distribute, copy, print, disseminate or rely on 
this email in any way. If you have received this email in error, please notify 
the sender immediately by telephone or email and destroy it, and all copies of 
it.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] Solved -Several flaws in e-business designer (eBD)
  - From: Joxean Koret

Prev by Date: [Full-disclosure] Zeroboard File Upload & extension bypass Vulnerability
Next by Date: Re: [Full-disclosure] RE: MySQL DoS
Previous by thread: [Full-disclosure] Zeroboard File Upload & extension bypass Vulnerability
Next by thread: Re: [Full-disclosure] Solved -Several flaws in e-business designer (eBD)
Index(es):
- Date
- Thread