[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] DDIVRT-2013-51 DALIM Dialog Server 'logfile' Local File Inclusion

To: <full-disclosure@xxxxxxxxxxxxxxxxx>
Subject: [Full-disclosure] DDIVRT-2013-51 DALIM Dialog Server 'logfile' Local File Inclusion
From: ddivulnalert <ddivulnalert@xxxxxxxxxxxxxxxx>
Date: Wed, 6 Mar 2013 15:03:56 -0600

Title
-----
DDIVRT-2013-51 DALIM Dialog Server 'logfile' Local File Inclusion

Severity
--------
High

Date Discovered
---------------
February 14, 2013

Discovered By
-------------
Digital Defense, Inc. Vulnerability Research Team
Credit: 0x00string, Ryan Oliver and r@b13$

Vulnerability Description
-------------------------
The DALIM Dialog Server contains a local file inclusion vulnerability within 
the 'logfile' file viewing component. An authenticated remote attacker can use 
this weakness to view arbitrary files from the DALIM Dialog Server's root file 
system.

Solution Description
--------------------
DALIM has provided a software update which addresses this issue in the form of 
DiALOG_Server-6.0.0.0-113. The update is available from DALIM.

Tested Systems / Software
-------------------------
Apple Mac OS X running DALIM Dialog server 6.0

Vendor Contact
--------------
Vendor Name: Dalim Software GmbH
Vendor Website: http://www.dalim.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: [Full-disclosure] [ MDVSA-2013:018 ] openssl
Next by Date: [Full-disclosure] [ MDVSA-2013:019 ] gnutls
Previous by thread: [Full-disclosure] [ MDVSA-2013:018 ] openssl
Next by thread: [Full-disclosure] [ MDVSA-2013:019 ] gnutls
Index(es):
- Date
- Thread