4images Forum & Community

4images Issues / Ausgaben => Discussion & Troubleshooting => Topic started by: .Infecto on December 07, 2015, 01:33:27 AM

Title: Exploits - gefährlich? Fixed?
Post by: .Infecto on December 07, 2015, 01:33:27 AM

Hallo zusammen,

ich bin im Web auf folgendes gestossen:

Betrifft 4images 1.7.11, 1.7.12
Allgemein: https://blog.curesec.com/

Quote

VulDB: 4images bis 1.7.11 admin/categories.php cat_description Cross Site Scripting
http://www.scip.ch/?vuldb.78256

Quote

4images 1.7.11 ( Ddos / Flood ) Exploit
https://www.youtube.com/watch?v=mKqnfqkgkfA

Quote

4images 1.7.11: Code Execution Exploit
https://blog.curesec.com/article/blog/4images-1711-Code-Execution-Exploit-117.html

Quote

4images 1.7.11 File Inclusion
https://packetstormsecurity.com/files/132335/4images-1.7.11-File-Inclusion.html

Quote

4images 1.7.11 Cross Site Scripting
https://packetstormsecurity.com/files/133712/4images-1.7.11-Cross-Site-Scripting.html

Quote

4images 1.7.11: Code Execution
https://blog.curesec.com/article/blog/4images-1711-Code-Execution-105.html

Quote

4images 1.7.12: XSS
https://blog.curesec.com/article/blog/4images-1712-XSS-110.html

Title: Re: Exploits - gefährlich? Fixed?
Post by: Rembrandt on December 07, 2015, 05:14:28 AM

Hast du auch gelesen was darunter steht?

Quote

6. Solution
To mitigate this issue please upgrade at least to version 1.7.13:
http://www.4homepages.de/download-4images

Title: Re: Exploits - gefährlich? Fixed?
Post by: .Infecto on December 07, 2015, 01:46:07 PM

Ne, überlesen.
Ok, danke!