Re: ekg insecure temporary file creation and arbitrary code execution

To: ZATAZ Audits <exploits@xxxxxxxxx>
Subject: Re: ekg insecure temporary file creation and arbitrary code execution
From: Adam Wysocki <gophi@xxxxxxxxx>
Date: Wed, 6 Jul 2005 22:05:09 +0200 (CEST)
Cc: vuldb@xxxxxxxxxxxxxxxxx, vuln@xxxxxxxxxxx, vuln@xxxxxxxxxx, moderators@xxxxxxxxx, bugs@xxxxxxxxxxxxxxxxxxx, submissions@xxxxxxxxxxxxxxxxxxxxxxx, news@xxxxxxxxxxxxxx, xforce@xxxxxxx, bugtraq@xxxxxxxxxxxxxxxxx, vulnwatch@xxxxxxxxxxxxx, full-disclosure@xxxxxxxxxxxxxxxxx
In-reply-to: <42CA2DDB.5030606@xxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
References: <42CA2DDB.5030606@xxxxxxxxx>

05.07.05 exploits@xxxxxxxxx wrote:

> Vendor informed: yes

Hi,

What do you understand by "Vendor informed"? We haven't received any 
email from you neither to private addresses nor ekg-users/ekg-devel 
mailing lists. Please also note that the script you pointed at is 
contributed by a third-party author and isn't part of ekg itself, 
neither is installed by default.

Greetings,

Adam Wysocki
ekg team

-- 
Adam Wysocki * http://www.gophi.rotfl.pl/ * GG 1234 * Fido 2:480/138

References:
- ekg insecure temporary file creation and arbitrary code execution
  - From: ZATAZ Audits

Prev by Date: [ GLSA 200507-06 ] TikiWiki: Arbitrary command execution through XML-RPC
Next by Date: eRoom Multiple Security Issues
Previous by thread: ekg insecure temporary file creation and arbitrary code execution
Next by thread: Imail Cookie Vulnerability (unhashed)
Index(es):
- Date
- Thread