Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Bugtraq
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: KF Web Server 3.1.0 admin console XSS

from [support] Network Security [Permanent Link]
Subject: Re: KF Web Server 3.1.0 admin console XSS
Date: 26 Jun 2007 13:26:10 -0000 
Thank you Shay for finding this issue and taking the time to test our product.

We consider this issue to be of minor severity as it does not affect web sites 
hosted by the web server.

The problem is not in the web server itself but in the admin script hosted by 
the server. In order to access this script the attacker would need to be logged 
onto the server locally and have the admin password. With that level of access 
they would already have complete control of the web server configuration, in 
effect root access, so there would be no need to use this technique.

We do take this issue and all security issues seriously and have issued a patch 
which can be downloaded from our web site.

http://www.keyfocus.net/kfws/download/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  SYMSA-2007-004: Multiple Vulnerabilities in Xythos Server Products, research
Next by Date:  RE: "run as" local denial-of-service enables administrative account processes to be killed, James C. Slora Jr.
Previous by Thread:  KF Web Server 3.1.0 admin console XSS, imprili
Next by Thread:  Ingres Unauthenticated Pointer Overwrite 2, NGSSoftware Insight Security Research
Indexes:  [Date] [Thread] [Top] [All Lists]