SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   Application (Generic)  >   eBD Vendors:   Oasys Soft
eBD Lets Remote Authenticated Users Modify Images
SecurityTracker Alert ID:  1016326
SecurityTracker URL:  http://securitytracker.com/id/1016326
CVE Reference:   CVE-2006-2349   (Links to External Site)
Updated:  Oct 13 2008
Original Entry Date:  Jun 19 2006
Impact:   Modification of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 3.1.4 and other versions
Description:   A vulnerability was reported in eBD. A remote authenticated user can modify images on the target system.

The eBusiness Designer (eBD) HTML editor allows a remote authenticated user to modify images in the '/imgfiles' folder.

Impact:   A remote authenticated user can modify certain images on the target system.
Solution:   The vendor has issued a patch for version 3.1.4, available at:

http://lists.oasyssoft.com/ebd-devel/200605/binNr7awTFdvt.bin

Patches for other versions are also available.

Vendor URL:  www.oasyssoft.com/ (Links to External Site)
Cause:   Not specified
Underlying OS:   BeOS, Linux (Any), UNIX (Any), Windows (Any)

Message History:   None.


 Source Message Contents

Date:  16 Jun 2006 08:32:07 -0000
Subject:  Re: Several flaws in e-business designer (eBD)

A Bug in the eBD HTML editor has been discovered. It will allow an user to modify the images of the /imgfiles folder (the files raised
 in the option resources > images).

 
Oasyssoft, the producer, has installed the patch in all our servers, so all MyeBD users are updated since the end of may.
 
Anyway, you will find here the emergency Patch instalation http://lists.oasyssoft.com/ebd-devel/200605/binNr7awTFdvt.bin  for being
 installed at your servers. Althought this patch is for version 3.1.4, it is also available in all eBD versions.

The other mentioned vulnerabilities have no relation to eBD. System Managers are in charge of configuring their servers in a secure
 way, whether or not they are executing eBD .

If you require further information, please contact us at ebd.soporte@oasyssoft.com.

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2014, SecurityGlobal.net LLC