Results 1 to 3 of 3
  1. #1

    Acollab Vulnerabilities

    Please have a look at this vulnerabilities article:
    it contains 3 Vulnerabilities in acollab system
    can you help me with a fix for them??

    The Article:

    Russ McRee has discovered some vulnerabilities in ACollab, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct cross-site scripting and cross-site request forgery attacks.

    1) Input passed to the "f" parameter in sign_in.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

    2) Input passed via e.g. the "address" parameter in profile.php or the "description" parameter in events/add_event.php is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session when the malicious data is viewed.

    3) The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. add members or groups when a logged-in administrator visits a specially crafted web page.

    The vulnerabilities are confirmed in version 1.2. Other versions may also be affected.

  2. #2
    Join Date
    Apr 2007
    Calgary, Canada
    Your best bet is to contact the developers of acollab, unless you're willing to pay someone to manually fix the vulnerabilities.

  3. #3
    they told me they stopped supporting it

Similar Threads

  1. 28 XSS vulnerabilities???
    By jalapeno55 in forum Hosting Security and Technology
    Replies: 1
    Last Post: 06-24-2008, 09:41 PM
  2. PHP vulnerabilities announced!
    By bostongio in forum Hosting Security and Technology
    Replies: 5
    Last Post: 12-17-2004, 03:05 PM
  3. vulnerabilities forum
    By Ash in forum WHT Announcements, Feedback and Questions
    Replies: 1
    Last Post: 08-13-2004, 12:30 PM
  4. New Moz/NS vulnerabilities (8-3-04)
    By the_pm in forum Web Hosting Lounge
    Replies: 8
    Last Post: 08-03-2004, 07:14 PM
  5. PHP remote vulnerabilities
    By ellebi in forum Dedicated Server
    Replies: 5
    Last Post: 03-04-2002, 02:17 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts