Advertisement

Latest News

[ Windows | Linux | Apple ]

· Gigabyte Intel Z87 Motherboard Lineup Preview and more
· Microsoft to roll out Xbox dashboard UI alterations before next-gen console
· Adobe Photoshop Express now available for Windows 8 and RT
· GNOME 3.8.2 Released
· Windows 8 is an enterprise 'non-starter' because IT sees no value in changes
· What to Expect from Unity in Ubuntu 13.10
· Analysts praise Nokia's new Lumia 925
· Best Business Laptops - May 2013 and more
· openSUSE 13.1 Milestone 1 released
· How to Install Cinnamon 1.8 on Ubuntu 13.04

Upcoming News

· Gigabyte Intel Z87 Motherboard Lineup Preview
· [ANNOUNCE] libchamplain 0.12.4
· [security-announce] SUSE-SU-2013:0810-1: important: Security update for oracle-update
· [security-announce] SUSE-SU-2013:0811-1: important: Security update for oracle-update
· [security-announce] SUSE-SU-2013:0809-1: important: Security update for Acrobat Reader
· Rosewill RDEE-12002 USB 3.0 Hard Drive Enclosure @ techPowerUp
· ASUS M5A97 R2.0 Motherboard @ Hardware Secrets
· Samsung Galaxy S4 Smartphone Review @ HardwareHeaven.com
· [RHSA-2013:0832-01] Important: kernel security update
· [Tech ARP] Hard Disk Drive Myths Debunked! Rev. 5.1

Linux Compatibility

· Dell Dimension 9100
· CL-CAM50001 UPC=3700284609322
· DFE 520 TX
· nVidia GeForce4 MX 440
· Gore: Ultimate Soldier
· SMC2802W V2 wi-fi 54Mbps PCI card
· Wireless modem router N300
· Dell P780
· ASUS A7V8X
· BricsCAD for Linux

New Forum Topics

· shutdown link ?
by: estirwent
on: 2013-05-11 17:46
18 replies, 6285 views

· Laptop keyboard drank soda
by: Zenn
on: 2013-04-30 00:27
1 replies, 623 views

· connecting to to internet with ubuntu
by: Zenn
on: 2013-04-30 00:26
2 replies, 4474 views

· Need Linux-compatible PS/2 expansion card
by: Zenn
on: 2013-04-30 00:26
1 replies, 690 views

· irql_not_less_or_equal blue screen
by: Zenn
on: 2013-04-30 00:25
2 replies, 1076 views

News Channels

· Drivers
· Guides
· Reviews
· Security
· Software
· Press Release
· Updates
· Interviews
· Linux
· General
· Debian
· Red Hat
· Slackware
· Gentoo
· Mandriva
· White Box
· SUSE
· GNOME
· KDE
· CentOS
· Ubuntu
· MEPIS
· Android

What's New

Login to see an overview of all news stories since your last visit.

Welcome to our website

To take full advantage of all features you need to login or register. Registration is completely free and takes only a few seconds.

ispCP 1.0.6 Security: Backup Restore Manager

Posted by Philipp Esselbach on: 08/29/2010 06:34 PM [ Print | 0 comment(s) ]

A critical vulnerability has been discovered in the Backup/Restore manager of ispCP

Today another critical security issue has been found. All ispCP Omega versions are effected.
It is possible to use the ispCP Client Backup Manager to restore forged backups and - in worst case - gain control over the server system.

We strongly recommend to fix the described security issue by disabling the backup restore routine. For this open the ispcp-dmn-mngr in /var/www/ispcp/engine/ and search for

Code:
sub dmn_restore_data {

add
Code:
exit 1;

directly in the next line.

We try to deliver a patch as fast as possible. You can follow the status in ticket: 2440

Read more

Additionally, the phpMyAdmin version that ships with ispCP Omega 1.0.6 have several serious XSS vulnerabilities. To upgrade to the latest version of phpMyAdmin:

cp /var/www/ispcp/gui/tools/pma/config.inc.php ~/
aptitude update && aptitude install subversion -R
svn export http://isp-control.net:800/ispcp_svn/trunk/gui/tools/pma /var/www/ispcp/gui/tools/pma
cp ~/config.inc.php /var/www/ispcp/gui/tools/pma/
sh /var/www/ispcp/engine/setup/set-gui-permissions.sh

All products mentioned are registered trademarks or trademarks of their respective owners.
© 2002-2013 Esselbach Internet Solutions - All Rights Reserved. Terms and privacy policy
Powered by Contentteller® Business Edition