Date index for Nov 2003

Security Hole - Is this fixed

• To: "'Date: Thu, 6 Nov 2003 16:17:53 +1300
• Delivered-to: mailing list achievo dot 
• Mailing-list: contact achievo-help dot 

Hi,

I was just doing some background research on Achievo and found the following
security bulletin.

http://www.securiteam.com/unixfocus/5SP0R1F80W.html

The bulletin says that the hole was fixed in 0.82, but doesn't
atk/javascript/class.atkdateattribute.js.inc still include the same bug?  Or
is it not possible for a web server to directly execute this file the way
that the security bulletin describes?  I'm afraid I'm showing my ignorance
of the inner workings of php here!

Chris Cameron
Product Delivery Manager
E-Mail: chris.cameron dot 
DDI:(+64) 6 377 7824
Mobile: (+64) 21 350 706
Vending Management Services Ltd
http://www.vmsl.co.nz

CAUTION: This message may contain privileged and confidential information
intended only for the use of the addressee named above. If you are not the
intended recipient of this message, you are hereby notified that any use,
dissemination, distribution, or reproduction of this message is prohibited.
If you have received this message in error, please notify Vending Management
Services Limited immediately.  Any views expressed in this message are those
of the individual sender and may not necessarily reflect the views of
Vending Management Services Limited.

• Follow-Ups:
  • Re: [achievo] Security Hole - Is this fixed
    • From: Ivo Jansch

• Prev by Date: doesnt save records
• Next by Date: release date
• Previous by thread: RE: [achievo] observation of 1.0 RC2
• Next by thread: Re: [achievo] Security Hole - Is this fixed
• Index(es):
  • Date
  • Thread