ush.it - a beautiful place

Remote Command Execution in Moodle

December 16, 2008 at 4:30 pm - Filed under Hacks, Language EN - 926 words, reading time ~3 minutes - Permalink - Comments

Last week we released on Bugtraq and FD an advisory about a remote command execution in Moodle 1.9.3. Unluckily the vendor refused to issue a security release to allow an easy fix of the problem since there are too many issues related to register_globals On in Moodle. We strongly advise end users to manually disable the vulnerable code removing the file "filter/tex/texed.php" ad exploits are emerging in the wild.

Slides @System 2008 - Dipartimento di Informatica dell'Universita' di Pisa

December 16, 2008 at 3:58 pm - Filed under Team, Insecurity, Language IT - 397 words, reading time ~1 minutes - Permalink - Comments

@System ha organizzato il giorno 11 Dicembre 2008, presso il Dipartimento di Informatica dell'Universita' di Pisa, un workshop al quale abbiamo contribuito come relatori proponendo due diversi seminari. Di seguito potete trovare entrambe le presentazioni in formato PDF.

THP USH Wisec DigitalBullets