FYI http://bit.ly/dUdvv
"There have been a high number of Cold Fusion web sites being
compromised in last 24 hours. We received several e-mails about this.
It appears that the attackers are exploiting web sites which have
older installations of some Cold Fusion applications. These
applications have vulnerable installations of FCKEditor, which is a
very popular HTML text editor, or CKFinder, which is an Ajax file
manager. The vulnerable installations allow the attackers to upload
ASP or Cold Fusion shells which further allow them to take complete
control over the server."
I have known about this for a few months now, but had to be silent on
it. Adobe hasn't patched it (yet) but the attacks are in the wild...
-dhs
Dean H. Saxe, CISSP, CEH
[email protected]
"If liberty means anything at all, it means the right to tell people
what they do not want to hear."
-- George Orwell, 1945
-------------------------------------------------------------
To unsubscribe from this list, manage your profile @
http://www.acfug.org?fa=login.edituserform
For more info, see http://www.acfug.org/mailinglists
Archive @ http://www.mail-archive.com/discussion%40acfug.org/
List hosted by http://www.fusionlink.com
-------------------------------------------------------------
