Maybe they'll do something about it now. Their most recent position was that they would fix it in CF9. Too late...
________________________________ From: Dean H. Saxe <[email protected]> To: [email protected] Sent: Thursday, July 2, 2009 5:13:41 PM Subject: [ACFUG Discuss] CF Attacks in the wild FYI http://bit.ly/dUdvv "There have been a high number of Cold Fusion web sites being compromised in last 24 hours. We received several e-mails about this. It appears that the attackers are exploiting web sites which have older installations of some Cold Fusion applications. These applications have vulnerable installations of FCKEditor, which is a very popular HTML text editor, or CKFinder, which is an Ajax file manager. The vulnerable installations allow the attackers to upload ASP or Cold Fusion shells which further allow them to take complete control over the server." I have known about this for a few months now, but had to be silent on it. Adobe hasn't patched it (yet) but the attacks are in the wild... -dhs Dean H. Saxe, CISSP, CEH [email protected] "If liberty means anything at all, it means the right to tell people what they do not want to hear." -- George Orwell, 1945 ------------------------------------------------------------- To unsubscribe from this list, manage your profile @http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com ------------------------------------------------------------- ------------------------------------------------------------- To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -------------------------------------------------------------
