On 7 Oct 2010, at 07:13, aero wrote:
My company's security team found a security flaws in opsview. even
for 3.9.0
Someone can execute shell command via URL( ex. http://opsviewurl/cgi-nmis/admin.pl?admin=ping&node=10.10.10.10
| ls -l )
Hi Kang,
Thanks for the report. The patch is here: https://secure.opsera.com/wsvn/wsvn/opsview?op=comp&compare
[]=%2ftr...@5159&compare[]=%2ftr...@5160
You are already on our contributor's list:
http://opsview.com/community/developer-zone/contributors
Unless you want me to change it to your full name?
Ton
_______________________________________________
Opsview-users mailing list
[email protected]
http://lists.opsview.org/lists/listinfo/opsview-users
