>From FMS
SomeDude at NuBL7aaJ6Cn4fB7GXFb9Zfi8w1FhPyW3oKgU9TweZMw wrote: > falafel at IxVqeqM0LyYdTmYAf5z49SJZUxr7NtQkOqVYG0hvITw wrote: >> me again, Toad on FMS: >> >> [16:14] <toad_> Tommy[D]: therefore it is not worth my time to code >> review it, especially as it's had obscure C-based remote code exec vulns >> >> anyone know what these "remote code exec vulns" were? > > There was an issue with form submission that would let another site pass > its own form parameters to FMS. Also, before the captchas were > validated, it could have been possible to put some nasty code in them > instead of an image. > > Anyway, this argument is about as valid as saying that since Freenet has > known vulnerabilities, and you aren't really anonymous using it, you > shouldn't run it at all. > > This looks like a typical reaction: > A bug in Freenet: It's OK, it doesn't really leak a whole lot of info > about our users. We'll fix it eventually. > A bug in FMS implementation: OMG, STOP USING IT FOREVER!!!!
