Jump to ContentJump to Navigation/Login
` ` ` ` ` `

Login
[Register]

Subscribe to Updates

Occasional ATutor release updates


Services

Members Online

    (6 guests in past 15 min.)

    Web Accessibility Course

    Access Understanding Web Accessibility to learn about accessibility, or Register to take the course for FREE.

    Home > Forums > ATutor Bug Reports > Acollab Vulnerabilities

    Support Forums

    ATutor Bug Reports

    Acollab Vulnerabilities


    You must be signed-in to post.

    AuthorSubject
      Page: 1
    thesecret
    		Subject: Acollab VulnerabilitiesQuote this post in your reply
    Please have a look at this:
    secunia.com/advisories/35173/
    it contains 3 Vulnerabilities in acollab system

    can you help me with a fix for them??
    Posted: 2009-07-17 14:15:05
    greg

    Avatar for greg
    		Subject: Re: Acollab VulnerabilitiesQuote this post in your reply
    ACollab has not been maintained for a couple years. It has been replaced by ATutor feature.
    Posted: 2009-07-17 14:25:58
    thesecret
    		Subject: Re: Acollab VulnerabilitiesQuote this post in your reply
    yes that's ok
    but you have recently added acollab as an addon for atutor.
    so these Vulnerabilities are still dangerous


    moreover I adore the simplicity of acollab, if these Vulnerabilities are fixed, I may use it as a standalone
    Posted: 2009-07-17 14:40:14
    greg

    Avatar for greg
    		Subject: Re: Acollab VulnerabilitiesQuote this post in your reply
    Sorry. No more work is being done on ACollab. We can not encourage its use.

    These are just trivial bugs. "Dangerous" is a gross exaggeration of their seriousness.

    You are welcome to edit the source code yourself. The data in question probably just needs addslashes() or intval() wrapped around them before they get output to ACollab.
    Posted: 2009-07-21 12:25:17
     Page: 1

    You must be signed-in to post.