DDIVRT-2013-51 DALIM Dialog Server 'logfile' Local File Inclusion
High
February 14, 2013
Digital Defense, Inc. Vulnerability Research Team
Credit: 0x00string, Ryan Oliver and r@b13$
The DALIM Dialog Server contains a local file inclusion vulnerability within the 'logfile' file viewing component. An authenticated remote attacker can use this weakness to view arbitrary files from the DALIM Dialog Server's root file system.
DALIM has provided a software update which addresses this issue in the form of DiALOG_Server-6.0.0.0-113. The update is available from DALIM.
Apple Mac OS X running DALIM Dialog server 6.0
Vendor Name: Dalim Software GmbH
Vendor Website: http://www.dalim.com/