In association with heise online

08 June 2009, 16:26

Several critical vulnerabilities in Kloxo hosting platform

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

According to an advisory from Milw0rm, the web hosting platform Kloxo (formerly Lxadmin) from lxlabs, billed by them as the most advanced and flexible hosting platform on this planet, contains 24 security vulnerabilities and exploits. Among them are SQL injection vulnerabilities, symlink attack vulnerabilities, vulnerabilities that allow gaining full access to any file on the system, and many more. Additionally, Kloxo installations also use several different default passwords in their database, which could easily be used by an attacker. According to the Internet Storm Center, some of the vulnerabilities are already being exploited in the wild.

The vulnerabilities are confirmed to affect version 5.75 of Kloxo. The current 6.0 release may also be affected, however, more information is not available at this time. The developers have been advised of these problems.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit