Code injection

WebSpeed 3.x in OpenEdge 10.x in Progress Software Progress 9.1e, and certain other 9.x versions, allows remote attackers to cause a denial of service infinite loop and daemon hang via a messenger URL that invokes edit.r with no additional parameters, as demonstrated by requests for cgiip.exe or...

Disable website access for sites running Webspeed

edit.r Busy agents exploit. 1-5-2007 author: Eelko Neven discovered: 28-4-2007 tested: Windows 2000 server & Windows 2003 server Because of poor security in edit.r it is possible to put all agents in busy mode. First you have to find the messenger execution url. For example:...