Vidalia bundle prior to 0.1.2.18, when running on Windows, installs Privoxy with a configuration file (config.txt or config) that contains an insecure enable-remote-http-toggle setting, which allows remote malicious users to bypass intended access restrictions and modify configuration.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
vidalia-project vidalia_bundle |
Vulmon