 |
|
|
|
| Vulnerability details : |
| |
 |
|
Active Classifieds admin.cgi table_width Parameter Arbitrary Command Execution |
|
|
Fiche créée le 2004-04-09 05:52:18, dernière mise à jour le 2008-03-02 23:50:25
Active Classifieds contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue occurs because several subroutines in admin.cgi do not check for valid user authentication before processing input. This flaw may lead to execution of arbitrary code causing a loss of integrity.
|
| |
| Active Web Suite Technologies 1.0 Affected | | | Attack Type : Input Manipulation
XSS, SQL injection, file retrieval, directory traversal, overflows, URL encoding. | Découvert le 2001-06-27 07:00:00
| | Disclosure : OSVDB Verified | Confirmé le 2001-06-27 07:00:00
| | Exploit : Exploit Public | Exploit découvert le 2001-06-28 03:30:17
| Impact : Loss of Integrity
Assurance that data is unaltered by unauthorized persons.
Examples: XSS, arbitrary command execution, most overflows, most format strings, SQL injection, unauthorized file modification/deletion/creation, remote file inclusion, etc. | | | Location : Remote / Network Access
If network access if required and exploit can be done remotely. | | | OSVDB : Web Related
The vulnerability is a web issue and will have an associated security check. | | |
| |
| External refs : |
| OSVDB 12326 | | | | | | | | | | |
| |
| |
| |
| |
|
|
|
|
| Free consultation (search) |
|
|
|
|
|
| |
|
|
|
