Press CTRL-D to bookmark us
Welcome Guest Login / Register / Members
Search in  
Top Submit newsSubscribe
Communication | Computer Crime | Digital Audio, Video, Photo | General News | Hardware | Internet | Mobile | PDA | Security | Software | Vulnerability |
Previous articleBack to news listNext article
 

 Sponsored links

Want to become one of our authors and see your work published on ALLSeek.iNFO ?
 
 HTML::Merge Input Validation Hole in 'printsource.pl' Lets Remote Users Execute Commands
Categorie: Computer Crime
Posted: 2004-11-03 by ReCall
Views: 602
Source: Click here
 		Current Rating: Not rated
Poor Best
 Details
Description: A vulnerability was reported in HTML::Merge. A remote user can execute shell commands on the target system.

The vendor reported that 'printsource.pl' does not properly validate user-supplied input in the 'template' parameter. A remote user can supply specially crafted input to execute shell commands on the target system with the privileges of the target web service.

Impact: A remote user can execute shell commands on the target system with the privileges of the target web service.

Solution: The vendor has released a fixed version (3.43), available at:

http://sourceforge.net/project/showfiles.php?group_id=47854

A patch is also available at:

http://sourceforge.net/tracker/download.php?group_id=47854&atid=451105&file_id=106241&aid=1052924
 
Syndication
Permalink Email this

The URI to TrackBack this entry is:
http://allseek.info/news/trackback.php?id=1056

User comments (post your comments here)

Only registerd members can post comments and articles
 
Previous articleBack to news listNext article
 


InterJOB.su
Bookmark us | Set As Homepage | Advertising | Contact Us | Recomend us | Link us | Links | Terms

SpyLOG Page Rank Checker
LAST QUERIES