Lucene search
Niels HeinenEDB-ID:25080HistoryFeb 02, 2005 - 12:00 a.m.
Newsgrab 0.5.0pre4 - Multiple Local/Remote Vulnerabilities
2005-02-0200:00:00
Niels Heinen
www.exploit-db.com
14
6.9 Medium
AI Score
Confidence
Low
source: https://www.securityfocus.com/bid/12428/info
Newsgrab is reported prone to multiple vulnerabilities. The following individual issues are reported:
Newsgrab is reported prone to a directory traversal vulnerability. This vulnerability exists because the software does not sufficiently sanitize directory traversal sequences from filenames before the filename is employed to store the file onto disk.
A remote attacker may exploit this vulnerability by supplying a malicious file to a target victim. This vulnerability has been assigned the CVE identifier CAN-2005-0153.
Newsgrab is reported prone to an unspecified insecure permissions vulnerability.
A local attacker may exploit this vulnerability to disclose potentially sensitive information that is contained in files that were downloaded using newsgrab. This vulnerability has been assigned the CVE identifier CAN-2005-0154.
A file containing the name '../../../../etc/rc.local' and the mode 777 could cause newsgrab to drop the file at /etc/rc.local with 777 permissions.Related
exploitpack
exploitpack
Newsgrab 0.5.0pre4 - Multiple LocalRemote Vulnerabilities
2005-02-02 00:00:00
seebug
seebug
Newsgrab 0.5.0pre4 Multiple Local And Remote Vulnerabilities
2014-07-01 00:00:00
openvas
openvas
FreeBSD Ports: newsgrab
2008-09-04 00:00:00
FreeBSD Ports: newsgrab
2008-09-04 00:00:00
FreeBSD Ports: newsgrab
2008-09-04 00:00:00
cve
cve
CVE-2005-0153: newsgrab file names directory traversal
2005-02-02 00:00:00
CVE-2005-0154: newsgrab newsgrab.pl file information disclosure
2005-02-02 00:00:00
nessus
nessus
freebsd
freebsd
newsgrab -- directory traversal vulnerability
2005-01-18 00:00:00
newsgrab -- insecure file and directory creation
2005-01-18 00:00:00