eZ publish Multiple Kernel Script Path Disclosure

2003-04-15T04:58:32
ID OSVDB:6561
Type osvdb
Reporter OSVDB
Modified 2003-04-15T04:58:32

Description

Manual Testing Notes

http://[victim]/kernel/class/delete.php http://[victim]/kernel/class/edit.php http://[victim]/kernel/class/ezcontentclassfeature.php http://[victim]/kernel/class/groupedit.php http://[victim]/kernel/class/grouplist.php http://[victim]/kernel/class/list.php http://[victim]/kernel/class/removeclass.php http://[victim]/kernel/class/removegroup.php http://[victim]/kernel/class/classlist.php http://[victim]/kernel/class/copy.php http://[victim]/kernel/classes/ezorderitem.php http://[victim]/kernel/classes/ezpersistentobject.php http://[victim]/kernel/classes/ezpolicy.php http://[victim]/kernel/classes/ezpolicylimitation.php http://[victim]/kernel/classes/ezpolicylimitationvalue.php http://[victim]/kernel/classes/ezproductcollection.php http://[victim]/kernel/classes/ezproductcollectionitem.php http://[victim]/kernel/classes/ezproductcollectionitemoption.php http://[victim]/kernel/classes/ezrole.php http://[victim]/kernel/classes/ezsearch.php http://[victim]/kernel/classes/ezsearchlog.php

References:

Vendor URL: http://ez.no/ Secunia Advisory ID:8606 Other Advisory URL: http://www.security-corporation.com/advisories-016.html Mail List Post: http://marc.theaimsgroup.com/?l=bugtraq&m=105042108428171&w=2 ISS X-Force ID: 11798 Bugtraq ID: 7349