13 matches found
EUVD-2002-2137
Malware in sbrugna...
CVE-2002-2158
zenTrack 2.0.3 and earlier allows remote attackers to obtain the full path to the web root via an invalid ticket ID, which leaks the path in an error message...
Zentrack 2.2/2.3/2.4 Index.PHP Remote File Include Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/7843/info A remote file include vulnerability has been reported for Zentrack. Due to insufficient sanitization of some user-supplied variables by the 'index.php' script, it is possible for a remote attacker to include a...
Zentrack index.php远程文件包含漏洞
BUGTRAQ: 7843 zenTrack包含的'index.php'脚本对用户提供的变量缺少充分过滤,远程攻击者可以利用这个漏洞以WEB权限在系统上执行任意命令。 zenTrack的'header.php'脚本包含如下代码: 1. : 2. $libDir = "/web/zentrack/includes"; 3. $rootUrl = "http://www.yourhost.com/zentrack"; 4. $DebugMode = 0; 5. $DemoMode = "off"; 6. $configFile = "$libDir/configVars.php"; 7. :...
CVE-2002-2158
zenTrack 2.0.3 and earlier allows remote attackers to obtain the full path to the web root via an invalid ticket ID, which leaks the path in an error message...
CVE-2002-2158
The CVE CVE-2002-2158 affects zenTrack 2.0.3 and earlier and causes an information disclosure: remote attackers can obtain the full path to the web root via an invalid ticket ID, leaking the path in an error message. The available documents confirm the affected software/component (zenTrack) and t...
zenTrack Remote Command Execution Vulnerabilities
Subject: zenTrack Remote Command Execution Vulnerabilities Author: farking [email protected] Product: zenTrack 2.4.1 latest and below Vendor: http://zendocs.phpzen.net/zentrack / http://sourceforge.net/projects/zentrack/ Status: Vendor contacted 27/05/2003 Location:...
zenTrack index.php configFile Parameter Traversal Arbitrary Files Access
It is possible to make the remote web server show the content of arbitrary files by making requests like : index.php?configFile=../../../../../../../../../../etc/passwd %NASLMINLEVEL 70300 C Tenable Network Security, Inc. Ref: Subject: Re: zenTrack Remote Command Execution Vulnerabilities From:...
Zentrack 2.22.32.4 - index.php Remote File Inclusion
Zentrack 2.22.32.4 - index.php Remote File Inclusion source: https://www.securityfocus.com/bid/7843/info A remote file include vulnerability has been reported for Zentrack. Due to insufficient sanitization of some user-supplied variables by the 'index.php' script, it is possible for a remote...
zenTrack index.php Multiple Parameter Remote File Inclusion
It is possible to make the remote host include php files hosted on a third-party server using the version of zenTrack installed on the remote host. An attacker may use this flaw to inject arbitrary code and to gain a shell with the privileges of the web server on the affected host. %NASLMINLEVEL...
Zentrack 2.2/2.3/2.4 - 'index.php' Remote File Inclusion
source: https://www.securityfocus.com/bid/7843/info A remote file include vulnerability has been reported for Zentrack. Due to insufficient sanitization of some user-supplied variables by the 'index.php' script, it is possible for a remote attacker to include a malicious PHP file in a URL. If the...
CVE-2002-2158
zenTrack 2.0.3 and earlier allows remote attackers to obtain the full path to the web root via an invalid ticket ID, which leaks the path in an error message...
[ARL02-A14] ZenTrack System Information Path Disclosure Vulnerability
+/---------------- ALPER Research Labs ------/--------/+ +/---------------- Security Advisory -----/---------/+ +/---------------- ID: ARL02-A14 ----/----------/+ +/---------------- [email protected] ---/-----------/+ Advisory Information -------------------- Name : ZenTrack System Information...