Vulners
Lucene search
BB4 Big Brother Network Monitor 1.5 d2 bb-hist.sh HISTFILE Parameter File Existence Disclosure
source : http://www.securityfocus.com/bid/1971/info
Big Brother Network Monitor is a robust, feature rich network monitoring package produced by BB4 Technologies. A problem exists that can allow remote account guessing.
The problem occurs in the Common Gateway Interface package included with Big Brother, which runs on the Big Brother Display Server. The CGI is responsible for statistical posting of network operations on the Big Brother Display Server, an interface which is accessible via Web Browser. Due to insufficient handling of input, it is possible to verify the existance of sensitive files and valid user accounts through the the CGI of the Display Server. Yielding this information to a malicious user could result in a targeted brute force password cracking attack.
The following files are affected by this flaw:
bb-hist.sh
bb-histlog.sh
bb-hostsvc.sh
bb-rep.sh
bb-replog.sh
bb-ack.sh
http://www.victim.com/cgi-bin/bb-hist.sh?HISTFILE=/home/*
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
01 Jul 2014 00:00Current
7.1High risk
Vulners AI Score7.1