[UNIX] Aquonics File Manager Directory Traversal Vulnerability And Privilege Escalation
From: support@securiteam.comDate: 08/21/02
- Previous message: support@securiteam.com: "[NEWS] C_Verify Validates Incorrect Symmetric Signatures"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: support@securiteam.com To: list@securiteam.com Date: Wed, 21 Aug 2002 19:40:08 +0200 (CEST)
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -
Aquonics File Manager Directory Traversal Vulnerability And Privilege
Escalation
------------------------------------------------------------------------
SUMMARY
<http://www.aquonics.com/Premade/> Aquonics File Manager is a simple to
use script that allows you to control your files without the use of FTP.
Aquonics File Manager has been found to contain two security
vulnerabilities, a directory traversal vulnerability, and privilege
escalation vulnerability.
DETAILS
Vulnerable systems:
* Aquonics File Manager version 1.5
There are two bugs:
Directory traversal in source.php
Accessing the following URL:
www.vulnerable.url/filemanager/source.php?../../../../etc/passwd
Will allow an attacker to view the /etc/passwd file.
Privelege escalation
User with privilege to edit files can change userlist.cgi file. The
userlist.cgi file contains MD5 hashes of password. This makes it possible
for user without administrative privileges to manipulate user accounts.
ADDITIONAL INFORMATION
The information has been provided by <mailto:er4s3r at mail.ru> Eraser.
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: support@securiteam.com: "[NEWS] C_Verify Validates Incorrect Symmetric Signatures"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
- [Full-disclosure] [ GLSA 200707-10 ] Festival: Privilege elevation
... Title: Festival: Privilege elevation ... Konstantine Shirow reported a vulnerability
in default Gentoo ... Security is a primary focus of Gentoo Linux and ensuring the
... (Full-Disclosure) - [ GLSA 200707-10 ] Festival: Privilege elevation
... Title: Festival: Privilege elevation ... Konstantine Shirow reported a vulnerability
in default Gentoo ... Security is a primary focus of Gentoo Linux and ensuring the
... (Bugtraq) - SecurityFocus Microsoft Newsletter #165
... Tenable Security ... distribute, manage, and communicate vulnerability
and intrusion detection ... Microsoft Internet Explorer MHTML Forced File Execution Vuln...
... (Focus-Microsoft) - SecurityFocus Microsoft Newsletter #174
... This issue sponsored by: Tenable Network Security ... the worlds only 100% passive
vulnerability ... MICROSOFT VULNERABILITY SUMMARY ... Novell Netware Enterprise
Web Server Multiple Vulnerabilitie... ... (Focus-Microsoft) - [NT] Cumulative Security Update for Internet Explorer (MS04-038)
... The following security advisory is sent to the securiteam mailing list, and can be found at
the SecuriTeam web site: http://www.securiteam.com ... Get your security news from
a reliable source. ... CSS Heap Memory Corruption Vulnerability, ... Microsoft
Windows NT Server 4.0 Terminal Server Edition Service Pack 6 ... (Securiteam)
