- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 25080
- Проверка EDB
-
- Пройдено
- Автор
- NIELS HEINEN
- Тип уязвимости
- REMOTE
- Платформа
- LINUX
- CVE
- cve-2005-0153
- Дата публикации
- 2005-02-02
Код:
source: https://www.securityfocus.com/bid/12428/info
Newsgrab is reported prone to multiple vulnerabilities. The following individual issues are reported:
Newsgrab is reported prone to a directory traversal vulnerability. This vulnerability exists because the software does not sufficiently sanitize directory traversal sequences from filenames before the filename is employed to store the file onto disk.
A remote attacker may exploit this vulnerability by supplying a malicious file to a target victim. This vulnerability has been assigned the CVE identifier CAN-2005-0153.
Newsgrab is reported prone to an unspecified insecure permissions vulnerability.
A local attacker may exploit this vulnerability to disclose potentially sensitive information that is contained in files that were downloaded using newsgrab. This vulnerability has been assigned the CVE identifier CAN-2005-0154.
A file containing the name '../../../../etc/rc.local' and the mode 777 could cause newsgrab to drop the file at /etc/rc.local with 777 permissions.- Источник
- www.exploit-db.com
