exploits , vulnerabilities , articles , eRoom Plug-In Insecure File Download Handling Vulnerability

Title	eRoom Plug-In Insecure File Download Handling Vulnerability
Published	2005-07-06-12:00AM
Updated	2005-07-06-11:18PM
Class	Design Error
CVE	CVE-MAP-NOMATCH
Remote	Yes
Local	No
Credit	Discovered by c0ntex - c0ntexb[at]gmail.com.
Vulnerable	Documentum eRoom 6.0
Not Vulnerable
Code	No exploit is required, the following examples are available: Create and upload a shortcut file that contains the following: %SystemRoot%system32cmd.exe /k net user hacker hackerpass /ADD The following HTML code demonstrates an attack that will obtain, for the attacker, the cookie value of the target user session: /data/vulnerabilities/exploits/eroom.txt
TXT

Vulnerabilities - newest 10 RSS | More

• 2009-12-17 Digital Scribe Cross Site Scripting and SQL Injection Vulnerabilities
• 2009-12-17 WP-Forum WordPress Plugin Multiple SQL Injection Vulnerabilities
• 2009-12-17 Quick Heal AntiVirus Insecure Program File Permissions Local Privilege Escalation Vulnerability
• 2009-12-17 IntelliCom NetBiter webSCADA Multiple Default Password Security Bypass Vulnerabilities
• 2009-12-17 Webmatic Multiple Unspecified SQL Injection and Cross-Site Scripting Vulnerabilities
• 2009-12-17 ManageEngine Password Manager Pro Cross Site Scripting Vulnerability
• 2009-12-17 HP OpenView Storage Data Protector Multiple Remote Code Execution Vulnerabilities
• 2009-12-17 iDevSpot iSupport Multiple Cross Site Scripting Vulnerabilities
• 2009-12-17 GNU Automake Insecure Directory Permissions Vulnerability
• 2009-12-17 Mozilla Firefox CVE-2009-3979 Multiple Remote Memory Corruption Vulnerabilities

• Vulnerabilities
• Exploits
• News
• Articles

Copyright 2007, SecurityDot
Thu, 17 Dec 2009 23:31:33 +0000