SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   paBugs Vendors:   PHP Arena
paBugs Lets Remote Authenticated Users Execute Arbitrary Commands
SecurityTracker Alert ID:  1013624
SecurityTracker URL:  http://securitytracker.com/id/1013624
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Apr 1 2005
Impact:   Disclosure of authentication information, Execution of arbitrary code via network, User access via network
Exploit Included:  Yes  
Version(s): v2 Beta 3
Description:   A vulnerability was reported in paBugs. A remote authenticated user can execute arbitrary commands on the target system.

A remote authenticated user can gain administrative privileges on the target application. Then, the user can upload arbitrary PHP code and execute the code on the target system.

A demonstration exploit is available at:

http://nst.void.ru/down_sys_exploits.php?get=paBugs-v2-b3.rar

Network security team reported this vulnerability.

Impact:   A remote authenticated user can gain administrative privileges on the target application and then execute arbitrary PHP code and operating commands on the target system. The code will run with the privileges of the target web service.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.phparena.net/pabugs.php (Links to External Site)
Cause:   Access control error, Authentication error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC