[VIM] AjaXplorer 'checkInstall.php' Remote Command Execution Vulnerability
Dinesh Theerthagiri
Dinesh_Theerthagiri at symantec.com
Wed Oct 2 00:32:27 CDT 2013
Hi George,
Thanks for correcting us.
BID:62603 needs to be retired, as the source link itself saying that issue is covered in BID:39334.
http://tools.cisco.com/security/center/viewAlert.x?alertId=30942
We wrote the BID:62603 from the above link, Refer:3320756
Versions prior to 2.6 are not vulnerable,.. so it is ok to update the BID:39334
with version 2.6.1.
>From secunia advisory:
The vulnerabilities are reported in versions prior to 2.6 and 2.6.1.
http://secunia.com/advisories/39331/
>From OSVDB adv:
Upgrade to version 2.6 or higher.
http://www.osvdb.com/show/osvdb/63552
Vendor link:
http://ajaxplorer.info/ajaxplorer-2-6-x/
Wrongly given "Cisco Secure Access Control Server" in the technical description of the BID:62603 , Replaced Cisco Secure Access Control Server with AjaXplorer.
Retired BID:62603 and updated BID:39334
Thanks,
T.Dinesh
-----Original Message-----
From: vim-bounces at attrition.org [mailto:vim-bounces at attrition.org] On Behalf Of George Theall
Sent: Tuesday, September 24, 2013 7:30 PM
To: Vulnerability Information Managers
Subject: [VIM] AjaXplorer 'checkInstall.php' Remote Command Execution Vulnerability
Dinesh / Narayan / Venkat / Rob : Is there any additional information that you can provide about BID 62603, which was created yesterday. I notice it coincides with an alert that Cisco published -- http://tools.cisco.com/security/center/viewAlert.x?alertId=30942. That explicitly references BugTraq ID 39334, though. So is this new BID a dup or does it truly cover a new vulnerability?
George
--
theall at tenable.com
More information about the VIM
mailing list