Advertisement
Home
Friday, 05 September 2008
  
 
Last week attacks
O.S.  Defs.  %
Linux  7154  66.99%
Win 2003  3088  28.91%
FreeBSD  225  2.11%
Win 2000  128  1.20%
SolarisSunOS  37  0.35%
Other  48  0.45%

Total attacks: 10680 of which 2638 single ip and 8042 mass defacements

Polls
Should Zone-H continue mirroring defacements? (floods will be purged)
 
Main Menu
Home
Digital Warfare
Geopolitics
ITsec News
ITsec Advisories
Test Drive
360°
Digital Attacks Archive
Zone-H events
Publications
Zone-H Friends/Partners
Contact Us
Search
Download Area
Zone-H forum
About this website
Login Form





Lost Password?
No account yet? Register
ZONE-H In Numbers
 News: 14547
 Advisories: 11
 Administrators: 1
 Managers: 1
 Super Administrators: 3
 Operators: 3
 Registered Users: 37558
 Downloadable Files: 3888
 Digital Attacks: 2854112
 Attacks On Hold: 6625
 Online Users: 65
Syndicate
Visitors' Map
Highlight on most recent attacks
cmcmatola.gov.mz/municipio/forum/down.asp by Vezir.04       camliyayla.gov.tr/haber/haber_img/madking.txt by madking       hzkjj.gov.cn by linuXploit_crew       jsva.ville-mouvaux.fr by BeLa       sotnmt-bentre.gov.vn by c0derLine       istanbuldenizcilik.gov.tr by TurkHacks.Com       malatyadevlethastanesi.gov.tr/administrator by Cez0x       uweb.engr.washington.edu by linuXploit_crew       munivillacanales.gob.gt/_vti_inf.html by SSeS       zamstats.gov.zm/pioneer.php by STF       
Latest advisories
Latest on Digital Warfare
Latest on Geopolitics
tellmatic "tm_includepath" File Inclusion Vulnerabilities PDF Print E-mail
User Rating: / 2
PoorBest 
Written by Marcelo Almeida (Vympel)   
Monday, 03 December 2007
ShAy6oOoN has discovered some vulnerabilities in tellmatic, which can be exploited by malicious people to compromise a vulnerable system.

Input passed to the parameter "tm_includepath" in include/Classes.inc.php, include/statistic.inc.php, include/status.inc.php, include/status_top_x.inc.php, and include/libchart-1.1/libcharinclude/libchart-1.1/libchart.phpt.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local or remote resources...

Successful exploitation requires that "register_globals" is enabled.

The vulnerabilities are reported in version 1.0.7 and confirmed in 1.0.7.1. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly verified.

Provided and/or discovered by:
ShAy6oOoN

Original Advisory:
http://milw0rm.com/exploits/4684


Comments Index (Total Messages: 1)
Zorbey & FreWaL Written by Guest on 2007-12-17 10:17:43

Powered by a Zone-H(ified) version of AkoComment 3.0!


DISCLAIMER: Forum postings are the opinion of the posting author alone, and should not be taken as the opinion of Zone-h. The   author is entirely and solely responsible for all content that he/she uploads, posts, or otherwise transmits via the website. Zone-h is not responsible for such content. However, Zone-h shall have the right, but not the obligation, to delete, move, or edit any content that violates this agreement or is otherwise objectionable as determined by Zone-h in its sole discretion and without notice.
 
< Prev   Next >
[ Back ]
Advertisement
 
Top!
© 2008 Zone-H.org
Joomla! is Free Software released under the GNU/GPL License.
 Top!