|
ActivePost Standard Multiple Vulnerabilities
|
|
Secunia Advisory:
|
SA12642
|
|
|
Release Date:
|
2004-09-24
|
|
Last Update:
|
2005-02-22
|
|
Popularity:
|
6,469 views
|
|
|
Critical:
|
Moderately critical
|
|
Impact:
|
Security Bypass
Manipulation of data
Exposure of sensitive information
DoS
|
|
Where:
|
From local network
|
|
Solution Status:
|
Unpatched
|
|
| Software: | ActivePost Standard 3.x
|
|
|
Secunia CVSS-2 Score:
|
Available in Secunia business solutions 
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities
|
|
| Advisory Content (Page 1 of 3) | [ 1 ] [ 2 ] [ 3 ] | |
|
Description:
Luigi Auriemma has reported multiple vulnerabilities in ActivePost Standard, which can be exploited by malicious people to cause a DoS (Denial of Service), upload files to arbitrary locations, or gain knowledge of sensitive information.
1) An error in the integrated file server when processing uploaded files can be exploited to crash the file server by passing an overly long filename (longer than 4074 bytes).
2) An input validation error in the file server can be exploited to upload files to arbitrary locations on the system via directory traversal attacks.
3) When a user enters the conference menu, the server sends information about available rooms including plain text passwords for protected rooms.
The vulnerabilities have been reported in version 3.1 and prior.
Change Page:
[ 1 ] [ 2 ] [ 3 ]
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
