- 34,599
- 0
- 18 Дек 2022
- EDB-ID
- 28641
- Проверка EDB
-
- Пройдено
- Автор
- PATRICK WEBSTER
- Тип уязвимости
- REMOTE
- Платформа
- WINDOWS
- CVE
- cve-2006-4900
- Дата публикации
- 2006-09-21
Код:
source: https://www.securityfocus.com/bid/20139/info
CA eTrust Security Command Center (eSCC) and eTrust Audit are prone to multiple vulnerabilities, including:
- an information-disclosure issue
- an arbitrary-file-deletion issue
- a replay issue.
These vulnerabilities occur because the software fails to validate user input and because of design errors in the way the software handles user permissions and secure data-transmission protocols.
An attacker may exploit these vulnerabilities to access sensitive information, delete arbitrary files with the permissions of the service account, and carry out external replay attacks.
https://www.example.com:8080/etrust/servlet/eSMPAuditServlet?verb=getadhochtml&eSCCAdHocHtmlFile=../../../../../../../boot.ini- Источник
- www.exploit-db.com
