- 34,599
- 0
- 18 Дек 2022
- EDB-ID
- 29746
- Проверка EDB
-
- Пройдено
- Автор
- ANONYMOUS
- Тип уязвимости
- LOCAL
- Платформа
- LINUX
- CVE
- cve-2007-1474
- Дата публикации
- 2007-03-15
Horde Framework and IMP 2.x/3.x - Cleanup Cron Script Arbitrary File Deletion
Код:
source: https://www.securityfocus.com/bid/22985/info
Horde Framework and IMP are prone to a vulnerability that allows a local attacker to delete arbitrary files in the context of the user running the application.
A successful attack can reduce the integrity of affected computers and may aid in further attacks.
An attacker could exploit this issue by creating a file '/tmp/x /etc/passwd /tmpmswordx' and running the affected cron script. This will result in the deletion of '/tmp/x', '/etc/passwd', and '/tmp/mswordx'.- Источник
- www.exploit-db.com
