| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 6 Nov 2006 21:58:21 -0800 From: "Jesper Jurcenoks" <jesper.jurcenoks@...vigilance.com> To: <bugtraq@...urityfocus.com>, <full-disclosure@...ts.grok.org.uk> Subject: DigiOz Guestbook version 1.7 Path Disclosure Vulnerability in list.php DigiOz Guestbook version 1.7 Path Disclosure Vulnerability in list.php Description: The DigiOz Guestbook is a PHP driven guestbook system. The vulnerability exists in list.php script which allows remote attackers to obtain sensitive information via an HTTP request to list.php that contains wrong value in page parameter. This causes sensitive information to be leaked in an error message. External References: Mitre CVE: CVE-2006-5651 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5651 NVD NIST : CVE-2006-5651 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-5651 OSVDB : 29985 http://www.osvdb.com/displayvuln.php?osvdb_id=29985 Vulnerable Systems: DigiOz Guestbook version 1.7 and earlier http://www.digioz.com/phpscripts.php Non-Vulnerable Systems: DigiOz Guestbook version 1.7.1 and later http://www.digioz.com/phpscripts.php Summary: DigiOz Guestbook is a popular Open-Source guestbook system for easy embedding into your own web-site. A security problem in the product allows attackers to gather the true path of the server-side script. Release Date: November 2 2006 Vulnerability Type: Input Validation error - The list.php script has a flaw which leads to a Fatal Error. This is an input validation fault when the script is not testing the data passed. Vendor Status: The Vendor has been notified and has released a new version DigiOz Guestbook 1.7.1 that fixed the problem. Patch can be downloaded here : http://www.digioz.com/guestbook/guestbook_v1_7_1.zip Severity Metrics: Risk: Low CVSS Metrics Access Vector: Remote Access Complexity: Low Authentication: not-required Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None Impact Bias: Normal CVSS Base Score: 2.3 Target Distribution on Internet: Low Exploitability: Functional Exploit Remediation Level: Official Fix Report Confidence: confirmed Vulnerability Impact: Attack Host Impact: Path disclosure. Example: HTTP REQUEST http://[TARGET]/[DigiOz Guestbook-directory]/list.php?page=%60&order=asc REPLY ... toolbar.jpg" height="20"></td></tr><tr><td><b>Date: </b><br /> <b>Notice</b>: Undefined offset: 11 in <b>D:\WWWRoot\<username>\list.php</b> on line <b>78</b><br /> <br /> <b>Fatal error</b>: Call to a member function showDate() on a non-object in <b>D:\WWWRoot\<username>\list.php</b> on line <b>78</b><br /> ... URL of Original Advisory: http://www.netvigilance.com/advisory0005 Credit: Jesper Jurcenoks Co-founder netVigilance, Inc. www.netvigilance.com
Powered by blists - more mailing lists