AlphaOne Technology Support Forums
Welcome, Guest. Please login or register.
December 03, 2008, 03:10:57 PM

Login with username, password and session length
Search:     Advanced search
1733 Posts in 827 Topics by 4763 Members
Latest Member: WIassipsyKimb
* Home Help Search Login Register
AlphaOne Technology Support Forums  |  IMPORTANT ANNOUNCEMENTS  |  Security Announcements  |  PostNuke  |  Topic: PostNuke Directory Traversal and Comment Bypass Vulnerabilities 0 Members and 1 Guest are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: PostNuke Directory Traversal and Comment Bypass Vulnerabilities  (Read 1156 times)
TJ
Tech Team
Hero Member
********
Offline Offline

Posts: 136



View Profile
PostNuke Directory Traversal and Comment Bypass Vulnerabilities
« on: October 02, 2005, 09:01:31 AM »
* Technical Description *

Two vulnerabilities were identified in PostNuke, which could be exploited by remote attackers to gain knowledge of sensitive information or bypass certain security policies.

This first issue is due to an error in the "contrib/example.php" script of the GeSHi library that does not properly validate a specially crafted "language" parameter, which could be exploited by attackers to cause contents of arbitrary files to be exposed. For additional information, see : FrSIRT/ADV-2005-1813

The second flaw is due to an unspecified error in the "comments" module, which could be exploited by attackers to add comments.

 * Affected Products *

PostNuke versions prior to 0.761

 * Solution *

Upgrade to PostNuke version 0.761 :
http://downloads.postnuke.com/

 * References *

http://www.frsirt.com/english/advisories/2005/1875
http://news.postnuke.com/index.php?name=News&file=article&sid=2726
http://news.postnuke.com/index.php?name=News&file=article&sid=2727
Logged
Pages: [1] Go Up Print 
AlphaOne Technology Support Forums  |  IMPORTANT ANNOUNCEMENTS  |  Security Announcements  |  PostNuke  |  Topic: PostNuke Directory Traversal and Comment Bypass Vulnerabilities « previous next »
Jump to:  

Powered by MySQL Powered by PHP AlphaOne Technology Support Forums | Powered by SMF 1.0.7.
© 2001-2005, Lewis Media. All Rights Reserved. 		Valid XHTML 1.0! Valid CSS!