Directory traversal vulnerability in pdesk.cgi in PerlDesk allows remote attackers to read portions of arbitrary files and possibly execute arbitrary Perl modules via ".." sequences terminated by a %00 (null) character in the lang parameter, which can leak portions of the requested files if a compilation error message occurs.
References
Link | Resource |
---|---|
http://marc.info/?l=bugtraq&m=109509026406554&w=2 | |
http://secunia.com/advisories/12512 | Exploit Patch Vendor Advisory |
http://www.securityfocus.com/bid/11160 | Exploit Vendor Advisory |
https://exchange.xforce.ibmcloud.com/vulnerabilities/19712 |
Configurations
History
No history.
Information
Published : 2004-09-13 04:00
Updated : 2024-02-04 16:31
NVD link : CVE-2004-1678
Mitre link : CVE-2004-1678
CVE.ORG link : CVE-2004-1678
JSON object : View
Products Affected
logicnow
- perldesk
CWE