 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| CVE ID: | CVE-2004-1937 |
| Description: | Multiple directory traversal vulnerabilities in Nuked-KlaN 1.4b and 1.5b allow remote attackers to read or include arbitrary files via .. sequences in (1) the user_langue parameter to index.php or (2) the langue parameter to update.php, or modify arbitrary GLOBAL variables by causing globals.php to be loaded before conf.inc.php via (3) .. sequences in the file parameter with the page parameter set to globals, or (4) ../globals.php in the user_langue parameter, as demonstrated by modifying $nuked[prefix] in the Suggest module. |
| Test IDs: | 1.3.6.1.4.1.25623.1.0.12202 |
| Cross References: |
Common Vulnerability Exposure (CVE) ID: CVE-2004-1937 BugTraq ID: 10104 http://www.securityfocus.com/bid/10104 Bugtraq: 20040417 [SCSA-028] Nuked-Klan Multiple Vulnerabilities (Google Search) http://marc.info/?l=bugtraq&m=108222826225823&w=2 http://www.phpsecure.info/v2/tutos/frog/Nuked-KlaN.txt http://secunia.com/advisories/11341 XForce ISS Database: nuked-klan-configurtion-corruption(15844) https://exchange.xforce.ibmcloud.com/vulnerabilities/15844 XForce ISS Database: nuked-klan-file-include(15843) https://exchange.xforce.ibmcloud.com/vulnerabilities/15843 |