RSS   Vulnerabilities for 'Destar'   RSS

2009-03-29
 
CVE-2008-6539

CWE-94
 

 
Static code injection vulnerability in user/settings/ in DeStar 0.2.2-5 allows remote authenticated users to add arbitrary administrators and inject arbitrary Python code into destar_cfg.py via a crafted pin parameter.

 
 
CVE-2008-6538

 

 
DeStar 0.2.2-5 allows remote attackers to add arbitrary users via a direct request to config/add/CfgOptUser.

 


Copyright 2024, cxsecurity.com

 

Back to Top