RSS   Vulnerabilities for 'Botbr'   RSS

2003-12-31
 
CVE-2003-1405

 

 
DotBr 0.1 allows remote attackers to execute arbitrary shell commands via the cmd parameter to (1) exec.php3 or (2) system.php3.

 
 
CVE-2003-1404

 

 
DotBr 0.1 stores config.inc with insufficient access control under the web document root, which allows remote attackers to obtain sensitive information such as SQL usernames and passwords.

 
 
CVE-2003-1403

 

 
foo.php3 in DotBr 0.1 allows remote attackers to obtain sensitive information via a direct request, which calls the phpinfo function.

 


Copyright 2024, cxsecurity.com

 

Back to Top