NaviCopa webserver 3.01 Multiple Vulnerabilities

2009.02.04
Credit: e.wiZz!
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

###################### NaviCopa webserver 3.0.1 Multiple Vulnerabilities ################# ##### By: e.wiZz! Bosnian Idiot FTW! ##### Mail: ew1zz_at_hotmail.com ##### Greetz goes to GYEZ(you know who you are lol) In the wild... ################################################ ##### Vendor site: http://www.navicopa.com/ ##### Platforms: Windows OS only #####Info: Award Winning NaviCOPA is ideal for business users who require a powerful and flexible Web Server, but don't want to have to spend months learning how to configure it. ######[Script Source Disclousure]############### If we add dot at end of URI,server won't execute script,so we can see source code: PoC: http://localhost/index.html. ###########[Buffer Overflow]##################### Buffer Overflow exist if we supply more than 5400~ characters to root directory.Similar thing reported at version 2.01 of this software http://www.securityfocus.com/bid/20250 (/cgi-bin/AAAA..) PoC: GET /AAAAAAAAAAAAAAAAAA... HTTP/1.0 In memory of shinnai.

References:

http://seclists.org/bugtraq/2009/Feb/0012.html


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top