NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Secunia Advisories> 2010-q1

[SA39011] Pulse CMS Multiple Vulnerabilities

From: Secunia Security Advisories (sec-advsecunia.com)
Date: Wed Mar 24 2010 - 15:17:18 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

----------------------------------------------------------------------

Secunia CSI
+ Microsoft SCCM
-----------------------
= Extensive Patch Management

http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

----------------------------------------------------------------------

TITLE:
Pulse CMS Multiple Vulnerabilities

SECUNIA ADVISORY ID:
SA39011

VERIFY ADVISORY:
http://secunia.com/advisories/39011/

DESCRIPTION:
Secunia Research has discovered multiple vulnerabilities in Pulse
CMS, which can be exploited by malicious users and malicious people
to manipulate certain data or compromise a vulnerable system.

1) An error in the handling of failed login attempts in
includes/login.php can be exploited to store content in an arbitrary
file within the web root. This can e.g. be exploited to execute
arbitrary PHP code via a specially crafted request.

Successful exploitation requires that "register_globals" is enabled.

2) Input passed via the "f" parameter to delete.php is not properly
sanitised before deleting files. This can be exploited to delete
arbitrary files with the permissions of the web server via directory
traversal attacks.

Successful exploitation requires authentication.

3) Input passed via the "filename" and "block" parameters to view.php
is not properly sanitised before being used to write to a file. This
can e.g. be exploited to execute arbitrary PHP code.

Successful exploitation requires authentication.

The vulnerabilities are confirmed in version 1.2.2 (downloaded
2010-03-17). Other versions may also be affected.

SOLUTION:
Update to version 1.2.3.

PROVIDED AND/OR DISCOVERED BY:
Secunia Research

ORIGINAL ADVISORY:
Secunia Research:
http://secunia.com/secunia_research/2010-45/
http://secunia.com/secunia_research/2010-48/
http://secunia.com/secunia_research/2010-51/

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/

Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories

----------------------------------------------------------------------

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]