• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

CVSTrac filediff Remote Command Execution Vulnerability

CVSTrac is affected by a remote command execution vulnerability in the 'filediff' functionality. This issue is due to an input validation error that allows for the appending of shell commands.

An attacker could leverage this issue to execute arbitrary shell commands on a vulnerable computer with the privileges of the web server process.