• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Feedsplitter Multiple Input Validation Vulnerabilities

Feedsplitter is prone to multiple input-validation vulnerabilities, including multiple arbitrary code-execution and HTML-injection vulnerabilities, an information-disclosure vulnerability, and a directory-traversal vulnerability.

An attacker can exploit these issues to retrieve arbitrary files from the vulnerable system, to execute arbitrary code in the context of the affected webserver, to retrieve sensitive information, to steal cookie-based authentication credentials, and to control how the site is rendered to the user. Other attacks are also possible.

Versions 2006-01-21 and prior are vulnerable.