Ultraboard Incorrect Directory Permissions Vulnerability

A version of Ultraboard 2000, a bulletin board script from UltraScripts, is reported to install with improperly-set directory permissions.

As a result, a local user could copy malicious cgi scripts to these directories which would then be remotely executable with the privilege level of the webserver.

This may lead to a compromise of data owned by the webserver user, such as defacement of the webpage.


 

Privacy Statement
Copyright 2010, SecurityFocus