• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Numara FootPrints HTML Injection and Remote Command Execution Vulnerabilities

Numara FootPrints is prone to an HTML-injection vulnerability and a remote command-execution vulnerability because the application fails to sufficiently sanitize user-supplied input.

Attackers can exploit these issues to execute arbitrary commands within the context of the webserver, execute arbitrary HTML or JavaScript code within the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user. Other attacks are also possible.

Numara FootPrints 8.1 for Linux is vulnerable; other versions running on different platforms may also be affected.