• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Active Classifieds Arbitrary Code Execution Vulnerability

Active Classifieds is a CGI package that provides an online classified advertisement listing and management system.

An origin validation error exists in the Free Edition of Active Classifieds that may allow remote users to perform some administrative commands without authentication. As a result, it may be possible to cause arbitrary commands to be executed on a host running the software.

It is currently unclear as to whether commercial versions of Active Classifieds are also vulnerable.