• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

GetAccess Remote Arbitrary Java Code Execution Vulnerability

GetAccess allows administration of individual user access rights and customer profiles on high-volume 'portal' websites.

A flaw exists in GetAccess' execution of java class files. When reading in filenames, input is not validated and directory traversals can be used to execute java class files anywhere on the filesystem.