Nudester Unauthorized Arbitrary File Upload and Download Vulnerability

A user downloading files from a Nudester host could gain access to a password, using a third party sniffer utility. Knowledge of this password could enable the user to log into the host and perform various actions, including uploading arbitrary files anywhere on the targets filesystem. As well, the user could traverse the directory structure of the host and download any file.

Successful exploitation of this vulnerability could lead to a complete compromise of the host's integrity.


 

Privacy Statement
Copyright 2010, SecurityFocus