• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

WWWIsis Remote Command Execution Vulnerability

WWWIsis provides a web interface for accessing ISIS databases. It will run on most Unix and Linux variants, as well as Microsoft Windows operating systems.

It is possible for a remote attacker to execute commands on the underlying shell of the host running the vulnerable software. Such commands will be executed with the privileges of the webserver process.

This issue has been reported for 3.x versions. Other versions are not affected by this vulnerability. Additionally, JavaISIS and other tools based on WWWIsis may also be affected.