ZeroShell 'cgi-bin/kerbynet' Local File Disclosure Vulnerability

ZeroShell is prone to a local file-disclosure vulnerability because it fails to sanitize user-supplied input.

An attacker may leverage this issue to obtain sensitive information from local files on computers running the vulnerable application. This may aid in further attacks.

ZeroShell 2.0.RC2 is vulnerable; other versions may also be affected.


 

Privacy Statement
Copyright 2010, SecurityFocus