Lilikoi Ceilidh 2.60 Multiple Vulnerabilities

Lilikoi Ceilidh is a threaded bulletin board and email application that is vulnerable to two security hazards:

Path Disclosure Vulnerability - A hidden form field called 'translated_path' is embedded in HTML code generated by Ceilidh and reveals the full path location of the Ceilidh directory underneath the web root (eg. http://target/cgi-bin/ceilidh.exe/ceilidh/?N4).

Denial of Service Vulnerability - Transmitting a specially formed POST statement to Ceilidh will spawn multiple copies of ceilidh.exe and utilize 1% of CPU and 700 KB of memory. Performing this action repeatedly can result in a denial of service attack. Stopping and restarting the World Wide Web Publishing Service is required in order to regain normal functionality.


Privacy Statement
Copyright 2010, SecurityFocus