FleetCommander Multiple Remote Security Vulnerabilities

FleetCommander is prone to multiple remote security vulnerabilities, including:

1. A cross-site request forgery vulnerability
2. Multiple HTML-injection vulnerabilities
3. Multiple SQL-injection vulnerabilities
4. Multiple command-injection vulnerabilities
5. Multiple information-disclosure vulnerabilities
6. A password encryption weakness
7. Multiple arbitrary file-upload vulnerabilities

Attackers can exploit these issues to disclose sensitive information, upload arbitrary code, and run it in the context of the web server process, execute arbitrary command, execute arbitrary HTML and script code in the browser of an unsuspecting user in the context of the affected site, to perform certain unauthorized actions, access or modify data, and exploit latent vulnerabilities in the underlying database. Other attacks may also be possible.


Privacy Statement
Copyright 2010, SecurityFocus