NetworkMiner Arbitrary Code Execution and Directory Traversal Vulnerabilities

NetworkMiner is prone to a remote code-execution vulnerability and a directory-traversal vulnerability because it fails to properly validate user-supplied data.

An attacker can exploit these issues to view or download arbitrary files from the server and execute arbitrary code within the context of the server running the affected application. Failed exploit attempts will result in a denial-of-service condition.

NetworkMiner 1.4.1 is vulnerable; other versions may also be affected.


 

Privacy Statement
Copyright 2010, SecurityFocus