Openfiler Multiple Security Vulnerabilities

Openfiler is prone to the following security vulnerabilities:

1. Multiple command-injection vulnerabilities
2. A directory traversal vulnerability
3. An information-disclosure weakness
4. An information-disclosure vulnerability
5. Multiple cross-site scripting vulnerabilities

An attacker can leverage these issues to execute arbitrary OS commands in context of the affected application, to view arbitrary local files, to gain access to potentially sensitive information or to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may aid in further attacks.

Openfiler 2.99 is vulnerable; other versions may also be affected.


Privacy Statement
Copyright 2010, SecurityFocus