My Classifieds On-line Classified Advertising Script Has Flaw That Allows Remote Users to Execute Arbitrary Code on the Web Server - SecurityTracker

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

Home | View Topics | Search | Contact Us |

SecurityTracker
Archives

Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Category: Application (Web Server/CGI) > My Classifieds

Vendors: Spice, Mike

My Classifieds On-line Classified Advertising Script Has Flaw That Allows Remote Users to Execute Arbitrary Code on the Web Server

SecurityTracker Alert ID: 1003255

SecurityTracker URL: http://securitytracker.com/id/1003255

CVE Reference: CVE-2002-1600 (Links to External Site)

Updated: May 19 2008

Original Entry Date: Jan 16 2002

Impact: Execution of arbitrary code via network, User access via network

Fix Available: Yes Vendor Confirmed: Yes

Version(s): prior to 1.3

Description: A vulnerability was reported in My Classifieds, a Perl-based script that provides an on-line newspaper-like classified advertising section. A remote user may be able to execute arbitrary code on the web server.

The code would run with the privileges of the web server.

Impact: A remote user can cause arbitrary code to be executed with the privileges of the web server, potentially giving the user access to the server.

Solution: The vendor has issued a fixed version (1.3), available at:

http://freshmeat.net/projects/myclassifieds/

Vendor URL: freshmeat.net/projects/myclassifieds/ (Links to External Site)

Cause: Not specified

Underlying OS: Linux (Any), UNIX (Any), Windows (Any)

Message History: None.

Source Message Contents

Date: Sat, 12 Jan 2002 14:09:50 -0500
Subject: My Classifieds Code Execution Flaw


  My Classifieds 1.3
  by Mike Spice (http://freshmeat.net/users/mikespice/)
  Thursday, January 10th 2002 04:19

Communications Internet :: WWW/HTTP :: Dynamic Content

About: Mike's Classifieds is a Perl CGI implementation of  online
classifieds, similar to the classifieds section  of a newspaper. It
displays all aspects of the  classifieds and creates all of the files
for
you. Only  one file needs to be edited to specify the  categories and
pictures used. The script supports  email and deletion/modification of
ads
by users.

Changes: This release incorporates major security fixes. All users are
encouraged to update immediately.

License: GNU General Public License (GPL)

URL: http://freshmeat.net/projects/myclassifieds/

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us
Copyright 2013, SecurityGlobal.net LLC