admin
08-23-2005, 01:26 AM
AreaEdit
http://www.formvista.com/otherprojects/areaedit.html
August 22, 2005
http://secunia.com/advisories/16511/
Description:
A vulnerability has been reported in AreaEdit, which can be exploited by malicious people to compromise a vulnerable system.
Input passed to the "dictionary" variable in aspell_setup.php is not properly sanitised before being used as command line arguments. This can be exploited to inject arbitrary shell commands via a specially crafted string containing shell meta characters.
Successful exploitation does not require that the plugin has been enabled.
Solution:
Update to version 0.4.3.
Provided and/or discovered by:
Reported by vendor.
Original Advisory:
http://www.formvista.com/index.h...etail&cs_clog_entries_ref=50 (http://www.formvista.com/index.html?COMP=clog_list&cmd=detail&cs_clog_entries_ref=50)
http://www.formvista.com/otherprojects/areaedit.html
August 22, 2005
http://secunia.com/advisories/16511/
Description:
A vulnerability has been reported in AreaEdit, which can be exploited by malicious people to compromise a vulnerable system.
Input passed to the "dictionary" variable in aspell_setup.php is not properly sanitised before being used as command line arguments. This can be exploited to inject arbitrary shell commands via a specially crafted string containing shell meta characters.
Successful exploitation does not require that the plugin has been enabled.
Solution:
Update to version 0.4.3.
Provided and/or discovered by:
Reported by vendor.
Original Advisory:
http://www.formvista.com/index.h...etail&cs_clog_entries_ref=50 (http://www.formvista.com/index.html?COMP=clog_list&cmd=detail&cs_clog_entries_ref=50)