eMotion MediaPartner Enterprise Multiple Vulnerabilities

BID:12236

Info

eMotion MediaPartner Enterprise Multiple Vulnerabilities

Bugtraq ID: 12236
Class: Unknown
CVE: CVE-2005-0335
CVE-2005-0336
Remote: Yes
Local: No
Published: Jan 11 2005 12:00AM
Updated: Jul 12 2009 09:27AM
Credit: Discovery is credited to Portcullis Computer Security.
Vulnerable: eMotion MediaPartner Enterprise 5.1
eMotion MediaPartner Enterprise 5.0
Not Vulnerable:

Discussion

eMotion MediaPartner Enterprise Multiple Vulnerabilities

MediaPartner Enterprise Web server is reported prone to multiple vulnerabilities. These issues can allow remote attackers to disclose sensitive information, carry out directory traversal and cross-site scripting attacks, and gain administrative access to an affected server.

The following specific issues were identified:

An attacker can disclose sensitive scripts through the Web by sending a malformed HTTP GET request. This issue affects MediaPartner 5.0 and 5.1

An attacker can also disclose Web readable files by carrying out directory traversal attacks. This vulnerability is reported to affect MediaPartner 5.0. It may affect MediaPartner 5.1 as well, though this is not confirmed.

It is reported that an attacker can also execute arbitrary script code in a user's browser by carrying out cross-site scripting attacks. This vulnerability is reported to affect MediaPartner 5.0. It may affect MediaPartner 5.1 as well, though this is not confirmed.

The last vulnerability allows remote attackers to change users' password without proper authorization. This vulnerability is reported to affect MediaPartner 5.0. It may affect MediaPartner 5.1 as well, though this is not confirmed.

Exploit / POC

eMotion MediaPartner Enterprise Multiple Vulnerabilities

An exploit is not required.

The following proof of concept examples are available:
http://www.example.com/login.bhtml.
http://www.example.com/../../../boot.ini
http://www.example.com/../../<script>alert(.portcullis.)</script>../../
http://www.example.com/login.bhtml?userNameForPasswordChange=admin

Solution / Fix

eMotion MediaPartner Enterprise Multiple Vulnerabilities

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.

References

eMotion MediaPartner Enterprise Multiple Vulnerabilities

References:
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report