V-creator Remote Shell Code Execution Vulnerability
BID:17328
Info
V-creator Remote Shell Code Execution Vulnerability
| Bugtraq ID: | 17328 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 31 2006 12:00AM |
| Updated: | Apr 03 2006 05:08PM |
| Credit: | The vendor disclosed this vulnerability. |
| Vulnerable: |
v-creator.com v-creator 1.3-pre2 |
| Not Vulnerable: |
v-creator.com v-creator 1.3-pre3 |
Discussion
V-creator Remote Shell Code Execution Vulnerability
The v-creator application is prone to a remote shell code-execution vulnerability.
This issue allows attackers to execute arbitrary shell commands with the privileges of the webserver process. This may help the attacker compromise the application and the underlying system; other attacks are also possible.
Versions 1.3-pre2 and prior of v-creator are vulnerable; other versions may also be affected.
The v-creator application is prone to a remote shell code-execution vulnerability.
This issue allows attackers to execute arbitrary shell commands with the privileges of the webserver process. This may help the attacker compromise the application and the underlying system; other attacks are also possible.
Versions 1.3-pre2 and prior of v-creator are vulnerable; other versions may also be affected.
Exploit / POC
V-creator Remote Shell Code Execution Vulnerability
This issue can be exploited via a web client.
This issue can be exploited via a web client.
Solution / Fix
V-creator Remote Shell Code Execution Vulnerability
Solution:
The vendor has released versions 3.0.10 and 3.1.1 to address this issue.
v-creator.com v-creator 1.3-pre2
Solution:
The vendor has released versions 3.0.10 and 3.1.1 to address this issue.
v-creator.com v-creator 1.3-pre2
-
v-creator.com v-creator_1.3-pre3.tgz
http://prdownloads.sourceforge.net/vcreator/v-creator_1.3-pre3.tgz
References
V-creator Remote Shell Code Execution Vulnerability
References:
References: