@1 Event Publisher Information Disclosure Vulnerability
BID:17647
Info
@1 Event Publisher Information Disclosure Vulnerability
| Bugtraq ID: | 17647 |
| Class: | Input Validation Error |
| CVE: |
CVE-2006-1437 |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 21 2006 12:00AM |
| Updated: | Apr 21 2006 10:11PM |
| Credit: | Jericho is credited with the discovery of this vulnerability. |
| Vulnerable: |
Upoint @1 Event Publisher 2003.12.18 |
| Not Vulnerable: | |
Discussion
@1 Event Publisher Information Disclosure Vulnerability
@1 Event Publisher is prone to an information-disclosure vulnerability. This issue is due to a failure to properly secure access to sensitive information.
An attacker can exploit this vulnerability to retrieve sensitive information from the vulnerable system, including private user comments.
Information gained by exploiting this issue may aid malicious users in further attacks.
@1 Event Publisher is prone to an information-disclosure vulnerability. This issue is due to a failure to properly secure access to sensitive information.
An attacker can exploit this vulnerability to retrieve sensitive information from the vulnerable system, including private user comments.
Information gained by exploiting this issue may aid malicious users in further attacks.
Exploit / POC
@1 Event Publisher Information Disclosure Vulnerability
This vulnerability may be exploited with a web client.
This vulnerability may be exploited with a web client.
Solution / Fix
@1 Event Publisher Information Disclosure Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]:[email protected]
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]:[email protected]
References
@1 Event Publisher Information Disclosure Vulnerability
References:
References:
- @1 Event Publisher Multiple Vulnerabilities (Jericho)
- @1 Event Publisher Web Site (UPoint)