Newsgrab 0.5.0pre4 - Multiple Local/Remote Vulnerabilities

EDB-ID:

25080

CVE:

2005-0153

EDB Verified:

Author:

Niels Heinen

Type:

remote

Exploit:   /  

Platform:

Linux

Date:

2005-02-02

Vulnerable App: 
source: https://www.securityfocus.com/bid/12428/info

Newsgrab is reported prone to multiple vulnerabilities. The following individual issues are reported:

Newsgrab is reported prone to a directory traversal vulnerability. This vulnerability exists because the software does not sufficiently sanitize directory traversal sequences from filenames before the filename is employed to store the file onto disk.

A remote attacker may exploit this vulnerability by supplying a malicious file to a target victim. This vulnerability has been assigned the CVE identifier CAN-2005-0153.

Newsgrab is reported prone to an unspecified insecure permissions vulnerability.

A local attacker may exploit this vulnerability to disclose potentially sensitive information that is contained in files that were downloaded using newsgrab. This vulnerability has been assigned the CVE identifier CAN-2005-0154. 

A file containing the name '../../../../etc/rc.local' and the mode 777 could cause newsgrab to drop the file at /etc/rc.local with 777 permissions.
Tags:
Advisory/Source: Link
Databases Links Sites Solutions
Exploits Search Exploit-DB OffSec Courses and Certifications
Google Hacking Submit Entry Kali Linux Learn Subscriptions
Papers SearchSploit Manual VulnHub OffSec Cyber Range
Shellcodes Exploit Statistics Proving Grounds
Penetration Testing Services
Exploits Google Hacking Papers Shellcodes
Search Exploit-DB Submit Entry SearchSploit Manual Exploit Statistics
OffSec Kali Linux VulnHub
Courses and Certifications Learn Subscriptions OffSec Cyber Range Proving Grounds Penetration Testing Services