source: http://www.securityfocus.com/bid/12428/info Newsgrab is reported prone to multiple vulnerabilities. The following individual issues are reported: Newsgrab is reported prone to a directory traversal vulnerability. This vulnerability exists because the software does not sufficiently sanitize directory traversal sequences from filenames before the filename is employed to store the file onto disk. A remote attacker may exploit this vulnerability by supplying a malicious file to a target victim. This vulnerability has been assigned the CVE identifier CAN-2005-0153. Newsgrab is reported prone to an unspecified insecure permissions vulnerability. A local attacker may exploit this vulnerability to disclose potentially sensitive information that is contained in files that were downloaded using newsgrab. This vulnerability has been assigned the CVE identifier CAN-2005-0154. A file containing the name '../../../../etc/rc.local' and the mode 777 could cause newsgrab to drop the file at /etc/rc.local with 777 permissions.
Related ExploitsTrying to match CVEs (1): CVE-2005-0153
Trying to match OSVDBs (1): 13459
Other Possible E-DB Search Terms: Newsgrab 0.5.0pre4, Newsgrab