bfcommand & control server 1.22/2.0/2.14 manager - Multiple Vulnerabilities

EDB-ID:

26210


Platform:

Multiple

Published:

2005-08-29

source: http://www.securityfocus.com/bid/14690/info

BFCC and BFVCC server managers are vulnerable to multiple remote vulnerabilities.

The first two issues are login bypass vulnerabilities. These issues allow remote, anonymous attackers to gain access to the affected server process.

The third issue is a design error whereby the server application implements access controls, privileges, and other commands in the client-side of the connection. This allows remote attackers to gain full administrative access to the affected application.

The fourth issue is a remote denial of service vulnerability. This issue is due to a failure of the application to properly handle multiple connections.

These vulnerabilities allow remote attackers to gain administrative access in the affected server application, and to deny further access to the application. 

https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/26210.zip