SecurityHome.eu Security vulnerability: iTop 2.2.0 Arbitrary File Upload

Home / vulnerabilities PDF

iTop 2.2.0 Arbitrary File Upload
Posted on 05 December 2015
Source : packetstormsecurity.org Link

Team,

#Date: 04/12/2015
#Discovered by: Joel Vadodil Varghese
#Type of vulnerability: Arbitrary File Upload
#Tested on: Windows 8.1
#Product: iTop
#Version: 2.2.0
#Description: iTop 2.2.0 is prone to a vulnerability that lets attackers
upload arbitrary files. The issue occurs because the application fails to
adequately sanitize user-supplied input. An attacker can exploit this issue
to upload arbitrary code and run it in the context of the web server
process; other attacks are also possible.

Notified Vendor: November 04, 2015
No Response from Vendor as on date
Public Disclosure: December 04, 2015
Reference: *http://sourceforge.net/p/itop/tickets/1168/
<http://sourceforge.net/p/itop/tickets/1168/>*

Thanks,
*Joel V*

TOP

Malware :

RATDispenser
whispergate
Borat RAT
Trojanized X_Trader
BlackLotus

Last 20

Exploits :

Customer Support System 1.0 Cross Site Scripting
Xhibiter NFT Marketplace 1.10.2 SQL Injection
WordPress WPCode Lite 2.1.14 Cross Site Scripting
Azon Dominator Affiliate Marketing Script SQL Injection
Simple Laboratory Management System 1.0 SQL Injection

Last 20