New User, Welcome!     Login

The Magic

Zabbix 1.6.2 Frontend Multiple Vulnerabilities

A) Remote Code Execution

A Remote Code Execution issue has been found in Zabbix version
1.6.2 and no authentication is required in order to exploit this
vulnerability. The Magic Quotes must be off in order to exploit
this vulnerability, however this feature will not be supported
starting with PHP 6.0 (ref. http://it2.php.net/magic_quotes).

Zabbix has a security feature that parses all incoming input for
possible bad chars with the help of the function check_fields() defined

phpCollegeExchange 0.1.5c Multiple SQL Injection Vulnerabilities

II. DESCRIPTION

This  application  is  affected   by  many  SQL  Injection
security flaws. In order to exploit they, the Magic Quotes
GPG (php.ini) must  be  Off.
In  this  security  advisory  I  reported only some of the
vulnerable files.
I tested 0.1.5c version only, however  other versions  may
be also vulnerable.

Re: [Full-disclosure] Zabbix 1.6.2 Frontend Multiple Vulnerabilities

>
> A) Remote Code Execution
>
> A Remote Code Execution issue has been found in Zabbix version
> 1.6.2 and no authentication is required in order to exploit this
> vulnerability. The Magic Quotes must be off in order to exploit
> this vulnerability, however this feature will not be supported
> starting with PHP 6.0 (ref. http://it2.php.net/magic_quotes).
>
> Zabbix has a security feature that parses all incoming input for
> possible bad chars with the help of the function check_fields() defined


Copyright © 1995-2012 LinuxRocket.net. All rights reserved.

Nearly all of LinuxRocket's features are free. Be kind and donate to the cause!