Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

This site is deprecated. Please CLICK HERE for latest updates

Short Name

 HTTP:PHP:YABBSE-PKG-EXEC

Severity

 Major

Recommended

 No

Recommended Action

 Drop

Category

 HTTP

Keywords

 YabbSE Packages.php Code Execution

Release Date

 2003/04/22

Update Number

 1213

Supported Platforms

 di-5.3+, idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+

HTTP: YabbSE Packages.php Code Execution


This signature detects attempts to exploit a known vulnerability against Packages.php in YabbSE. YabbSE 1.5.0 and earlier are vulnerable. Attackers can include remote malicious code in Packages.php that can allow them to execute arbitrary commands with Web server privileges.

Extended Description

YaBB SE allows remote users to influence the location of included files. A remote attacker may exploit this condition to cause an external, attacker-supplied file to be included and executed by YABB SE. This may allow a remote attacker to execute arbitrary commands in the context of the webserver.

Affected Products

  • Yabb_se yabb_se 0.8.0
  • Yabb_se yabb_se 1.4.1

References

  • BugTraq: 6663
  • URL: http://www.yabbse.org/community/index.php?board=9;action=display;threadid=17919
  • URL: http://www.securiteam.com/securitynews/5DP0N0K8UA.html
  • URL: http://seclists.org/lists/bugtraq/2003/Jan/0189.html

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out