Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-1999-1069

Publish Date: 08 Nov 1997

                							

                source: http://www.securityfocus.com/bid/2126/info

iCat Electronic Commerce Suite is an application which enables a user to create and manage web based catalogues.

A remote user may retrieve known files on a target system running iCat Electronic Commerce Suite. The Carbo Server component of the Electronic Commerce Suite does not properly validate HTTP requests for files and will grant access to any object residing on the system. For example, the following HTTP request will display the file specified:

http://target/carbo.dll?icatcommand=..\..\directory/filename.ext&amp;catalogname=catalog

Successful exploitation of this vulnerability may disclose sensitive information such as usernames and passwords and aid in the development of further attacks. 

http://target/carbo.dll?icatcommand=..\..\directory/filename.ext&amp;catalogname=catalog

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

iCat Electronic Commerce Suite 3.0 - File Disclosure

Vulmon Search

About

Products

Connect