Ezboo webstats, possibly 3.0.3, allows remote attackers to bypass authentication and gain access via a direct request to (1) update.php and (2) config.php.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Mac_os_x | Apple | 10.4.9 (including) | 10.4.9 (including) |
| Hp-ux | Hp | * | * |
| Tru64 | Hp | 5.1b_pk2_bl22 (including) | 5.1b_pk2_bl22 (including) |
| Aix | Ibm | * | * |
| Os2 | Ibm | * | * |
| Linux_kernel | Linux | * | * |
| Windows_2000 | Microsoft | * | * |
| Windows_2003_server | Microsoft | sp2 (including) | sp2 (including) |
| Windows_95 | Microsoft | * | * |
| Windows_98 | Microsoft | * | * |
| Windows_98se | Microsoft | * | * |
| Windows_me | Microsoft | * | * |
| Windows_nt | Microsoft | 4.0 (including) | 4.0 (including) |
| Windows_xp | Microsoft | * | * |
| Sco_unix | Santa_cruz_operation | * | * |
| Solaris | Sun | * | * |
| Bsdos | Windriver | * | * |
References
- http://forums.avenir-geopolitique.net/viewtopic.php?t=2674
- http://osvdb.org/34181
- http://securityreason.com/securityalert/2275
- http://www.securityfocus.com/archive/1/460325/100/0/threaded
- http://www.securityfocus.com/bid/22590
- https://exchange.xforce.ibmcloud.com/vulnerabilities/32563
- http://forums.avenir-geopolitique.net/viewtopic.php?t=2674
- http://osvdb.org/34181
- http://securityreason.com/securityalert/2275
- http://www.securityfocus.com/archive/1/460325/100/0/threaded
- http://www.securityfocus.com/bid/22590
- https://exchange.xforce.ibmcloud.com/vulnerabilities/32563