Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-7158

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2008-7158
Last Modified 02 Sep 2009 12:00:00
Published 02 Sep 2009 01:30:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-7158

Summary

Numara FootPrints 7.5a through 7.5a1 and 8.0 through 8.0a allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) transcriptFile parameter to MRcgi/MRchat.pl or (2) LOADFILE parameter to MRcgi/MRABLoad2.pl. NOTE: some of these details are obtained from third party information.

Vulnerable Systems

Application

  • Numarasoftware Footprints 7.5a

  • Numarasoftware Footprints 7.5a1

  • Numarasoftware Footprints 8.0

  • Numarasoftware Footprints 8.0a


References

CONFIRM - https://footprintssupport.numarasoftware.com/MRcgi/MRTicketPage.pl?USER=&MRP=0&PROJECTID=4&MR=89552&MAXMININC=&MAJOR_MODE=DETAILS

XF - footprints-transcriptfile-command-execution(39810)

BID - 27373

SECUNIA - 28390

OSVDB - 42816

OSVDB - 42813


Last Updated: 27 May 2016 10:49:29