HNS MAIN FEED
Saturday, 02:23 EST
- Zero-day vulnerabilities in Firefox extensions discovered
- Three charged with Comcast.net hijacking
- Cloud computing security benefits, risks and recommendations
- Poisoned Google search results
- World’s first wireless USB external hard drive
- A look at Securitybyte & OWASP AppSec Asia Conference 2009
- Biggest threats to federal systems and critical infrastructure
- Are 64-bit Windows inherently safer?
- NSA on cyber attacks and Microsoft collaboration
- New books: ModSecurity, Snow Leopard, social Web applications
- Vulnerability in IBM SolidDB memory caching software
- Two arrested for Zbot Trojan
Achievo "debugger.php" Remote File Include
06 November 2009
Achievo is a web-based resource-management tool implemented in PHP. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "config_atkroot" parameter of the "debugger.php" script. Successfully exploiting this issue may allow an attacker to execute malicious PHP code in the context of the webserver process. Achievo versions earlier than 1.4.0 are affected by this issue.
Ref: http://www.securityfocus.com/bid/36822/
09.44.100 - CVE: Not Available
Platform: Web Application
Ref: http://www.securityfocus.com/bid/36822/
09.44.100 - CVE: Not Available
Platform: Web Application