HNS MAIN FEED
Saturday, 05:48 EST
- Zero-day vulnerabilities in Firefox extensions discovered
- Three charged with Comcast.net hijacking
- Cloud computing security benefits, risks and recommendations
- Poisoned Google search results
- World’s first wireless USB external hard drive
- A look at Securitybyte & OWASP AppSec Asia Conference 2009
- Biggest threats to federal systems and critical infrastructure
- Are 64-bit Windows inherently safer?
- NSA on cyber attacks and Microsoft collaboration
- New books: ModSecurity, Snow Leopard, social Web applications
- Vulnerability in IBM SolidDB memory caching software
- Two arrested for Zbot Trojan
Sahana "mod" Parameter Local File Disclosure
02 November 2009
Sahana is a web-based disaster management application. The application is exposed to a local file disclosure issue because it fails to adequately validate user-supplied input in the "mod" parameter of the "index.php" script. Successfully exploiting this issue may allow an attacker to obtain potentially sensitive information from local files on computers running the vulnerable application. Sahana version 0.6.2.2 is affected by this issue.
Ref: http://bugzilla.redhat.com/show_bug.cgi?id=530255 http://sourceforge.net/mailarchive/forum.php?thread_name=5d9043b70910191044l4bb0178fs563a5128a0f5db01%40mail.gmail.com&forum_name=sahana-maindev
09.44.101 - CVE: CVE-2009-3625
Platform: Web Application
Ref: http://bugzilla.redhat.com/show_bug.cgi?id=530255 http://sourceforge.net/mailarchive/forum.php?thread_name=5d9043b70910191044l4bb0178fs563a5128a0f5db01%40mail.gmail.com&forum_name=sahana-maindev
09.44.101 - CVE: CVE-2009-3625
Platform: Web Application