AdMan editCampaign.php Malformed campaignId Variable Path Disclosure
Posted on 23 March 2006

Vulnerability Description

Adman contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker assigns an empty or invalid value in the campaignId variable in a request to the editCampaign.php script, which will disclose the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.

Manual Testing Notes

/adMan/advertiser/editCampaign.php?campaignId=

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Products:

  • Brain Book Software LLC AdMan 1.0.20051221 Affected

Vulnerability classification:

  • Remote vulnerability
  • Information disclosure attack
  • Impact on confidentiality
  • Exploit available

External references:

  • Secunia Advisory ID: 19351
  • Other Advisory URL: go there
  • Vendor URL: go there
  • Related OSVDB ID: 24064
  • Related OSVDB ID: 24066
  • CVE ID: 2006-1375
  • FrSIRT Advisory: ADV-2006-1071

[ Vulnerabilities main page ]




The HNS Vulnerabilities section is powered by OSVDB



Spotlight

IT security jobs: What's in demand and how to meet it

Posted on 15 May 2013.  |  Let's say you want a career in information security, where do you start? What credentials do you need? What are employers looking for? Read on to find some answers.


Daily digest

By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
  
Weekly newsletter

With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.
  

 
DON'T
MISS
Fri, May 17th
    COPYRIGHT 1998-2013 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //