Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:31535
HistoryDec 22, 2014 - 12:00 a.m.

CVE-2014-2025 Remote Code Execution (RCE) in "Intrexx Professional"

2014-12-2200:00:00
vulners.com
82
JSON

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

CVE-2014-2025

"Remote Code Execution (RCE) via Unrestricted File Upload" (CWE-434) vulnerability
in "Intrexx Professional" product

Vendor

United Planet GmbH

Product

"Intrexx is an integrated cross-platform development environment for the creation
and operation of web-based applications, enterprise portals and intranet portals."

Affected versions

This vulnerability affects versions of Intrexx Professional 6.0 (prior to Online Update 10)
and 5.2 (prior to Online Update 0905)

Patch availability

The vendor has released the following fixes:
"Online Update 10" or later for Intrexx Professional 6.0 users
"Online Update 0905" or later for Intrexx Professional 5.2 users

Reported by

This issue was reported to the vendor by Christian Schneider (@cschneider4711)
following a responsible disclosure process.

Severity

Critical

Exploitability

Exploitable by unauthenticated attackers

Description

Using an unrestricted file upload it is possible to execute arbitrary code on the remote server
by uploading and remotely executing a malicious file that contains code by the attacker.

Proof of concept

Due to the responsible disclosure process chosen and to not harm unpatched systems,
no concrete exploit code will be presented in this advisory.

References

https://help.unitedplanet.com/?rq_AppGuid=C203A277EDDF9AD2492B776B996B20D4A7C58395&rq_TargetPageGuid=7A91F4B76FFC41A18F4EA4ACE26F31E033C5B018

https://help.unitedplanet.com/?rq_AppGuid=C203A277EDDF9AD2492B776B996B20D4A7C58395&rq_TargetPageGuid=2EBBF802B1970FE31EFC8A34108DF3F47E7A8EEC&rq_RecId=31&rq_SourceAppGuid=C203A277EDDF9AD2492B776B996B20D4A7C58395&rq_SourcePageGuid=7A91F4B76FFC41A18F4EA4ACE26F31E033C5B018&rq_SourceRecId=31#{1}

http://www.christian-schneider.net/advisories/CVE-2014-2025.txt

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Darwin)

iQIcBAEBAgAGBQJUjhBQAAoJEEDB74comLC+RLUQAIIt8gm+rbqfSVlX8lv3Keu2
smwtyRzaflCY14T69ZIcoUnaTg3qZTTWKb+f5AQ5aNh4RtPqvebw/Ws6eV9kUXtp
O3mvNSWOtMGVl5ILjtymFimE0HL00HezywLvpetq09uLDq0mQ/oiw0SEY7fcTGZs
QFJD/nuLdVDmiUm7jXal0SIQKpGPKgGRaYgQ4rY0p5UK6lOYFWvC7tzFjzyYYN2l
yBbzctu32souLQvb1NBoro7+m3O1nLZdygCiDAFWjs16PJqIGCYBR76M/hp17xjV
BuMIlqv48V6ovdIMhAGVyVkU1sHwBTwII5pS/gTM8/0z1mQ5HbAQJuadxRGOTSMt
hIElbEclzaOq/IyU5PuXN3dBN8HtGhdGydoI5NYPauQnPk1PAAeyn6o+ymrscKee
Ab5qO2PGAGHuzEsFy+NiLIsNkEHsUx39x5OrSFoG7y7Duhn1NZk1aDtaxooYupGG
1bz7Fte/trW9a0fhgns23jIswe/frL+f8gOteb8F8eZR8KV1i++Oe7bSpAKDSLOC
7vvkC0jBHL/8N3kcHkEZHEvlNL7yiYReU+o86M0ZcC+j5OsrLwKxoAAEl5wHmgaT
HanS8wr+C2h07TIwwdfk6TeZpUUjTnP0PLm/QSVbZ5klpt8myugMH0QcAMInGdBQ
gridV298e9Sgt9yettqF
=R/wg
-----END PGP SIGNATURE-----

Related

prion 1
cve 1
securityvulns 1
prion
prion
Unrestricted file upload
2020-01-31 23:15:00
cve
cve
CVE-2014-2025
2020-01-31 23:15:00
securityvulns
securityvulns
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
2014-12-22 00:00:00
JSON
Related for SECURITYVULNS:DOC:31535
prion1cve1securityvulns1