Computer Security
[EN] securityvulns.ru no-pyccku


DataDomain Web interface unfiltered shell characters
Published:29.03.2007
Source:
SecurityVulns ID:7507
Type:local
Threat Level:
5/10
Description:Unfiltered shell characters vulnerability in multiple Web interface commands.
Affected:DATADOMAIN : Data Domain 4.0
CVE:CVE-2007-1836 (The command line administration interface in Data Domain OS before 4.0.3.6 allows remote authenticated users to execute arbitrary commands via shell metacharacters in certain arguments to various commands, as demonstrated by the interface argument to the (1) ifconfig and (2) ping commands.)
Original documentdocumentElliot Kendall, Arbitrary Command Execution in DataDomain Administrator Interface (29.03.2007)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod