[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FD] [CVE-2014-3005]Zabbix 1.8.x-2.2.x Local File Inclusion via XXE Attack

To: "fulldisclosure@xxxxxxxxxxxx" <fulldisclosure@xxxxxxxxxxxx>
Subject: [FD] [CVE-2014-3005]Zabbix 1.8.x-2.2.x Local File Inclusion via XXE Attack
From: pnig0spnig0s <pnigos@xxxxxxxx>
Date: Tue, 17 Jun 2014 15:12:38 +0000

Product name:Zabbix
Description:Zabbix is an enterprise-class open source distributed monitoring 
solution for networks and applications.
Version affected:1.8.x-2.2.x
Type:XML External Entity Attack
Consequence:Arbitrary Local File Read&Potential RCE
Vulnerability Details:http://www.pnigos.com/?p=273
Fix Released:svn://svn.zabbix.com/branches/dev/ZBX-8151-18 r46594 for 
1.8svn://svn.zabbix.com/branches/dev/ZBX-8151-20 r46600 for 2.0+
Bug was found by pnig0s @ FreeBuf.Com
==================================================
Best Regards,pnig0s


                                          

_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Prev by Date: [FD] Enom.com security contact? (Account Hijacking -- Google Apps integrations vulnerable)
Next by Date: [FD] Paypal Inc Bug Bounty #36 - SecurityKey Card Serialnumber Module Vulnerability
Previous by thread: [FD] Enom.com security contact? (Account Hijacking -- Google Apps integrations vulnerable)
Next by thread: [FD] Paypal Inc Bug Bounty #36 - SecurityKey Card Serialnumber Module Vulnerability
Index(es):
- Date
- Thread