Vulnerabilities > CVE-2004-1678 - Unspecified vulnerability in Logicnow Perldesk
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
Directory traversal vulnerability in pdesk.cgi in PerlDesk allows remote attackers to read portions of arbitrary files and possibly execute arbitrary Perl modules via ".." sequences terminated by a %00 (null) character in the lang parameter, which can leak portions of the requested files if a compilation error message occurs.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description | PerlDesk Language Variable Server-Side Script Execution Vulnerability. CVE-2004-1678. Webapps exploit for cgi platform |
id | EDB-ID:24591 |
last seen | 2016-02-02 |
modified | 2004-09-13 |
published | 2004-09-13 |
reporter | Nikyt0x Argentina |
source | https://www.exploit-db.com/download/24591/ |
title | PerlDesk Language Variable Server-Side Script Execution Vulnerability |
Nessus
NASL family | CGI abuses |
NASL id | PERLDESK_SCRIPT_EXEC.NASL |
description | The remote host is running PerlDesk, a web-based help desk and email management application written in perl. There is a file inclusion issue in the remote version of this software which may allow an attacker to read fragments of arbitrary files on the remote host and to execute arbirary perl scripts, provided that an attacker may upload a script in the first place. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 14733 |
published | 2004-09-15 |
reporter | This script is Copyright (C) 2004-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/14733 |
title | PerlDesk pdesk.cgi lang Parameter Traversal Arbitrary File Access |
code |
|