Full Disclosure mailing list archives
[CVE-2014-3005]Zabbix 1.8.x-2.2.x Local File Inclusion via XXE Attack
From: pnig0spnig0s <pnigos () live com>
Date: Tue, 17 Jun 2014 15:12:38 +0000
Product name:Zabbix Description:Zabbix is an enterprise-class open source distributed monitoring solution for networks and applications. Version affected:1.8.x-2.2.x Type:XML External Entity Attack Consequence:Arbitrary Local File Read&Potential RCE Vulnerability Details:http://www.pnigos.com/?p=273 Fix Released:svn://svn.zabbix.com/branches/dev/ZBX-8151-18 r46594 for 1.8svn://svn.zabbix.com/branches/dev/ZBX-8151-20 r46600 for 2.0+ Bug was found by pnig0s @ FreeBuf.Com ================================================== Best Regards,pnig0s _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- [CVE-2014-3005]Zabbix 1.8.x-2.2.x Local File Inclusion via XXE Attack pnig0spnig0s (Jun 17)