| VID |
21404 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The TECH-NOTE(technote) has a 'main.cgi' Command Execution Vulnerability.
TECH-NOTE (Technote) is a popular Korean bulletin board software for Web sites. Some TECH-NOTE systems allow a remote attacker to execute arbitrary command on the system, caused by a failure of the application to properly validate user-supplied input in the 'filename' parameter in the 'main.cgi' script. By sending a specially-crafted request to the main.cgi script using the filename variable including commands, a remote attacker could execute arbitrary commands on the target system with privileges of the Web server.
* References:
http://securitytracker.com/alerts/2004/Nov/1012117.html
* Platforms Affected:
TECH-NOTE Inc., TECH-NOTE Any version
Any operating system Any version |
| Recommendation |
No upgrade or patch available as of June 2014.
Upgrade to the new version of TECH-NOTE, when new version fixed this problem becomes available from the TECH-NOTE Web Site at http://www.technote.co.kr/ |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
17993 (ISS) |
|
