Info

Disclosure

Apr 05, 2006

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

N.T. contains a flaw that may allow a malicious user to run arbitrary code. The issue is triggered due to ticker.db.php not properly sanitizing unspecified or unknown values. Arbitrary PHP code may be injected, which will be executed when the file is included. It is possible that the flaw may allow the execution of arbitrary commands resulting in a loss of integrity.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Rumored
OSVDB: Web Related

Solution

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Products

Chucky A. Ivey

N.T.

1.1.0

References

Secunia Advisory ID: 19526
CVE ID: 2006-1658 (see also: NVD)
Related OSVDB ID: 24397
VUPEN Advisory: ADV-2006-1243
Keyword: EV0121
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-04/0412.html
Other Advisory URL: http://evuln.com/vulns/121/summary.html
Vendor URL: http://www.v-gfx.net/

Credit

Aliaksandr Hartsuyeu - alexevuln.com - eVuln

Direct URL: http://osvdb.org/24398