Info

Disclosure

Jul 27, 2004

Discovery

Jul 06, 2004

Dates

Exploit

Jul 27, 2004

Solution

Unknown

Description

RiSearch contains a flaw that may allow a malicious user to use the server as a proxy. The issue is triggered by the lack of validation of the url variable which is passed to show.pl. It is possible that the flaw may allow open relay access resulting in a loss of integrity.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Public
Disclosure: OSVDB Verified
OSVDB: Web Related

Solution

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Products

RiSearch	RiSearch	1.0.01
RiSearch	RiSearch Pro	3.2.06

References

Security Tracker: 1010788
Bugtraq ID: 10812
Secunia Advisory ID: 12173
ISS X-Force ID: 16817
CVE ID: 2004-2061 (see also: NVD)
Related OSVDB ID: 8266
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-07/0302.html
Packet Storm: http://packetstormsecurity.org/0407-exploits/IRM-009.txt
Other Advisory URL: http://www.irmplc.com/index.php/120-Advisory-009
Vendor URL: http://www.risearch.org

Credit

IRM Advisories - advisoriesirmplc.com - Information Risk Management Plc.

Direct URL: http://osvdb.org/8265

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

RiSearch

RiSearch

RiSearch Pro

References

Credit