Info

Disclosure

Jul 27, 2004

Discovery

Jul 06, 2004

Dates

Exploit

Jul 27, 2004

Solution

Unknown

Description

RiSearch contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an arbitrary local file path is passed to show.pl, which will disclose the file contents resulting in a loss of confidentiality.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Confidentiality
Exploit: Exploit Public
Disclosure: OSVDB Verified
OSVDB: Web Related

Solution

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Products

RiSearch	RiSearch	1.0.01
RiSearch	RiSearch Pro	3.2.06

References

Security Tracker: 1010788
Bugtraq ID: 10812
Secunia Advisory ID: 12173
ISS X-Force ID: 16817
CVE ID: 2004-2061 (see also: NVD)
Related OSVDB ID: 8265 8266
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-07/0302.html
http://marc.theaimsgroup.com/?l=bugtraq&m=109095196526490&w=2
Packet Storm: http://packetstormsecurity.org/0407-exploits/IRM-009.txt
Other Advisory URL: http://www.irmplc.com/index.php/120-Advisory-009
Vendor URL: http://www.risearch.org

Credit

IRM Advisories - advisoriesirmplc.com - Information Risk Management Plc.

Direct URL: http://osvdb.org/8266

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

RiSearch

RiSearch

RiSearch Pro

References

Credit