Back to search
CVE-2008-1118
Published: Mar 14, 2008
Modified: Aug 7, 2024
PUBLISHED
Description
Timbuktu Pro 8.6.5 for Windows, and possibly 8.7 for Mac OS X, does not perform input validation before logging information fields taken from packets from a remote peer, which allows remote attackers to generate crafted log entries, and possibly avoid detection of attacks, via modified (1) computer name, (2) user name, and (3) IP address fields.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
29316
third-party-advisory
x_refsource_SECUNIA
http://www.coresecurity.com/?action=item&id=2166
x_refsource_MISC
3742
third-party-advisory
x_refsource_SREASON
28081
vdb-entry
x_refsource_BID
timbuktu-log-security-bypass(41330)
vdb-entry
x_refsource_XF
20080311 CORE-2008-0204: Timbuktu Pro Remote Path Traversal and Log Injection
mailing-list
x_refsource_BUGTRAQ
5238
exploit
x_refsource_EXPLOIT-DB
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now