Vulnerability Assessment & Network Security Forums



If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important.  If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.


Home >> Browse Vulnerability Assessment Database >> CGI abuses >> HAMweather daysonly Arbitrary Code Execution Vulnerability


Vulnerability Assessment Details

HAMweather daysonly Arbitrary Code Execution Vulnerability

Vulnerability Assessment Summary
Executes arbitrary command via HAMweather

Detailed Explanation for this Vulnerability Assessment

Summary :

The remote web server contains an application that permits execution of
arbitrary code.

Description :

The remote host is running HAMweather, a weather-forecasting software
application.

The installed version of HAMweather fails to properly sanitize input
to the 'daysonly' parameter before using it to evaluate PHP or Perl
code. An unauthenticated attacker can leverage this issue to execute
arbitrary code on the remote host subject to the rights of the web
server user id.

See also :

http://www.gulftech.org/?node=research&article_id=00115-09302006
http://support.hamweather.com/viewtopic.php?t=6548

Solution :

Upgrade to HAMweather 3.9.8.2 Perl/ASP or HAMweather 3.9.8.5 PHP or
later.

Network Security Threat Level:

High / CVSS Base Score : 7
(AV:R/AC:L/Au:NR/C:P/A:P/I:P/B:N)

Networks Security ID: 20311

Vulnerability Assessment Copyright: This script is Copyright (C) 2006 Tenable Network Security

Cables, Connectors


Fanxiang 4TB 2TB 1TB SSD 550MB/s 2.5'' SATA III Internal Solid State Drive lot picture

Fanxiang 4TB 2TB 1TB SSD 550MB/s 2.5'' SATA III Internal Solid State Drive lot

$188.99



Fanxiang SSD 4TB 2TB 1TB 512GB SATA SSD 2.5'' III Internal Solid State Drive lot picture

Fanxiang SSD 4TB 2TB 1TB 512GB SATA SSD 2.5'' III Internal Solid State Drive lot

$108.29



New SSD 870 EVO SATA III SSD 1TB 2.5'' Solid State Drive Upgrade PC Laptop 4TB picture

New SSD 870 EVO SATA III SSD 1TB 2.5'' Solid State Drive Upgrade PC Laptop 4TB

$59.99



Netac 2TB 1TB 512GB 240GB Internal SSD 2.5'' SATAIII 6Gb/s Solid State Drive lot picture

Netac 2TB 1TB 512GB 240GB Internal SSD 2.5'' SATAIII 6Gb/s Solid State Drive lot

$118.99



Patriot P210 128GB 256GB 512GB 1TB 2TB 2.5

Patriot P210 128GB 256GB 512GB 1TB 2TB 2.5" SATA 3 6GB/s Internal SSD PC/MAC Lot

$13.99



MZ7LM1T9HMJP Samsung PM863a 1.92TB SATA 6Gbps 2.5'' SSD Solid State Drive  picture

MZ7LM1T9HMJP Samsung PM863a 1.92TB SATA 6Gbps 2.5'' SSD Solid State Drive

$54.99



WD BLUE 3D NAND 250GB 2.5

WD BLUE 3D NAND 250GB 2.5" SATA Laptop SSD Solid State Tested,Wiped -WDS250G2B0A

$16.99



120 128GB SSD SATA III 2.5

120 128GB SSD SATA III 2.5" 7mm Solid State Drive MIXED BRAND APPLE LAPTOP zzz

$9.99



Netac 1TB 2TB 512GB Internal SSD 2.5'' SATA III 6Gb/s Solid State Drive lot picture

Netac 1TB 2TB 512GB Internal SSD 2.5'' SATA III 6Gb/s Solid State Drive lot

$119.99



Fanxiang 2TB 1TB External SSD USB 3.2 4TB Portable Solid State Hard Drive LOT picture

Fanxiang 2TB 1TB External SSD USB 3.2 4TB Portable Solid State Hard Drive LOT

$249.99



Discussions

No Discussions have been posted on this vulnerability.