SecurityReason.com - Our Reason is

Security

Register | Forget Password | Login
SecurityReason
WLB
Services
RSS
Corporate
Note

If you have found a vulnerability, please send to our SecurityAlert Database :
secalert()securityreason()com

Also if you have new ( 0-day ) exploit, please send to our ExploitAlert Archive :
exploit()securityreason()com

Home arrow SecurityAlert Database

Arrow  Topic :

iPhone Configuration Web Utility 1.0 for Windows Directory Traversal


Arrow  SecurityAlert : 4681
Arrow  CVE : CVE-2008-5315
Arrow  CWE : CWE-22
Arrow  SecurityRisk : High  Security Risk High  (About)
Arrow  Remote Exploit : Yes
Arrow  Local Exploit : No
Arrow  Victim interaction required : No
Arrow  Exploit Available : No
Arrow  Credit : ddifrontline
Arrow  Published : 05.12.2008

Arrow  Affected Software : apple:iphone_configuration_web_utility:1.0



Arrow  Advisory Content :  

Title

-----

DDIVRT-DDIVRT-2008-15 iPhone Configuration Web Utility 1.0 for Windows
Directory Traversal

Severity

--------

High

Date Discovered

---------------

October 2, 2008

Discovered By

-------------

Digital Defense, Inc. Vulnerability Research Team

Credit: Corey LeBleu and r@b13$

Vulnerability Description

-------------------------

The iPhone Configuration Web Utility allows centralized management of
iPhone configuration settings. The iPhone Configuration Web Utility 1.0 for
Windows web interface is vulnerable to a common web directory traversal
attack. Successful exploitation will result in arbitrary read-only file
access outside of the iPhone Configuration Web Utility 1.0 web root.

Solution Description

--------------------

Filter network traffic so that only trusted users can access the web
interface.

Tested Systems / Software (with versions)

------------------------------------------

Windows XP Professional

iPhone Configuration Web Utility 1.0 for Windows

Vendor Contact

--------------

Vendor Name: Apple Inc.

Vendor Website: www.apple.com



Arrow  References :

http://www.securityfocus.com/archive/1/archive/1/498559/100/0/threaded
http://secunia.com/advisories/32852
http://lists.grok.org.uk/pipermail/full-disclosure/2008-November/065822.html




Arrow  Feedback :

If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com.
Alert

libc/fnmatch(3) DoS

Security Risk Medium- 2011-05-13

Allow attacker to denial of service apache 2.2.17 server

Apache RSS Apache Alert

» Apache HTTP Server Denial
   of Service Vulnerability

» Multiple Vendors
   libc/fnmatch(3) DoS (incl
   apache poc)

» Apache Continuum
   cross-site scripting
   vulnerability

» Apache Tomcat DoS
   Vulnerability

PHP RSS PHP Alert

» PHP Hashtables Denial of
   Service

» PHP 5.3.6 multiple null
   pointer dereference

» PHP 5.3.6 ZipArchive
   invalid use glob(3)

» libzip 0.9.3
   _zip_name_locate NULL
   Pointer Dereference (incl
   PHP 5.3.5)

ADT

Protect your family and valuables with Home Security Systems

Copyright © SecurityReason.com. All Rights Reserved.