CVE-2004-1612
published 2004-10-18CVE-2004-1612: Directory traversal vulnerability in SalesLogix 6.1 allows remote attackers to upload arbitrary files via a .. (dot dot) in a ProcessQueueFile request.
PriorityP432medium5CVSS 2.0
AVNACLAuNCNIPAN
EXPLOIT
EPSS
3.27%
86.8th percentile
Directory traversal vulnerability in SalesLogix 6.1 allows remote attackers to upload arbitrary files via a .. (dot dot) in a ProcessQueueFile request.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| saleslogix_corporation | saleslogix | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
SLX Server 6.1 - Arbitrary File Creation
exploitdb·2004-10-18
CVE-2004-1612 SLX Server 6.1 - Arbitrary File Creation
SLX Server 6.1 - Arbitrary File Creation
---
#!/usr/bin/perl
#
# Proof of concept exploit: Arbitrary file creation for SLX server 6.1
#
# Written by Carl Livitt, Agenda Security Services, June 2004.
#
# This exploit abuses the ProcessQueueFile command on SLX 6.1 (others?)
servers
# to create arbitrary files on the filesystem of the SLX server. By
using
# directory traversal, it is possible to escape from the Queue directory
and
# write anywhere on the SLX server's filesystem.
#
use IO::Socket;
print "slx_uploader - Uploads arbitrary files to Sage SalesLogix
servers.\n";
print "By Carl Livitt @ Agenda Security Services, June 2004\n\n";
if($#ARGV!=2) {
print "Syntax: $0 host filename_to_create file_to_upload\n\n";
print "Example:\n";
print " $0 10.0.0.100
\\\\winnt\\\\system32\\\\driver
Exploit-DB
best software SalesLogix 2000.0 - Multiple Vulnerabilities
exploitdb·2004-10-18
CVE-2004-1612 best software SalesLogix 2000.0 - Multiple Vulnerabilities
best software SalesLogix 2000.0 - Multiple Vulnerabilities
---
source: https://www.securityfocus.com/bid/11450/info
Best Software SalesLogix is affected by multiple vulnerabilities. These issues are due to design errors that reveal sensitive information, access control validation issues that allow unauthorized access and input validation issues facilitating SQL injection attacks.
An attacker may leverage these issues to manipulate and disclose database contents through SQL injection attacks, steal authentication credentials due to information disclosure vulnerabilities and bypass authentication to gain administrator access to the server.
#!/usr/bin/perl
#
# Proof of concept exploit: Arbitrary file creation for SLX server 6.1
#
# Written by Carl Livitt, Agenda Security Services, June 2
No writeups or analysis indexed.
http://archives.neohapsis.com/archives/fulldisclosure/2004-10/0661.htmlhttp://marc.info/?l=bugtraq&m=109811852218478&w=2http://secunia.com/advisories/12883http://securitytracker.com/id?1011769http://www.osvdb.org/10949http://www.securityfocus.com/bid/11450https://exchange.xforce.ibmcloud.com/vulnerabilities/17765http://archives.neohapsis.com/archives/fulldisclosure/2004-10/0661.htmlhttp://marc.info/?l=bugtraq&m=109811852218478&w=2http://secunia.com/advisories/12883http://securitytracker.com/id?1011769http://www.osvdb.org/10949http://www.securityfocus.com/bid/11450https://exchange.xforce.ibmcloud.com/vulnerabilities/17765
2004-10-18
Published