Info

Disclosure

Sep 06, 2004

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

Tutti Nova contains a flaw related to the parsing of variables that may allow an attacker to gain increased privileges. The flaws relate to register_globals being enabled. No further details have been provided.

Classification

Location: Remote/Network Access Required
Attack Type: Unknown
Impact: Unknown
Exploit: Exploit Unknown
Disclosure: OSVDB Verified
OSVDB: Concern

Solution

Upgrade to version 1.0 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Olivier Guilyardi	Tutti Nova	0.12
		0.11

References

Bugtraq ID: 11127
Secunia Advisory ID: 12467
ISS X-Force ID: 17279
CVE ID: 2004-2453 (see also: NVD)
Other Advisory URL: http://sourceforge.net/project/shownotes.php?release_id=265832
Vendor URL: http://tuttinova.sourceforge.net/

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/36218

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Olivier Guilyardi

Tutti Nova

References

Credit