header-logo
Suggest Exploit
vendor:
TEXIS
by:
SecurityFocus
7.5
CVSS
HIGH
Information Disclosure
200
CWE
Product Name: TEXIS
Affected Version From: Prior to Texis 4.02.1047934696 20030317
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2003

Thunderstone TEXIS Information Disclosure Vulnerability

Under certain circumstances, an attacker may pass command-line switches as URI parameters to the TEXIS executable. This action may cause the vulnerable server to return sensitive information in the form of a webpage to the attacker's browser. Information obtained may be used in further attacks against the system.

Mitigation:

Upgrade to Texis 4.02.1047934696 20030317 or later.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/7105/info

Thunderstone TEXIS is prone to an information-disclosure vulnerability. 

Under certain circumstances, an attacker may pass command-line switches as URI parameters to the TEXIS executable. This action may cause the vulnerable server to return sensitive information in the form of a webpage to the attacker's browser. 

Information obtained may be used in further attacks against the system.

Versions prior to Texis 4.02.1047934696 20030317 are vulnerable.

http://www.example.com/texis.exe/?-version 
http://www.example.com/texis.exe/?-dump

Navigation

Suggest Exploit

Services By CQR