MidnightBSD

Advisories for logicnow

CVE-2004-1677 MEDIUM

pdesk.cgi in PerlDesk allows remote attackers to gain sensitive information via an invalid lang parameter, which includes pathname information in an error message.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
logicnow perldesk *
CVE-2004-1678 MEDIUM

Directory traversal vulnerability in pdesk.cgi in PerlDesk allows remote attackers to read portions of arbitrary files and possibly execute arbitrary Perl modules via ".." sequences terminated by a %00 (null) character in the lang parameter, which can leak portions of the requested files if a compilation error message occurs.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
logicnow perldesk *
CVE-2005-0343 HIGH

SQL injection vulnerability in PerlDesk 1.x allows remote attackers to inject arbitrary SQL commands via the view parameter.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
logicnow perldesk 1.0