----------------------------------------------------------------------

Are you missing:

SECUNIA ADVISORY ID:

Critical:

Impact:

Where:

within the advisory below?

This is now part of the Secunia commercial solutions.

Click here to learn more about our commercial solutions:
http://secunia.com/advisories/business_solutions/
        
Click here to trial our solutions:
http://secunia.com/advisories/try_vi/

----------------------------------------------------------------------

TITLE:
 MRCGIGUY Multiple Products Authentication Bypass Vulnerability

SECUNIA ADVISORY ID:
SA35083

VERIFY ADVISORY:
http://secunia.com/advisories/35083/

DESCRIPTION:
A vulnerability has been reported in various MRCGIGUY products, which
can be exploited by malicious people to bypass certain security
restrictions.

The application allows access to the admin interface by checking if a
certain cookie exists. This can be exploited to gain administrative
access to the application by creating certain cookies.

The vulnerability is reported in the following products and versions
(other versions may also be affected):
* Ultimate Profit Portal 1.0.0
* The Ticket System CGI 1.0
* Message Box 1.0.0
* Amazon Directory 2.0.0
* Hot Links SQL CGI 3.2.0
* MCG ClickBank Directory 1.0.1

SOLUTION:
Use other methods to restrict access to the admin interface (e.g. via
".htaccess").

PROVIDED AND/OR DISCOVERED BY:
TiGeR-Dz

ORIGINAL ADVISORY:
http://milw0rm.com/exploits/8682
http://milw0rm.com/exploits/8684
http://milw0rm.com/exploits/8685
http://milw0rm.com/exploits/8686
http://milw0rm.com/exploits/8687
http://milw0rm.com/exploits/8688

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

----------------------------------------------------------------------