The PTK sleuthkit interface contains multiple vulnerabilities. If exploited, these vulnerabilities may allow an attacker to gain elevated privileges or conduct XSS attacks.
PTK is an interface to the sleuthkit forensic tools that uses Apache, PHP and MySQL. PTK versions 1.0.0 to 1.0.4 contain multiple vulnerabilities. These vulnerabilities may be triggered remotely or during the inspection of local HTML files that are rendered in web browsers.
Users and administrators are encouraged to update to the most recent version of PTK.
|Temporal||0||E:Not Defined (ND)/RL:Not Defined (ND)/RC:Not Defined (ND)|
|Environmental||0||CDP:Not Defined (ND)/TD:Not Defined (ND)/CR:Not Defined (ND)/IR:Not Defined (ND)/AR:Not Defined (ND)|
Thanks to Gabriele Zanoni (Secure Network Srl, email@example.com) for reporting this issue, and thanks to DFLabs for providing technical information.
This document was written by Ryan Giobbi.
|Date First Published:||2009-03-13|
|Date Last Updated:||2009-03-13 14:47 UTC|