CGI abuses : BLnews code injection

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.11647

Kategorie: CGI abuses

Titel: BLnews code injection

Zusammenfassung: NOSUMMARY

Beschreibung: Description:

It is possible to make the remote host include php files hosted
on a third party server using the BLnews CGI suite which is installed.

An attacker may use this flaw to inject arbitrary code in the remote
host and gain a shell with the privileges of the web server.

Solution : Upgrade to the latest version
Risk factor : High

Querverweis: BugTraq ID: 7677
Common Vulnerability Exposure (CVE) ID: CVE-2003-0394
http://www.securityfocus.com/bid/7677
Bugtraq: 20030524 PHP source code injection in BLNews (Google Search)
http://marc.info/?l=bugtraq&m=105379530927567&w=2

Copyright This script is Copyright (C) 2003 Tenable Network Security

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.11647
Kategorie:	CGI abuses
Titel:	BLnews code injection
Zusammenfassung:	NOSUMMARY
Beschreibung:	Description: It is possible to make the remote host include php files hosted on a third party server using the BLnews CGI suite which is installed. An attacker may use this flaw to inject arbitrary code in the remote host and gain a shell with the privileges of the web server. Solution : Upgrade to the latest version Risk factor : High
Querverweis:	BugTraq ID: 7677 Common Vulnerability Exposure (CVE) ID: CVE-2003-0394 http://www.securityfocus.com/bid/7677 Bugtraq: 20030524 PHP source code injection in BLNews (Google Search) http://marc.info/?l=bugtraq&m=105379530927567&w=2
Copyright	This script is Copyright (C) 2003 Tenable Network Security