Test Kennung:	1.3.6.1.4.1.25623.1.0.800552
Kategorie:	Denial of Service
Titel:	Versalsoft HTTP Image Uploader ActiveX Vulnerability
Zusammenfassung:	Versalsoft HTTP Image Uploader is prone to ActiveX vulnerability.
Beschreibung:	Summary: Versalsoft HTTP Image Uploader is prone to ActiveX vulnerability. Vulnerability Insight: Application has an insecure method 'RemoveFileOrDir()' declared in 'UUploaderSvrD.dll' which allows the attacker to access, delete and corrupt system related files and folder contents. Vulnerability Impact: Attacker may exploit this issue by deleting any arbitrary files on the remote system by tricking the user to visit a crafted malicious webpage. Affected Software/OS: Versalsoft HTTP Image Uploader 'UUploaderSvrD.dll' version 6.0.0.35 and prior. Solution: No known solution was made available for at least one year since the disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one. CVSS Score: 8.8 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2008-6638 BugTraq ID: 28301 http://www.securityfocus.com/bid/28301 https://www.exploit-db.com/exploits/5272 https://www.exploit-db.com/exploits/5569 XForce ISS Database: httpfileupload-activex-file-delete(41258) https://exchange.xforce.ibmcloud.com/vulnerabilities/41258
Copyright	Copyright (C) 2009 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.