Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | |||
Test Kennung: | 1.3.6.1.4.1.25623.1.0.804110 |
Kategorie: | Web application abuses |
Titel: | Gnew Multiple Vulnerabilities |
Zusammenfassung: | This host is running Gnew and is prone to multiple vulnerabilities |
Beschreibung: | Summary: This host is running Gnew and is prone to multiple vulnerabilities Vulnerability Insight: Multiple flaws in Gnew exists due to: - Insufficient filtration of 'friend_email' HTTP POST parameter passed to /news/send.php and users/password.php scripts, 'user_email' HTTP POST parameter passed to /users/register.php script, 'news_id' HTTP POST parameter passed to news/send.php script, 'thread_id' HTTP POST parameter passed to posts/edit.php script, 'story_id' HTTP POST parameter passed to comments/index.php script, 'answer_id' and 'question_id' HTTP POST parameters passed to polls/vote.php script, 'category_id' HTTP POST parameter passed to news/submit.php script, 'post_subject' and 'thread_id' HTTP POST parameters passed to posts/edit.php script. - Insufficient validation of user-supplied input passed via the 'gnew_language' cookie to /users/login.php script. Vulnerability Impact: Successful exploitation will allow remote attackers to execute arbitrary HTML script code in a user's browser session in the context of an affected site, and inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data. Affected Software/OS: Gnew version 2013.1, Other versions may also be affected. Solution: No known solution was made available for at least one year since the disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
Querverweis: |
BugTraq ID: 62817 BugTraq ID: 62818 Common Vulnerability Exposure (CVE) ID: CVE-2013-5639 http://www.exploit-db.com/exploits/28684 http://packetstormsecurity.com/files/123482 https://www.htbridge.com/advisory/HTB23171 Common Vulnerability Exposure (CVE) ID: CVE-2013-5640 http://www.securityfocus.com/bid/62817 Common Vulnerability Exposure (CVE) ID: CVE-2013-7349 http://packetstormsecurity.com/files/122771 http://www.zeroscience.mk/en/vulnerabilities/ZSL-2013-5153.php https://www.netsparker.com/critical-xss-sql-injection-vulnerabilities-gnew/ Common Vulnerability Exposure (CVE) ID: CVE-2013-7368 BugTraq ID: 61721 http://www.securityfocus.com/bid/61721 |
Copyright | Copyright (C) 2013 Greenbone Networks GmbH |
Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |