Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | |||
Test Kennung: | 1.3.6.1.4.1.25623.1.0.902498 |
Kategorie: | Web application abuses |
Titel: | V-CMS Multiple Vulnerabilities |
Zusammenfassung: | This host is running V-CMS and is prone to multiple vulnerabilities. |
Beschreibung: | Summary: This host is running V-CMS and is prone to multiple vulnerabilities. Vulnerability Insight: The flaws are due to improper validation of user-supplied input via the 'p' parameter to redirect.php and 'user' parameter to process.php and 'includes/inline_image_upload.php' script, which fails to restrict non-logged in users to upload any files. Vulnerability Impact: Successful exploitation will allow attacker to execute arbitrary HTML and script code in a user's browser session in the context of a vulnerable site and to cause SQL Injection attack to gain sensitive information. Affected Software/OS: V-CMS version 1.0 and prior. Solution: Update V-CMS to version 1.1 or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
Querverweis: |
BugTraq ID: 50706 Common Vulnerability Exposure (CVE) ID: CVE-2011-4826 http://www.securityfocus.com/bid/50706 http://www.autosectools.com/Advisory/V-CMS-1.0-SQL-Injection-235 http://secunia.com/advisories/46861 Common Vulnerability Exposure (CVE) ID: CVE-2011-4827 http://www.autosectools.com/Advisory/V-CMS-1.0-Reflected-Cross-site-Scripting-234 Common Vulnerability Exposure (CVE) ID: CVE-2011-4828 http://www.autosectools.com/Advisory/V-CMS-1.0-Arbitrary-Upload-236 |
Copyright | Copyright (C) 2011 Greenbone Networks GmbH |
Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |