FreeBSD Local Security Checks : FreeBSD Ports: postnuke

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.52164

Categoría: FreeBSD Local Security Checks

Título: FreeBSD Ports: postnuke

Resumen: The remote host is missing an update to the system; as announced in the referenced advisory.

Descripción: Summary:
The remote host is missing an update to the system
as announced in the referenced advisory.

Vulnerability Insight:
The following package is affected: postnuke

CVE-2005-0617
SQL injection vulnerability in dl-search.php in PostNuke 0.750 and
0.760-RC2 allows remote attackers to execute arbitrary SQL commands
via the show parameter.

CVE-2005-0615
Multiple SQL injection vulnerabilities in (1) index.php, (2)
modules.php, or (3) admin.php in PostNuke 0.760-RC2 allow remote
attackers to execute arbitrary SQL code via the catid parameter.

Solution:
Update your system with the appropriate patches or
software upgrades.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2005-0617
Bugtraq: 20050228 [SECURITYREASON.COM] PostNuke SQL Injection 0.760-RC2=>x cXIb8O3.3 (Google Search)
http://marc.info/?l=bugtraq&m=110962710805864&w=2
http://securitytracker.com/id?1013324
Common Vulnerability Exposure (CVE) ID: CVE-2005-0615
Bugtraq: 20050228 [SECURITYREASON.COM] PostNuke Critical SQL Injection 0.760-RC2=>x (Google Search)
http://marc.info/?l=bugtraq&m=110962819232255&w=2

Copyright Copyright (C) 2008 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.52164
Categoría:	FreeBSD Local Security Checks
Título:	FreeBSD Ports: postnuke
Resumen:	The remote host is missing an update to the system; as announced in the referenced advisory.
Descripción:	Summary: The remote host is missing an update to the system as announced in the referenced advisory. Vulnerability Insight: The following package is affected: postnuke CVE-2005-0617 SQL injection vulnerability in dl-search.php in PostNuke 0.750 and 0.760-RC2 allows remote attackers to execute arbitrary SQL commands via the show parameter. CVE-2005-0615 Multiple SQL injection vulnerabilities in (1) index.php, (2) modules.php, or (3) admin.php in PostNuke 0.760-RC2 allow remote attackers to execute arbitrary SQL code via the catid parameter. Solution: Update your system with the appropriate patches or software upgrades. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2005-0617 Bugtraq: 20050228 [SECURITYREASON.COM] PostNuke SQL Injection 0.760-RC2=>x cXIb8O3.3 (Google Search) http://marc.info/?l=bugtraq&m=110962710805864&w=2 http://securitytracker.com/id?1013324 Common Vulnerability Exposure (CVE) ID: CVE-2005-0615 Bugtraq: 20050228 [SECURITYREASON.COM] PostNuke Critical SQL Injection 0.760-RC2=>x (Google Search) http://marc.info/?l=bugtraq&m=110962819232255&w=2
Copyright	Copyright (C) 2008 E-Soft Inc.