FreeBSD Local Security Checks : FreeBSD Ports: phpbb

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.52540

Categoría: FreeBSD Local Security Checks

Título: FreeBSD Ports: phpbb

Resumen: The remote host is missing an update to the system; as announced in the referenced advisory.

Descripción: Summary:
The remote host is missing an update to the system
as announced in the referenced advisory.

Vulnerability Insight:
The following package is affected: phpbb

CVE-2004-1315
viewtopic.php in phpBB 2.x before 2.0.11 improperly URL decodes the
highlight parameter when extracting words and phrases to highlight,
which allows remote attackers to execute arbitrary PHP code by
double-encoding the highlight value so that special characters are
inserted into the result, which is then processed by PHP exec, as
exploited by the Santy.A worm.

Solution:
Update your system with the appropriate patches or
software upgrades.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2004-1315
BugTraq ID: 10701
http://www.securityfocus.com/bid/10701
Bugtraq: 20041112 phpBB Code EXEC (v2.0.10) (Google Search)
http://marc.info/?l=bugtraq&m=110029415208724&w=2
Bugtraq: 20041118 EXEC exploit in phpBB - fix (Google Search)
http://marc.info/?t=110079440800004&r=1&w=2
Bugtraq: 20041220 phpBB Worm (Google Search)
http://marc.info/?l=bugtraq&m=110365752909029&w=2
Bugtraq: 20041222 Re: phpBB Worm (Google Search)
http://www.securityfocus.com/archive/1/385208
Cert/CC Advisory: TA04-356A
http://www.us-cert.gov/cas/techalerts/TA04-356A.html
CERT/CC vulnerability note: VU#497400
http://www.kb.cert.org/vuls/id/497400
https://security.gentoo.org/glsa/200411-32
http://secunia.com/advisories/13239/
XForce ISS Database: phpbb-view-sql-injection(18052)
https://exchange.xforce.ibmcloud.com/vulnerabilities/18052

Copyright Copyright (C) 2008 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.52540
Categoría:	FreeBSD Local Security Checks
Título:	FreeBSD Ports: phpbb
Resumen:	The remote host is missing an update to the system; as announced in the referenced advisory.
Descripción:	Summary: The remote host is missing an update to the system as announced in the referenced advisory. Vulnerability Insight: The following package is affected: phpbb CVE-2004-1315 viewtopic.php in phpBB 2.x before 2.0.11 improperly URL decodes the highlight parameter when extracting words and phrases to highlight, which allows remote attackers to execute arbitrary PHP code by double-encoding the highlight value so that special characters are inserted into the result, which is then processed by PHP exec, as exploited by the Santy.A worm. Solution: Update your system with the appropriate patches or software upgrades. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2004-1315 BugTraq ID: 10701 http://www.securityfocus.com/bid/10701 Bugtraq: 20041112 phpBB Code EXEC (v2.0.10) (Google Search) http://marc.info/?l=bugtraq&m=110029415208724&w=2 Bugtraq: 20041118 EXEC exploit in phpBB - fix (Google Search) http://marc.info/?t=110079440800004&r=1&w=2 Bugtraq: 20041220 phpBB Worm (Google Search) http://marc.info/?l=bugtraq&m=110365752909029&w=2 Bugtraq: 20041222 Re: phpBB Worm (Google Search) http://www.securityfocus.com/archive/1/385208 Cert/CC Advisory: TA04-356A http://www.us-cert.gov/cas/techalerts/TA04-356A.html CERT/CC vulnerability note: VU#497400 http://www.kb.cert.org/vuls/id/497400 https://security.gentoo.org/glsa/200411-32 http://secunia.com/advisories/13239/ XForce ISS Database: phpbb-view-sql-injection(18052) https://exchange.xforce.ibmcloud.com/vulnerabilities/18052
Copyright	Copyright (C) 2008 E-Soft Inc.