FreeBSD Local Security Checks : FreeBSD Ports: phpSysInfo

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.54200

Categoría: FreeBSD Local Security Checks

Título: FreeBSD Ports: phpSysInfo

Resumen: The remote host is missing an update to the system; as announced in the referenced advisory.

Descripción: Summary:
The remote host is missing an update to the system
as announced in the referenced advisory.

Vulnerability Insight:
The following package is affected: phpSysInfo

CVE-2005-0869
phpSysInfo 2.3 allows remote attackers to obtain sensitive information
via a direct request to (1) class.OpenBSD.inc.php, (2)
class.NetBSD.inc.php, (3) class.FreeBSD.inc.php, (4)
class.Darwin.inc.php, (5) XPath.class.php, (6) system_header.php, or
(7) system_footer.php, which reveal the path in a PHP error message.

CVE-2005-0870
Multiple cross-site scripting (XSS) vulnerabilities in phpSysInfo 2.3,
when register_globals is enabled, allow remote attackers to inject
arbitrary web script or HTML via the (1) sensor_program parameter to
index.php, (2) text[language], (3) text[template], or (4)
hide_picklist parameter to system_footer.php.

Solution:
Update your system with the appropriate patches or
software upgrades.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2005-0869
Bugtraq: 20050323 [SECURITYREASON.COM] phpSysInfo 2.3 Multiple vulnerabilities (Google Search)
http://marc.info/?l=bugtraq&m=111161017209422&w=2
http://secunia.com/advisories/14690/
XForce ISS Database: phpsysinfo-path-disclosure(19808)
https://exchange.xforce.ibmcloud.com/vulnerabilities/19808
Common Vulnerability Exposure (CVE) ID: CVE-2005-0870
BugTraq ID: 12887
http://www.securityfocus.com/bid/12887
BugTraq ID: 15414
http://www.securityfocus.com/bid/15414
Bugtraq: 20051115 Advisory 22/2005: Multiple vulnerabilities in phpSysInfo (Google Search)
http://www.securityfocus.com/archive/1/416543
Debian Security Information: DSA-724 (Google Search)
http://www.debian.org/security/2005/dsa-724
Debian Security Information: DSA-897 (Google Search)
http://www.debian.org/security/2005/dsa-897
Debian Security Information: DSA-898 (Google Search)
http://www.debian.org/security/2005/dsa-898
Debian Security Information: DSA-899 (Google Search)
http://www.debian.org/security/2005/dsa-899
http://www.mandriva.com/security/advisories?name=MDKSA-2005:212
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=301118
http://secunia.com/advisories/17616
http://secunia.com/advisories/17643
XForce ISS Database: phpsysinfo-sensor-program-xss(19807)
https://exchange.xforce.ibmcloud.com/vulnerabilities/19807

Copyright Copyright (C) 2008 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.54200
Categoría:	FreeBSD Local Security Checks
Título:	FreeBSD Ports: phpSysInfo
Resumen:	The remote host is missing an update to the system; as announced in the referenced advisory.
Descripción:	Summary: The remote host is missing an update to the system as announced in the referenced advisory. Vulnerability Insight: The following package is affected: phpSysInfo CVE-2005-0869 phpSysInfo 2.3 allows remote attackers to obtain sensitive information via a direct request to (1) class.OpenBSD.inc.php, (2) class.NetBSD.inc.php, (3) class.FreeBSD.inc.php, (4) class.Darwin.inc.php, (5) XPath.class.php, (6) system_header.php, or (7) system_footer.php, which reveal the path in a PHP error message. CVE-2005-0870 Multiple cross-site scripting (XSS) vulnerabilities in phpSysInfo 2.3, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) sensor_program parameter to index.php, (2) text[language], (3) text[template], or (4) hide_picklist parameter to system_footer.php. Solution: Update your system with the appropriate patches or software upgrades. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2005-0869 Bugtraq: 20050323 [SECURITYREASON.COM] phpSysInfo 2.3 Multiple vulnerabilities (Google Search) http://marc.info/?l=bugtraq&m=111161017209422&w=2 http://secunia.com/advisories/14690/ XForce ISS Database: phpsysinfo-path-disclosure(19808) https://exchange.xforce.ibmcloud.com/vulnerabilities/19808 Common Vulnerability Exposure (CVE) ID: CVE-2005-0870 BugTraq ID: 12887 http://www.securityfocus.com/bid/12887 BugTraq ID: 15414 http://www.securityfocus.com/bid/15414 Bugtraq: 20051115 Advisory 22/2005: Multiple vulnerabilities in phpSysInfo (Google Search) http://www.securityfocus.com/archive/1/416543 Debian Security Information: DSA-724 (Google Search) http://www.debian.org/security/2005/dsa-724 Debian Security Information: DSA-897 (Google Search) http://www.debian.org/security/2005/dsa-897 Debian Security Information: DSA-898 (Google Search) http://www.debian.org/security/2005/dsa-898 Debian Security Information: DSA-899 (Google Search) http://www.debian.org/security/2005/dsa-899 http://www.mandriva.com/security/advisories?name=MDKSA-2005:212 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=301118 http://secunia.com/advisories/17616 http://secunia.com/advisories/17643 XForce ISS Database: phpsysinfo-sensor-program-xss(19807) https://exchange.xforce.ibmcloud.com/vulnerabilities/19807
Copyright	Copyright (C) 2008 E-Soft Inc.