 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.60453 |
| Categoría: | FreeBSD Local Security Checks |
| Título: | FreeBSD Ports: coppermine |
| Resumen: | The remote host is missing an update to the system; as announced in the referenced advisory. |
| Descripción: | Summary: The remote host is missing an update to the system as announced in the referenced advisory. Vulnerability Insight: The following package is affected: coppermine CVE-2008-0504 Multiple SQL injection vulnerabilities in Coppermine Photo Gallery (CPG) before 1.4.15 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) util.php and (2) reviewcom.php. NOTE: some of these details are obtained from third party information. CVE-2008-0505 Multiple cross-site scripting (XSS) vulnerabilities in docs/showdoc.php in Coppermine Photo Gallery (CPG) before 1.4.15 allow remote attackers to inject arbitrary web script or HTML via the (1) h and (2) t parameters. NOTE: some of these details are obtained from third party information. CVE-2008-0506 include/imageObjectIM.class.php in Coppermine Photo Gallery (CPG) before 1.4.15, when the ImageMagick picture processing method is configured, allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) quality, (2) angle, or (3) clipval parameter to picEditor.php. Solution: Update your system with the appropriate patches or software upgrades. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2008-0504 BugTraq ID: 27509 http://www.securityfocus.com/bid/27509 Bugtraq: 20080131 [waraxe-2008-SA#066] - Multiple Vulnerabilities in Coppermine 1.4.14 (Google Search) http://www.securityfocus.com/archive/1/487351/100/200/threaded http://www.waraxe.us/advisory-66.html http://www.securitytracker.com/id?1019285 http://secunia.com/advisories/28682 http://www.vupen.com/english/advisories/2008/0367 Common Vulnerability Exposure (CVE) ID: CVE-2008-0505 BugTraq ID: 27511 http://www.securityfocus.com/bid/27511 Common Vulnerability Exposure (CVE) ID: CVE-2008-0506 BugTraq ID: 27512 http://www.securityfocus.com/bid/27512 Bugtraq: 20080130 [waraxe-2008-SA#065] - Remote Shell Command Execution in Coppermine 1.4.14 (Google Search) http://www.securityfocus.com/archive/1/487310/100/200/threaded https://www.exploit-db.com/exploits/5019 http://www.waraxe.us/advisory-65.html http://www.securitytracker.com/id?1019286 |
| Copyright | Copyright (C) 2008 E-Soft Inc. |
| Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |