ID de Prueba:	1.3.6.1.4.1.25623.1.0.800552
Categoría:	Denial of Service
Título:	Versalsoft HTTP Image Uploader ActiveX Vulnerability
Resumen:	Versalsoft HTTP Image Uploader is prone to ActiveX vulnerability.
Descripción:	Summary: Versalsoft HTTP Image Uploader is prone to ActiveX vulnerability. Vulnerability Insight: Application has an insecure method 'RemoveFileOrDir()' declared in 'UUploaderSvrD.dll' which allows the attacker to access, delete and corrupt system related files and folder contents. Vulnerability Impact: Attacker may exploit this issue by deleting any arbitrary files on the remote system by tricking the user to visit a crafted malicious webpage. Affected Software/OS: Versalsoft HTTP Image Uploader 'UUploaderSvrD.dll' version 6.0.0.35 and prior. Solution: No known solution was made available for at least one year since the disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one. CVSS Score: 8.8 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2008-6638 BugTraq ID: 28301 http://www.securityfocus.com/bid/28301 https://www.exploit-db.com/exploits/5272 https://www.exploit-db.com/exploits/5569 XForce ISS Database: httpfileupload-activex-file-delete(41258) https://exchange.xforce.ibmcloud.com/vulnerabilities/41258
Copyright	Copyright (C) 2009 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.