 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.100927 |
| Category: | Web application abuses |
| Title: | Pandora FMS <= 3.1 Multiple Input Validation Vulnerabilities - Active Check |
| Summary: | Pandora FMS is prone to an authentication bypass vulnerability; as well as the following input-validation vulnerabilities:;; - A commandinjection vulnerability;; - Multiple SQL injection (SQLi) vulnerabilities;; - A remote file include (RFI) vulnerability;; - An arbitrary PHP code execution vulnerability;; - Multiple local file include (LFI) vulnerabilities |
| Description: | Summary: Pandora FMS is prone to an authentication bypass vulnerability as well as the following input-validation vulnerabilities: - A commandinjection vulnerability - Multiple SQL injection (SQLi) vulnerabilities - A remote file include (RFI) vulnerability - An arbitrary PHP code execution vulnerability - Multiple local file include (LFI) vulnerabilities Vulnerability Impact: Attackers may exploit these issues to execute local and remote script code in the context of the affected application, compromise the application, obtain sensitive information, access or modify data, exploit latent vulnerabilities in the underlying database, and gain administrative access to the affected application. Affected Software/OS: Pandora FMS version 3.1 and prior. Solution: See the referenced advisories for a solution. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2010-4278 BugTraq ID: 45112 http://www.securityfocus.com/bid/45112 Bugtraq: 20101130 Pandora FMS Authentication Bypass and Multiple Input Validation Vulnerabilities (Google Search) http://www.securityfocus.com/archive/1/514939/100/0/threaded http://www.exploit-db.com/exploits/15640 http://seclists.org/fulldisclosure/2010/Nov/326 http://osvdb.org/69550 http://secunia.com/advisories/42347 Common Vulnerability Exposure (CVE) ID: CVE-2010-4279 http://www.exploit-db.com/exploits/15639 https://www.exploit-db.com/exploits/35731/ http://packetstormsecurity.com/files/129830/Pandora-3.1-Auth-Bypass-Arbitrary-File-Upload.html http://sourceforge.net/projects/pandora/files/Pandora%20FMS%203.1/Final%20version%20%28Stable%29/pandorafms_console-3.1_security_patch_13Oct2010.tar.gz/download http://osvdb.org/69549 Common Vulnerability Exposure (CVE) ID: CVE-2010-4280 http://www.exploit-db.com/exploits/15641 http://www.exploit-db.com/exploits/15642 http://osvdb.org/69547 http://osvdb.org/69548 Common Vulnerability Exposure (CVE) ID: CVE-2010-4281 http://www.exploit-db.com/exploits/15643 http://osvdb.org/69546 Common Vulnerability Exposure (CVE) ID: CVE-2010-4282 http://osvdb.org/69543 http://osvdb.org/69544 http://osvdb.org/69545 Common Vulnerability Exposure (CVE) ID: CVE-2010-4283 http://osvdb.org/69542 |
| Copyright | Copyright (C) 2010 Greenbone Networks GmbH |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |