Test ID:	1.3.6.1.4.1.25623.1.0.103133
Category:	Web application abuses
Title:	Feng Office Arbitrary File Upload and Cross Site Scripting Vulnerabilities
Summary:	Determine if Feng Office is prone to an arbitrary-file-upload vulnerability
Description:	Overview: Feng Office is prone to an arbitrary-file-upload vulnerability and multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied input. Attackers can exploit these issues to upload and execute arbitrary PHP shell code in the context of the webserver process, steal cookie-based authentication information, execute arbitrary client-side scripts in the context of the browser, and obtain sensitive information. Other attacks are also possible. Feng Office 1.7.4 is vulnerable other versions may also be affected. References: https://www.securityfocus.com/bid/47049 http://www.fengoffice.com/web/
Cross-Ref:	BugTraq ID: 47049
Copyright	This script is Copyright (C) 2011 Greenbone Networks GmbH

This is only one of 32582 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.

New User Registration Email: UserID: Passwd: Please email me your monthly newsletters, informing the latest services, improvements & surveys. Please email me a vulnerability test announcement whenever a new test is added.     Privacy

Registered User Login   UserID:     Passwd:     Forgot userid or passwd? Email/Userid: