Test ID:	1.3.6.1.4.1.25623.1.0.802060
Category:	Web application abuses
Title:	SearchBlox Multiple Vulnerabilities (Sep 2013) - Active Check
Summary:	SearchBlox is prone to multiple vulnerabilities.
Description:	Summary: SearchBlox is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws are due to: - Input passed via 'name' parameter to 'servlet/CreateTemplateServlet' not properly sanitised before being used to create files. - Error when accessing 'servlet/CollectionListServlet' servlet when 'action' is set to 'getList' can be exploited to disclose usernames and passwords from the database. - 'admin/uploadImage.html' script allows to upload an executable file with the image/jpeg content type and it can be exploited to execute arbitrary JSP code by uploading a malicious JSP script. Vulnerability Impact: Successful exploitation may allow an attacker to execute arbitrary JSP code or obtain potentially sensitive information or can overwrite arbitrary files via directory traversal sequences. Affected Software/OS: SearchBlox prior to version 7.5 build 1. Solution: Update to version 7.5 build 1 or later. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2013-3598 CERT/CC vulnerability note: VU#592942 http://www.kb.cert.org/vuls/id/592942 http://buddhalabs.com/Advisories/WebAdvisories.html http://osvdb.org/96619 Common Vulnerability Exposure (CVE) ID: CVE-2013-3597 Common Vulnerability Exposure (CVE) ID: CVE-2013-3590
Copyright	Copyright (C) 2013 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.