Web application abuses : WikyBlog <= 1.7.3rc2 Multiple Vulnerabilities

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.100506

Categoría: Web application abuses

Título: WikyBlog <= 1.7.3rc2 Multiple Vulnerabilities

Resumen: WikyBlog is prone to multiple vulnerabilities, including an; arbitrary file upload issue, a cross-site scripting (XSS) issue, a remote file include issue and; a session-fixation issue.

Descripción: Summary:
WikyBlog is prone to multiple vulnerabilities, including an
arbitrary file upload issue, a cross-site scripting (XSS) issue, a remote file include issue and
a session-fixation issue.

Vulnerability Impact:
Attackers can exploit these issues to:

- Execute arbitrary script code in the browser of an unsuspecting user in the context of the
affected site

- Steal cookie-based authentication credentials

- Upload arbitrary PHP scripts and execute them in the context of the webserver

- Compromise the application and the underlying system

- Hijack a user's session and gain unauthorized access to the affected application

Affected Software/OS:
WikyBlog 1.7.3rc2 is vulnerable, other versions may also be
affected.

Solution:
No known solution was made available for at least one year
since the disclosure of this vulnerability. Likely none will be provided anymore. General
solution options are to upgrade to a newer release, disable respective features, remove the
product or replace the product by another one.

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2010-0754
BugTraq ID: 38386
http://www.securityfocus.com/bid/38386
Bugtraq: 20120315 WikyBlog 1.7.3RC2 XSS vulnerability (Google Search)
http://archives.neohapsis.com/archives/bugtraq/2012-03/0067.html
http://www.exploit-db.com/exploits/11560
http://packetstormsecurity.org/1002-exploits/wikyblog-rfishellxss.txt
http://www.darksecurity.de/advisories/2012/SSCHADV2012-006.txt
http://osvdb.org/62558
http://secunia.com/advisories/38699
http://www.vupen.com/english/advisories/2010/0468
XForce ISS Database: wikyblog-which-xss(56518)
https://exchange.xforce.ibmcloud.com/vulnerabilities/56518

Copyright Copyright (C) 2010 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.100506
Categoría:	Web application abuses
Título:	WikyBlog <= 1.7.3rc2 Multiple Vulnerabilities
Resumen:	WikyBlog is prone to multiple vulnerabilities, including an; arbitrary file upload issue, a cross-site scripting (XSS) issue, a remote file include issue and; a session-fixation issue.
Descripción:	Summary: WikyBlog is prone to multiple vulnerabilities, including an arbitrary file upload issue, a cross-site scripting (XSS) issue, a remote file include issue and a session-fixation issue. Vulnerability Impact: Attackers can exploit these issues to: - Execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site - Steal cookie-based authentication credentials - Upload arbitrary PHP scripts and execute them in the context of the webserver - Compromise the application and the underlying system - Hijack a user's session and gain unauthorized access to the affected application Affected Software/OS: WikyBlog 1.7.3rc2 is vulnerable, other versions may also be affected. Solution: No known solution was made available for at least one year since the disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-0754 BugTraq ID: 38386 http://www.securityfocus.com/bid/38386 Bugtraq: 20120315 WikyBlog 1.7.3RC2 XSS vulnerability (Google Search) http://archives.neohapsis.com/archives/bugtraq/2012-03/0067.html http://www.exploit-db.com/exploits/11560 http://packetstormsecurity.org/1002-exploits/wikyblog-rfishellxss.txt http://www.darksecurity.de/advisories/2012/SSCHADV2012-006.txt http://osvdb.org/62558 http://secunia.com/advisories/38699 http://www.vupen.com/english/advisories/2010/0468 XForce ISS Database: wikyblog-which-xss(56518) https://exchange.xforce.ibmcloud.com/vulnerabilities/56518
Copyright	Copyright (C) 2010 Greenbone AG