 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.100927 |
| Categoría: | Web application abuses |
| Título: | Pandora FMS <= 3.1 Multiple Input Validation Vulnerabilities - Active Check |
| Resumen: | Pandora FMS is prone to an authentication bypass vulnerability; as well as the following input-validation vulnerabilities:;; - A commandinjection vulnerability;; - Multiple SQL injection (SQLi) vulnerabilities;; - A remote file include (RFI) vulnerability;; - An arbitrary PHP code execution vulnerability;; - Multiple local file include (LFI) vulnerabilities |
| Descripción: | Summary: Pandora FMS is prone to an authentication bypass vulnerability as well as the following input-validation vulnerabilities: - A commandinjection vulnerability - Multiple SQL injection (SQLi) vulnerabilities - A remote file include (RFI) vulnerability - An arbitrary PHP code execution vulnerability - Multiple local file include (LFI) vulnerabilities Vulnerability Impact: Attackers may exploit these issues to execute local and remote script code in the context of the affected application, compromise the application, obtain sensitive information, access or modify data, exploit latent vulnerabilities in the underlying database, and gain administrative access to the affected application. Affected Software/OS: Pandora FMS version 3.1 and prior. Solution: See the referenced advisories for a solution. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2010-4278 BugTraq ID: 45112 http://www.securityfocus.com/bid/45112 Bugtraq: 20101130 Pandora FMS Authentication Bypass and Multiple Input Validation Vulnerabilities (Google Search) http://www.securityfocus.com/archive/1/514939/100/0/threaded http://www.exploit-db.com/exploits/15640 http://seclists.org/fulldisclosure/2010/Nov/326 http://osvdb.org/69550 http://secunia.com/advisories/42347 Common Vulnerability Exposure (CVE) ID: CVE-2010-4279 http://www.exploit-db.com/exploits/15639 https://www.exploit-db.com/exploits/35731/ http://packetstormsecurity.com/files/129830/Pandora-3.1-Auth-Bypass-Arbitrary-File-Upload.html http://sourceforge.net/projects/pandora/files/Pandora%20FMS%203.1/Final%20version%20%28Stable%29/pandorafms_console-3.1_security_patch_13Oct2010.tar.gz/download http://osvdb.org/69549 Common Vulnerability Exposure (CVE) ID: CVE-2010-4280 http://www.exploit-db.com/exploits/15641 http://www.exploit-db.com/exploits/15642 http://osvdb.org/69547 http://osvdb.org/69548 Common Vulnerability Exposure (CVE) ID: CVE-2010-4281 http://www.exploit-db.com/exploits/15643 http://osvdb.org/69546 Common Vulnerability Exposure (CVE) ID: CVE-2010-4282 http://osvdb.org/69543 http://osvdb.org/69544 http://osvdb.org/69545 Common Vulnerability Exposure (CVE) ID: CVE-2010-4283 http://osvdb.org/69542 |
| Copyright | Copyright (C) 2010 Greenbone Networks GmbH |
| Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |