 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.106163 |
| Categoría: | Web application abuses |
| Título: | Ipswitch WhatsUp < 16.4 Multiple Vulnerabilities |
| Resumen: | Ipswitch WhatsUp Gold is prone to multiple vulnerabilities. |
| Descripción: | Summary: Ipswitch WhatsUp Gold is prone to multiple vulnerabilities. Vulnerability Insight: The following vulnerabilities exist: - CVE-2015-6004: Multiple SQL injection vulnerabilities allow remote attackers to execute arbitrary SQL commands via the UniqueID (aka sUniqueID) parameter to WrFreeFormText.asp in the Reports component or the Find Device parameter. - CVE-2015-6005: Multiple cross-site scripting (XSS) vulnerabilities in allow remote attackers to inject arbitrary web script or HTML via an SNMP OID object, an SNMP trap message, the View Names field, the Group Names field, the Flow Monitor Credentials field, the Flow Monitor Threshold Name field, the Task Library Name field, the Task Library Description field, the Policy Library Name field, the Policy Library Description field, the Template Library Name field, the Template Library Description field, the System Script Library Name field, the System Script Library Description field, or the CLI Settings Library Description field.) Vulnerability Impact: An authenticated attacker may execute arbitrary SQL commands or inject arbitrary web script or HTML. Affected Software/OS: IPSwitch WhatsUp Gold prior to version 16.4. Solution: Update to version 16.4 or later. CVSS Score: 6.5 CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2015-6004 BugTraq ID: 79506 http://www.securityfocus.com/bid/79506 CERT/CC vulnerability note: VU#176160 https://www.kb.cert.org/vuls/id/176160 https://community.rapid7.com/community/infosec/blog/2015/12/16/multiple-disclosures-for-multiple-network-management-systems http://www.securitytracker.com/id/1034833 Common Vulnerability Exposure (CVE) ID: CVE-2015-6005 |
| Copyright | Copyright (C) 2016 Greenbone AG |
| Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |