ID de Prueba:	1.3.6.1.4.1.25623.1.0.11439
Categoría:	CGI abuses
Título:	Xoops path disclosure
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is running the Xoops CGI suite. There is a flaw in this version which allows an attacker to obtain the physical path of the remote web root by supplying a bogus option to one of the Xoops CGI. In addition to this, other flaws are known to exist in Xoops (SQL injection, information disclosure about the users and so on). You are advised to remove this CGI. Solution : None at this time Risk factor : Medium
Referencia Cruzada:	BugTraq ID: 3977 BugTraq ID: 3978 BugTraq ID: 3981 BugTraq ID: 5785 BugTraq ID: 6344 BugTraq ID: 6393 Common Vulnerability Exposure (CVE) ID: CVE-2002-0216 http://www.securityfocus.com/bid/3977 Bugtraq: 20020129 Xoops SQL fragment disclosure and SQL injection vulnerability (Google Search) http://online.securityfocus.com/archive/1/252827 http://www.iss.net/security_center/static/8028.php Common Vulnerability Exposure (CVE) ID: CVE-2002-0217 http://www.securityfocus.com/bid/3978 http://www.securityfocus.com/bid/3981 Bugtraq: 20020129 Xoops Private Message System Script injection (Google Search) http://online.securityfocus.com/archive/1/252828 http://www.iss.net/security_center/static/8030.php http://www.iss.net/security_center/static/8025.php
Copyright	This script is Copyright (C) 2003 Renaud Deraison

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.