Web application abuses : DCP-Portal <= 5.3.2 Multiple Vulnerabilities

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.11446

Categoría: Web application abuses

Título: DCP-Portal <= 5.3.2 Multiple Vulnerabilities - Active Check

Resumen: DCP-Portal is prone to multiple vulnerabilities.

Descripción: Summary:
DCP-Portal is prone to multiple vulnerabilities.

Vulnerability Insight:
The following flaws exist:

- Cross-site scripting (XSS) flaws in calendar.php script, which may let an attacker to execute
arbitrary code in the browser of a legitimate user.

In addition to this, the product may also be vulnerable to:

- HTML injection flaws, which may let an attacker to inject hostile HTML and script code that
could permit cookie-based credentials to be stolen and other attacks.

- HTTP response splitting flaw, which may let an attacker to influence or misrepresent how web
content is served, cached or interpreted.

Affected Software/OS:
DCP-Portal version 5.3.2 and prior is known to be affected.
Newer versions might be affected as well.

Solution:
Update to a newer version when available.

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2003-1536
BugTraq ID: 7141
http://www.securityfocus.com/bid/7141
BugTraq ID: 7144
http://www.securityfocus.com/bid/7144
Bugtraq: 20030318 Some XSS vulns (Google Search)
http://archives.neohapsis.com/archives/bugtraq/2003-03/0275.html
http://www.osvdb.org/7021
http://www.osvdb.org/7022
http://secunia.com/advisories/8358
XForce ISS Database: dcpportal-search-calendar-xss(11602)
https://exchange.xforce.ibmcloud.com/vulnerabilities/11602
Common Vulnerability Exposure (CVE) ID: CVE-2004-2511
BugTraq ID: 11338
http://www.securityfocus.com/bid/11338
BugTraq ID: 11339
http://www.securityfocus.com/bid/11339
Bugtraq: 20041006 [Maxpatrol Security Advisory] Multiple vulnerabilities in DCP-Portal (Google Search)
http://archives.neohapsis.com/archives/bugtraq/2004-10/0042.html
http://www.osvdb.org/10585
http://www.osvdb.org/10587
http://www.osvdb.org/10588
http://www.osvdb.org/10589
http://www.osvdb.org/10590
http://www.osvdb.org/11405
http://securitytracker.com/id?1006351
http://secunia.com/advisories/12751
XForce ISS Database: dcpportal-get-xss(17638)
https://exchange.xforce.ibmcloud.com/vulnerabilities/17638
XForce ISS Database: dcpportal-post-xss(17639)
https://exchange.xforce.ibmcloud.com/vulnerabilities/17639
Common Vulnerability Exposure (CVE) ID: CVE-2004-2512
BugTraq ID: 11340
http://www.securityfocus.com/bid/11340
http://www.osvdb.org/10591
http://securitytracker.com/id?1011481
XForce ISS Database: dcpportal-phpsessid-response-splitting(17640)
https://exchange.xforce.ibmcloud.com/vulnerabilities/17640

Copyright Copyright (C) 2003 k-otik.com & Copyright (C) 2004 David Maciejak

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.11446
Categoría:	Web application abuses
Título:	DCP-Portal <= 5.3.2 Multiple Vulnerabilities - Active Check
Resumen:	DCP-Portal is prone to multiple vulnerabilities.
Descripción:	Summary: DCP-Portal is prone to multiple vulnerabilities. Vulnerability Insight: The following flaws exist: - Cross-site scripting (XSS) flaws in calendar.php script, which may let an attacker to execute arbitrary code in the browser of a legitimate user. In addition to this, the product may also be vulnerable to: - HTML injection flaws, which may let an attacker to inject hostile HTML and script code that could permit cookie-based credentials to be stolen and other attacks. - HTTP response splitting flaw, which may let an attacker to influence or misrepresent how web content is served, cached or interpreted. Affected Software/OS: DCP-Portal version 5.3.2 and prior is known to be affected. Newer versions might be affected as well. Solution: Update to a newer version when available. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2003-1536 BugTraq ID: 7141 http://www.securityfocus.com/bid/7141 BugTraq ID: 7144 http://www.securityfocus.com/bid/7144 Bugtraq: 20030318 Some XSS vulns (Google Search) http://archives.neohapsis.com/archives/bugtraq/2003-03/0275.html http://www.osvdb.org/7021 http://www.osvdb.org/7022 http://secunia.com/advisories/8358 XForce ISS Database: dcpportal-search-calendar-xss(11602) https://exchange.xforce.ibmcloud.com/vulnerabilities/11602 Common Vulnerability Exposure (CVE) ID: CVE-2004-2511 BugTraq ID: 11338 http://www.securityfocus.com/bid/11338 BugTraq ID: 11339 http://www.securityfocus.com/bid/11339 Bugtraq: 20041006 [Maxpatrol Security Advisory] Multiple vulnerabilities in DCP-Portal (Google Search) http://archives.neohapsis.com/archives/bugtraq/2004-10/0042.html http://www.osvdb.org/10585 http://www.osvdb.org/10587 http://www.osvdb.org/10588 http://www.osvdb.org/10589 http://www.osvdb.org/10590 http://www.osvdb.org/11405 http://securitytracker.com/id?1006351 http://secunia.com/advisories/12751 XForce ISS Database: dcpportal-get-xss(17638) https://exchange.xforce.ibmcloud.com/vulnerabilities/17638 XForce ISS Database: dcpportal-post-xss(17639) https://exchange.xforce.ibmcloud.com/vulnerabilities/17639 Common Vulnerability Exposure (CVE) ID: CVE-2004-2512 BugTraq ID: 11340 http://www.securityfocus.com/bid/11340 http://www.osvdb.org/10591 http://securitytracker.com/id?1011481 XForce ISS Database: dcpportal-phpsessid-response-splitting(17640) https://exchange.xforce.ibmcloud.com/vulnerabilities/17640
Copyright	Copyright (C) 2003 k-otik.com & Copyright (C) 2004 David Maciejak