ID de Prueba:	1.3.6.1.4.1.25623.1.0.14222
Categoría:	Web application abuses
Título:	RiSearch Arbitrary File Access Vulnerability - Active Check
Resumen:	RiSearch is prone to a flaw that may lead to an unauthorized; information disclosure.
Descripción:	Summary: RiSearch is prone to a flaw that may lead to an unauthorized information disclosure. Vulnerability Insight: The issue is triggered when an arbitrary local file path is passed to show.pl, which will disclose the file contents resulting in a loss of confidentiality. Vulnerability Impact: An attacker, exploiting this flaw, would be able to gain access to potentially confidential files which would be useful in elevating privileges on the remote machine. Solution: Upgrade to the latest version of this software. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2004-2061 BugTraq ID: 10812 http://www.securityfocus.com/bid/10812 Bugtraq: 20040727 IRM 009: RiSearch and RiSearch ProPro are vulnerable to open FTP/HTTP proxy, directory listings and file disclosure vulnerabilities (Google Search) http://marc.info/?l=bugtraq&m=109095196526490&w=2 http://www.osvdb.org/8265 http://www.osvdb.org/8266 http://securitytracker.com/id?1010788 http://secunia.com/advisories/12173 XForce ISS Database: risearch-show-open-proxy(16817) https://exchange.xforce.ibmcloud.com/vulnerabilities/16817
Copyright	Copyright (C) 2004 David Maciejak

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.