 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.14327 |
| Categoría: | CGI abuses |
| Título: | MyDMS SQL Injection and Directory Traversal |
| Resumen: | NOSUMMARY |
| Descripción: | Description: The remote host is running MyDMS, an open source document management system based on MySQL and PHP. The remote version of this software is vulnerable to a SQL injection bug which may allow any guest user to execute arbitrary SQL commands against the remote database. There is also a directory traversal issue which may allow logged users to read arbitrary files on the remote host with the privileges of the HTTP daemon. Solution : Upgrade to MyDMS 1.4.3 Risk factor : High |
| Referencia Cruzada: |
BugTraq ID: 10996 Common Vulnerability Exposure (CVE) ID: CVE-2004-1733 http://www.securityfocus.com/bid/10996 Bugtraq: 20040820 Multiple vulnerabilities in MyDMS (Google Search) http://marc.info/?l=bugtraq&m=109314495007280&w=2 http://secunia.com/advisories/12340 XForce ISS Database: mydms-dotdot-file-download(17058) https://exchange.xforce.ibmcloud.com/vulnerabilities/17058 Common Vulnerability Exposure (CVE) ID: CVE-2004-1732 XForce ISS Database: mydms-folderld-sql-injection(17054) https://exchange.xforce.ibmcloud.com/vulnerabilities/17054 |
| Copyright | This script is Copyright (C) 2004 Tenable Network Security |
| Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |