 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.17343 |
| Categoría: | Web application abuses |
| Título: | phpWebLog <= 0.5.3 Multiple Vulnerabilities - Active Check |
| Resumen: | phpWebLog is prone to several flaws, including possibly; arbitrary code execution. |
| Descripción: | Summary: phpWebLog is prone to several flaws, including possibly arbitrary code execution. Vulnerability Impact: Due to improper filtering done by 'search.php' a remote attacker can cause the phpWebLog product to include arbitrary HTML and/or JavaScript. An attacker may use this bug to perform a cross site scripting attack using the remote host. There are also reportedly two flaws that, if PHP's 'register_globals' setting is enabled, allow for local file disclosure and arbitrary code execution. Affected Software/OS: phpWebLog version 0.5.3 and prior are known to be affected. Other versions might be affected as well. Solution: Disable this script. CVSS Score: 4.6 CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2005-0698 BugTraq ID: 12747 http://www.securityfocus.com/bid/12747 Bugtraq: 20050307 phpWebLog <= 0.5.3 arbitrary file inclusion (VXSfx) (Google Search) http://www.securityfocus.com/archive/1/392552 |
| Copyright | Copyright (C) 2005 Noam Rathaus |
| Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |