 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.19603 |
| Categoría: | Web application abuses |
| Título: | Land Down Under <= 801 Multiple Vulnerabilities |
| Resumen: | Land Down Under is prone to multiple vulnerabilities. |
| Descripción: | Summary: Land Down Under is prone to multiple vulnerabilities. Vulnerability Insight: The following flaws exist: - CVE-2005-2788, CVE-2005-2884, CVE-2005-4821: The remote version of Land Down Under is prone to several SQL injection (SQLi) and cross-site scripting (XSS) attacks due to its failure to sanitize user-supplied input to several parameters used by the 'events.php', 'index.php', and 'list.php' scripts. A malicious user can exploit these flaws to manipulate SQL queries, steal authentication cookies, and the like Furthermore version 800 also contains the following flaws: - CVE-2005-2674: Multiple XSS vulnerabilities - CVE-2005-2675: Multiple SQLi vulnerabilities Note: The vendor has disputed these two CVEs but the origin / proof is unknown and the CVEs still have been added for archiving / tracking purposes. Affected Software/OS: Land Down Under versions 801 and prior are known to be affected. Newer versions might be affected as well. Solution: No known solution was made available for at least one year since the disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2005-2674 BugTraq ID: 14619 http://www.securityfocus.com/bid/14619 Bugtraq: 20050820 Bugs Land Down Under v800 (Google Search) http://marc.info/?l=bugtraq&m=112456235729717&w=2 http://www.neocrome.net http://securitytracker.com/id?1014747 Common Vulnerability Exposure (CVE) ID: CVE-2005-2675 BugTraq ID: 14618 http://www.securityfocus.com/bid/14618 Common Vulnerability Exposure (CVE) ID: CVE-2005-2788 BugTraq ID: 14685 http://www.securityfocus.com/bid/14685 Bugtraq: 20050829 Land Down Under 801 And Prior Multiple SQL Injection Vulnerabilities (Google Search) http://marc.info/?l=bugtraq&m=112534574505945&w=2 XForce ISS Database: landdownunder-events-index-list-sql-injection(22047) https://exchange.xforce.ibmcloud.com/vulnerabilities/22047 Common Vulnerability Exposure (CVE) ID: CVE-2005-2884 BugTraq ID: 14746 http://www.securityfocus.com/bid/14746 Bugtraq: 20050905 Land Down Under 'events.php' Cross Site Scripting Vulnerability (Google Search) http://marc.info/?l=bugtraq&m=112604873103252&w=2 http://secunia.com/advisories/16710/ XForce ISS Database: landdownunder-events-neventtext-xss(22195) https://exchange.xforce.ibmcloud.com/vulnerabilities/22195 Common Vulnerability Exposure (CVE) ID: CVE-2005-4821 BugTraq ID: 14820 http://www.securityfocus.com/bid/14820 http://archives.neohapsis.com/archives/fulldisclosure/2005-09/0381.html http://www.g-0.org/code/ldu-adv.html http://www.osvdb.org/19504 http://www.osvdb.org/19505 |
| Copyright | Copyright (C) 2006 Josh Zlatin-Amishav |
| Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |