Web application abuses : Land Down Under <= 800 Multiple Vulnerabilities

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.19678

Categoría: Web application abuses

Título: Land Down Under <= 800 Multiple Vulnerabilities

Resumen: The remote version of Land Down Under is prone to various SQL injection and; cross-site scripting attacks provided PHP's 'magic_quotes' setting is disabled due to its failure to sanitize the; request URI before using it in 'system/functions.php' in the function 'ldu_log()'. A malicious user may be able; to exploit this issue to manipulate SQL queries, steal authentication cookies, and the like.;; In addition, it also fails to properly sanitize the user-supplied signature in forum posts. A malicious user can; exploit this vulnerability to steal authentication cookies and manipulate the HTML format in 'forums.php'.

Descripción: Summary:
The remote version of Land Down Under is prone to various SQL injection and
cross-site scripting attacks provided PHP's 'magic_quotes' setting is disabled due to its failure to sanitize the
request URI before using it in 'system/functions.php' in the function 'ldu_log()'. A malicious user may be able
to exploit this issue to manipulate SQL queries, steal authentication cookies, and the like.

In addition, it also fails to properly sanitize the user-supplied signature in forum posts. A malicious user can
exploit this vulnerability to steal authentication cookies and manipulate the HTML format in 'forums.php'.

Solution:
Upgrade to Land Down Under version 801 or later.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2005-2674
BugTraq ID: 14619
http://www.securityfocus.com/bid/14619
Bugtraq: 20050820 Bugs Land Down Under v800 (Google Search)
http://marc.info/?l=bugtraq&m=112456235729717&w=2
http://www.neocrome.net
http://securitytracker.com/id?1014747
Common Vulnerability Exposure (CVE) ID: CVE-2005-2675
BugTraq ID: 14618
http://www.securityfocus.com/bid/14618
Common Vulnerability Exposure (CVE) ID: CVE-2005-2780
BugTraq ID: 14677
http://www.securityfocus.com/bid/14677
Bugtraq: 20050828 Land Down Under (Google Search)
http://marc.info/?l=bugtraq&m=112534018805818&w=2

Copyright Copyright (C) 2005 Josh Zlatin-Amishav

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.19678
Categoría:	Web application abuses
Título:	Land Down Under <= 800 Multiple Vulnerabilities
Resumen:	The remote version of Land Down Under is prone to various SQL injection and; cross-site scripting attacks provided PHP's 'magic_quotes' setting is disabled due to its failure to sanitize the; request URI before using it in 'system/functions.php' in the function 'ldu_log()'. A malicious user may be able; to exploit this issue to manipulate SQL queries, steal authentication cookies, and the like.;; In addition, it also fails to properly sanitize the user-supplied signature in forum posts. A malicious user can; exploit this vulnerability to steal authentication cookies and manipulate the HTML format in 'forums.php'.
Descripción:	Summary: The remote version of Land Down Under is prone to various SQL injection and cross-site scripting attacks provided PHP's 'magic_quotes' setting is disabled due to its failure to sanitize the request URI before using it in 'system/functions.php' in the function 'ldu_log()'. A malicious user may be able to exploit this issue to manipulate SQL queries, steal authentication cookies, and the like. In addition, it also fails to properly sanitize the user-supplied signature in forum posts. A malicious user can exploit this vulnerability to steal authentication cookies and manipulate the HTML format in 'forums.php'. Solution: Upgrade to Land Down Under version 801 or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2005-2674 BugTraq ID: 14619 http://www.securityfocus.com/bid/14619 Bugtraq: 20050820 Bugs Land Down Under v800 (Google Search) http://marc.info/?l=bugtraq&m=112456235729717&w=2 http://www.neocrome.net http://securitytracker.com/id?1014747 Common Vulnerability Exposure (CVE) ID: CVE-2005-2675 BugTraq ID: 14618 http://www.securityfocus.com/bid/14618 Common Vulnerability Exposure (CVE) ID: CVE-2005-2780 BugTraq ID: 14677 http://www.securityfocus.com/bid/14677 Bugtraq: 20050828 Land Down Under (Google Search) http://marc.info/?l=bugtraq&m=112534018805818&w=2
Copyright	Copyright (C) 2005 Josh Zlatin-Amishav