Web application abuses : ATutor < 1.5.1-pl1 Multiple Flaws

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.20095

Categoría: Web application abuses

Título: ATutor < 1.5.1-pl1 Multiple Flaws

Resumen: The remote web server contains a PHP application that is prone to multiple; flaws.;; The remote host is running ATutor, an open-source web-based Learning; Content Management System (LCMS) written in PHP.;; The version of ATutor installed on the remote host may be vulnerable; to arbitrary command execution, arbitrary file access, and cross-site; scripting attacks. Successful exploitation of the first two issues; requires that PHP's 'register_globals' setting be enabled and, in some; cases, that 'magic_quotes_gpc' be disabled.

Descripción: Summary:
The remote web server contains a PHP application that is prone to multiple
flaws.

The remote host is running ATutor, an open-source web-based Learning
Content Management System (LCMS) written in PHP.

The version of ATutor installed on the remote host may be vulnerable
to arbitrary command execution, arbitrary file access, and cross-site
scripting attacks. Successful exploitation of the first two issues
requires that PHP's 'register_globals' setting be enabled and, in some
cases, that 'magic_quotes_gpc' be disabled.

Solution:
Apply patch 1.5.1-pl1 or upgrade to version 1.5.2 or later.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2005-3403
BugTraq ID: 15221
http://www.securityfocus.com/bid/15221
Bugtraq: 20051027 Secunia Research: ATutor Multiple Vulnerabilities (Google Search)
http://marc.info/?l=bugtraq&m=113043022821049&w=2
http://secunia.com/secunia_research/2005-55/advisory/
http://www.osvdb.org/20347
http://www.osvdb.org/20348
http://www.osvdb.org/20349
http://securitytracker.com/id?1015165
http://secunia.com/advisories/16915/
http://securityreason.com/securityalert/123
http://www.vupen.com/english/advisories/2005/2228
Common Vulnerability Exposure (CVE) ID: CVE-2005-3404
http://www.osvdb.org/20345
http://www.osvdb.org/20346
Common Vulnerability Exposure (CVE) ID: CVE-2005-3405
http://www.osvdb.org/20344

Copyright Copyright (C) 2005 David Maciejak

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.20095
Categoría:	Web application abuses
Título:	ATutor < 1.5.1-pl1 Multiple Flaws
Resumen:	The remote web server contains a PHP application that is prone to multiple; flaws.;; The remote host is running ATutor, an open-source web-based Learning; Content Management System (LCMS) written in PHP.;; The version of ATutor installed on the remote host may be vulnerable; to arbitrary command execution, arbitrary file access, and cross-site; scripting attacks. Successful exploitation of the first two issues; requires that PHP's 'register_globals' setting be enabled and, in some; cases, that 'magic_quotes_gpc' be disabled.
Descripción:	Summary: The remote web server contains a PHP application that is prone to multiple flaws. The remote host is running ATutor, an open-source web-based Learning Content Management System (LCMS) written in PHP. The version of ATutor installed on the remote host may be vulnerable to arbitrary command execution, arbitrary file access, and cross-site scripting attacks. Successful exploitation of the first two issues requires that PHP's 'register_globals' setting be enabled and, in some cases, that 'magic_quotes_gpc' be disabled. Solution: Apply patch 1.5.1-pl1 or upgrade to version 1.5.2 or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2005-3403 BugTraq ID: 15221 http://www.securityfocus.com/bid/15221 Bugtraq: 20051027 Secunia Research: ATutor Multiple Vulnerabilities (Google Search) http://marc.info/?l=bugtraq&m=113043022821049&w=2 http://secunia.com/secunia_research/2005-55/advisory/ http://www.osvdb.org/20347 http://www.osvdb.org/20348 http://www.osvdb.org/20349 http://securitytracker.com/id?1015165 http://secunia.com/advisories/16915/ http://securityreason.com/securityalert/123 http://www.vupen.com/english/advisories/2005/2228 Common Vulnerability Exposure (CVE) ID: CVE-2005-3404 http://www.osvdb.org/20345 http://www.osvdb.org/20346 Common Vulnerability Exposure (CVE) ID: CVE-2005-3405 http://www.osvdb.org/20344
Copyright	Copyright (C) 2005 David Maciejak