 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.51736 |
| Categoría: | CGI abuses |
| Título: | pMachine code injection and file disclosure |
| Resumen: | NOSUMMARY |
| Descripción: | Description: pMachine 4.2 suffers from a code injection attack and arbitrary file disclosure vulnerability. The 'mail_autocheck.php' script does not sanitize user input, allowing attackers to perform attacks such as the reading of abritrary files on the remote system, or worse, injecting code via a URL inclusion. Solution: None available. While it _may_ be possible to thwart this attack by disabling the 'register_globals' variable, you may not be able to do so dependent on other applications on your system. It should be noted that while BID 12597 recommends disabling allow_url_fopen, doing so will not prevent a malicious user from reading abitrary fiels such as your password file. Further, this package is no longer maintained by the vendor. It is recommend you remove this software from your system. Risk factor : High CVSS Score: 7.5 |
| Referencia Cruzada: |
BugTraq ID: 12597 Common Vulnerability Exposure (CVE) ID: CVE-2005-0513 http://www.securityfocus.com/bid/12597 BugTraq ID: 15473 http://www.securityfocus.com/bid/15473 http://marc.info/?l=full-disclosure&m=110883604531802&w=2 |
| Copyright | Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com |
| Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |