 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.800166 |
| Categoría: | Web application abuses |
| Título: | EvalSMSI < 2.2.00 Multiple Vulnerabilities |
| Resumen: | EvalSMSI is prone to multiple vulnerabilities. |
| Descripción: | Summary: EvalSMSI is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws exist due to: - Input passed to the 'query' parameter in ajax.php (when 'question' action is set), 'return' parameter in ajax.php and while writing comments to assess.php page (when 'continue_assess' action is set) is not properly sanitised before being used in SQL queries. - The passwords are stored in plaintext in the database, which allows attackers with database access to gain privileges. Vulnerability Impact: Successful exploitation will allow remote attackers to view, edit and delete the backend database via SQL Injection or inject arbitrary web script or HTML via a cross-site scripting (XSS) attack. Affected Software/OS: EvalSMSI prior to version 2.2.00. Solution: Update to version 2.2.00 or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2010-0614 BugTraq ID: 38116 http://www.securityfocus.com/bid/38116 Bugtraq: 20100204 CORELAN-10-008 - Multiple vulnerabilities found in evalmsi 2.1.03 (Google Search) http://www.securityfocus.com/archive/1/509370/100/0/threaded http://packetstormsecurity.org/1002-exploits/corelan-10-008-evalmsi.txt http://www.corelan.be:8800/index.php/forum/security-advisories/corelan-10-008-evalmsi-2-1-03-multiple-vulnerabilities/ http://www.osvdb.org/62177 http://secunia.com/advisories/38478 XForce ISS Database: evalsmsi-ajax-sql-injection(56152) https://exchange.xforce.ibmcloud.com/vulnerabilities/56152 Common Vulnerability Exposure (CVE) ID: CVE-2010-0615 http://www.osvdb.org/62178 XForce ISS Database: evalsmsi-comment-xss(56154) https://exchange.xforce.ibmcloud.com/vulnerabilities/56154 Common Vulnerability Exposure (CVE) ID: CVE-2010-0616 http://www.osvdb.org/62180 Common Vulnerability Exposure (CVE) ID: CVE-2010-0617 http://www.osvdb.org/62179 XForce ISS Database: evalsmsi-ajax-xss(56157) https://exchange.xforce.ibmcloud.com/vulnerabilities/56157 |
| Copyright | Copyright (C) 2010 Greenbone Networks GmbH |
| Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |