 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.800801 |
| Categoría: | Web application abuses |
| Título: | TemaTres Multiple XSS and SQL Injection Vulnerabilities |
| Resumen: | TemaTres is prone to Multiple XSS and SQL Injection Vulnerabilities. |
| Descripción: | Summary: TemaTres is prone to Multiple XSS and SQL Injection Vulnerabilities. Vulnerability Insight: Multiple flaws are due to - In-adequate check of user supplied input which causes input validation error in the search form. - Validation check error in accepting user input for the following parameters a) _expresion_de_busqueda, b) letra c) estado_id and d) tema e) PATH_TO inside index.php. - Validation check error in accepting user input for the following parameters a) y b) ord and c) m inside sobre.php. - Validation check error in accepting user input for the following parameters a) mail b) password inside index.php. - Validation check error in accepting user input for the following parameters a) dcTema b) madsTema c) zthesTema d) skosTema and e) xtmTema inside xml.php. Vulnerability Impact: Successful attacks will let the attacker steal cookie-based authentication credentials, compromise the application, access or modify data, or can exploit latest vulnerabilities in the underlying database when 'magic_quotes_gpc' is disabled. Affected Software/OS: TemaTres version 1.031 and prior. Solution: Upgrade to TemaTres version 1.033 or later. CVSS Score: 6.0 CVSS Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2009-1583 BugTraq ID: 34830 http://www.securityfocus.com/bid/34830 Bugtraq: 20090505 MULTIPLE REMOTE VULNERABILITIES--TemaTres 1.0.3--> (Google Search) http://www.securityfocus.com/archive/1/503252/100/0/threaded https://www.exploit-db.com/exploits/8615 http://osvdb.org/54247 http://secunia.com/advisories/34983 http://secunia.com/advisories/34990 XForce ISS Database: tematres-term-xss(50343) https://exchange.xforce.ibmcloud.com/vulnerabilities/50343 Common Vulnerability Exposure (CVE) ID: CVE-2009-1584 Bugtraq: 20090505 BLIND SQL INJECTION EXPLOIT--TemaTres 1.0.3--> (Google Search) http://www.securityfocus.com/archive/1/503256 https://www.exploit-db.com/exploits/8616 http://osvdb.org/54245 http://osvdb.org/54246 Common Vulnerability Exposure (CVE) ID: CVE-2009-1585 http://osvdb.org/54244 |
| Copyright | Copyright (C) 2009 Greenbone AG |
| Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |