Web application abuses : Majordomo2 Directory Traversal Vulnerability

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.801838

Categoría: Web application abuses

Título: Majordomo2 Directory Traversal Vulnerability

Resumen: Majordomo2 is prone to a directory traversal vulnerability.

Descripción: Summary:
Majordomo2 is prone to a directory traversal vulnerability.

Vulnerability Insight:
The flaw is caused by improper validation of user-supplied input via the
'help' parameter in 'mj_wwwusr', which allows attacker to read arbitrary
files via directory traversal attacks.

Vulnerability Impact:
Successful exploitation will allow attacker to obtain sensitive information
that could aid in further attacks.

Affected Software/OS:
Majordomo2 Build 20110203 and prior.

Solution:
Upgrade to Majordomo2 Build 20110204 or later.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2011-0049
BugTraq ID: 46127
http://www.securityfocus.com/bid/46127
Bugtraq: 20110203 Majordomo2 - Directory Traversal (SMTP/HTTP) (Google Search)
http://www.securityfocus.com/archive/1/516150/100/0/threaded
CERT/CC vulnerability note: VU#363726
http://www.kb.cert.org/vuls/id/363726
http://www.exploit-db.com/exploits/16103
https://bug628064.bugzilla.mozilla.org/attachment.cgi?id=506481
https://bugzilla.mozilla.org/show_bug.cgi?id=628064
https://sitewat.ch/en/Advisory/View/1
http://osvdb.org/70762
http://www.securitytracker.com/id?1025024
http://secunia.com/advisories/43125
http://securityreason.com/securityalert/8061
http://www.vupen.com/english/advisories/2011/0288
XForce ISS Database: majordomo-listfile-directory-traversal(65113)
https://exchange.xforce.ibmcloud.com/vulnerabilities/65113
Common Vulnerability Exposure (CVE) ID: CVE-2011-0063
Bugtraq: 20110308 NSOADV-2011-003: Majordomo2 'help' Command Directory Traversal (Patch Bypass) (Google Search)
http://www.securityfocus.com/archive/1/516923/100/0/threaded
http://sotiriu.de/adv/NSOADV-2011-003.txt
http://secunia.com/advisories/43631
http://securityreason.com/securityalert/8133
XForce ISS Database: majordomo-listfileget-dir-traversal(66011)
https://exchange.xforce.ibmcloud.com/vulnerabilities/66011

Copyright Copyright (C) 2011 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.801838
Categoría:	Web application abuses
Título:	Majordomo2 Directory Traversal Vulnerability
Resumen:	Majordomo2 is prone to a directory traversal vulnerability.
Descripción:	Summary: Majordomo2 is prone to a directory traversal vulnerability. Vulnerability Insight: The flaw is caused by improper validation of user-supplied input via the 'help' parameter in 'mj_wwwusr', which allows attacker to read arbitrary files via directory traversal attacks. Vulnerability Impact: Successful exploitation will allow attacker to obtain sensitive information that could aid in further attacks. Affected Software/OS: Majordomo2 Build 20110203 and prior. Solution: Upgrade to Majordomo2 Build 20110204 or later. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-0049 BugTraq ID: 46127 http://www.securityfocus.com/bid/46127 Bugtraq: 20110203 Majordomo2 - Directory Traversal (SMTP/HTTP) (Google Search) http://www.securityfocus.com/archive/1/516150/100/0/threaded CERT/CC vulnerability note: VU#363726 http://www.kb.cert.org/vuls/id/363726 http://www.exploit-db.com/exploits/16103 https://bug628064.bugzilla.mozilla.org/attachment.cgi?id=506481 https://bugzilla.mozilla.org/show_bug.cgi?id=628064 https://sitewat.ch/en/Advisory/View/1 http://osvdb.org/70762 http://www.securitytracker.com/id?1025024 http://secunia.com/advisories/43125 http://securityreason.com/securityalert/8061 http://www.vupen.com/english/advisories/2011/0288 XForce ISS Database: majordomo-listfile-directory-traversal(65113) https://exchange.xforce.ibmcloud.com/vulnerabilities/65113 Common Vulnerability Exposure (CVE) ID: CVE-2011-0063 Bugtraq: 20110308 NSOADV-2011-003: Majordomo2 'help' Command Directory Traversal (Patch Bypass) (Google Search) http://www.securityfocus.com/archive/1/516923/100/0/threaded http://sotiriu.de/adv/NSOADV-2011-003.txt http://secunia.com/advisories/43631 http://securityreason.com/securityalert/8133 XForce ISS Database: majordomo-listfileget-dir-traversal(66011) https://exchange.xforce.ibmcloud.com/vulnerabilities/66011
Copyright	Copyright (C) 2011 Greenbone AG