ID de Prueba:	1.3.6.1.4.1.25623.1.0.802060
Categoría:	Web application abuses
Título:	SearchBlox Multiple Vulnerabilities (Sep 2013) - Active Check
Resumen:	SearchBlox is prone to multiple vulnerabilities.
Descripción:	Summary: SearchBlox is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws are due to: - Input passed via 'name' parameter to 'servlet/CreateTemplateServlet' not properly sanitised before being used to create files. - Error when accessing 'servlet/CollectionListServlet' servlet when 'action' is set to 'getList' can be exploited to disclose usernames and passwords from the database. - 'admin/uploadImage.html' script allows to upload an executable file with the image/jpeg content type and it can be exploited to execute arbitrary JSP code by uploading a malicious JSP script. Vulnerability Impact: Successful exploitation may allow an attacker to execute arbitrary JSP code or obtain potentially sensitive information or can overwrite arbitrary files via directory traversal sequences. Affected Software/OS: SearchBlox prior to version 7.5 build 1. Solution: Update to version 7.5 build 1 or later. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2013-3598 CERT/CC vulnerability note: VU#592942 http://www.kb.cert.org/vuls/id/592942 http://buddhalabs.com/Advisories/WebAdvisories.html http://osvdb.org/96619 Common Vulnerability Exposure (CVE) ID: CVE-2013-3597 Common Vulnerability Exposure (CVE) ID: CVE-2013-3590
Copyright	Copyright (C) 2013 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.