 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.802388 |
| Categoría: | Web application abuses |
| Título: | Support Incident Tracker SiT! < 3.65 Multiple Vulnerabilities - Active Check |
| Resumen: | Support Incident Tracker is prone to multiple SQL injection; (SQLi) and cross-site scripting (XSS) vulnerabilities. |
| Descripción: | Summary: Support Incident Tracker is prone to multiple SQL injection (SQLi) and cross-site scripting (XSS) vulnerabilities. Vulnerability Insight: The flaws are due to improper input validation errors in multiple scripts before being used in SQL queries and also allows attackers to execute arbitrary HTML. Vulnerability Impact: Successful exploitation will allow attacker to execute arbitrary HTML and script code in a user's browser session in the context of a vulnerable site and to cause SQL Injection attack to gain sensitive information. Affected Software/OS: Support Incident Tracker prior to version 3.65. Solution: Update to version 3.65 or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2011-5071 Bugtraq: 20110726 [PT-2011-25] SQL injection vulnerabilities in Support Incident Tracker (Google Search) http://seclists.org/bugtraq/2011/Jul/174 http://en.securitylab.ru/lab/PT-2011-25 http://secunia.com/advisories/45277 http://secunia.com/advisories/45437 Common Vulnerability Exposure (CVE) ID: CVE-2011-5072 Bugtraq: 20110914 Multiple vulnerabilities in SiT! Support Incident Tracker (Google Search) http://www.securityfocus.com/archive/1/519636 https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_sit_support_incident_tracker.html http://secunia.com/advisories/46019 Common Vulnerability Exposure (CVE) ID: CVE-2011-5073 Common Vulnerability Exposure (CVE) ID: CVE-2011-5074 Common Vulnerability Exposure (CVE) ID: CVE-2011-5075 Bugtraq: 20111119 Support Incident Tracker <= 3.65 (translate.php) Remote Code Execution Vulnerability (Google Search) http://www.securityfocus.com/archive/1/520577 http://www.exploit-db.com/exploits/18132/ http://www.openwall.com/lists/oss-security/2011/11/22/3 |
| Copyright | Copyright (C) 2012 Greenbone AG |
| Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |