ID de Prueba:	1.3.6.1.4.1.25623.1.0.803970
Categoría:	Web application abuses
Título:	AjaXplorer Zoho plugin < 5.0.4 Directory Traversal Vulnerability
Resumen:	The Zoho plugin of AjaXplorer is prone to a directory traversal; and a file upload vulnerability.
Descripción:	Summary: The Zoho plugin of AjaXplorer is prone to a directory traversal and a file upload vulnerability. Vulnerability Insight: The flaws exist due to improper validation of user-supplied input via the 'name' parameter and improper validation of file extensions by the save_zoho.php script. Vulnerability Impact: Successful exploitation may allow an attacker to obtain sensitive information, and upload a malicious PHP script, which could allow the attacker to execute arbitrary PHP code on the affected system. Affected Software/OS: AjaXplorer Zoho plugin 5.0.3 and prior. Solution: Update the Zoho plugin to version 5.0.4 or later. CVSS Score: 8.5 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2013-6226 BugTraq ID: 63647 http://www.securityfocus.com/bid/63647 Bugtraq: 20131110 Vulnerability in Pydio/AjaXplorer <= 5.0.3 (Google Search) http://archives.neohapsis.com/archives/bugtraq/2013-11/0043.html http://www.redfsec.com/CVE-2013-6226 XForce ISS Database: ajaxplorer-zoho-cve20136226-dir-traversal(88667) https://exchange.xforce.ibmcloud.com/vulnerabilities/88667 Common Vulnerability Exposure (CVE) ID: CVE-2013-6227 https://www.exploit-db.com/exploits/46206/ http://pyd.io/pydio-core-5-0-4/ http://www.redfsec.com/CVE-2013-6227
Copyright	Copyright (C) 2013 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.