ID de Prueba:	1.3.6.1.4.1.25623.1.0.804556
Categoría:	Web application abuses
Título:	Xerox DocuShare SQLi Vulnerability (Apr 2014)
Resumen:	Xerox DocuShare is prone to an SQL injection (SQLi); vulnerability.
Descripción:	Summary: Xerox DocuShare is prone to an SQL injection (SQLi) vulnerability. Vulnerability Insight: Input appended to the URL after: /dsweb/ResultBackgroundJobMultiple/1 is not properly sanitised before being used in SQL queries. Vulnerability Impact: Successful exploitation will allow attacker to execute arbitrary HTML or script code and manipulate SQL queries in the backend database allowing for the manipulation or disclosure of arbitrary data. Affected Software/OS: Xerox DocuShare versions 6.5.3 Patch 6, 6.6.1 Update 1, 6.6.1 Update 2. Prior versions may also be affected. Solution: Update to 6.53 Patch 6 Hotfix 2, 6.6.1 Update 1 Hotfix 24, 6.6.1 Update 2 Hotfix 3 or later. CVSS Score: 6.5 CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2014-3138 BugTraq ID: 66922 http://www.securityfocus.com/bid/66922 http://www.exploit-db.com/exploits/32886 http://seclists.org/fulldisclosure/2014/Apr/205 http://packetstormsecurity.com/files/126171/Xerox-DocuShare-SQL-Injection.html http://www.xerox.com/download/security/security-bulletin/a72cd-4f7a54ce14460/cert_XRX14-003_V1.0.pdf http://www.osvdb.org/105972 http://secunia.com/advisories/57996 XForce ISS Database: xerox-docushare-sql-injection(92548) https://exchange.xforce.ibmcloud.com/vulnerabilities/92548
Copyright	Copyright (C) 2014 Greenbone Networks GmbH

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.