 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.804664 |
| Categoría: | Web application abuses |
| Título: | Frams&qt Fast File EXchange Multiple Vulnerabilities |
| Resumen: | Frams&qt Fast File EXchange is prone to multiple vulnerabilities. |
| Descripción: | Summary: Frams&qt Fast File EXchange is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws are due to: - An input passed via the 'akey' parameter to /rup is not properly sanitised before being returned to the user. - An input passed via the 'addto' parameter to /fup is not properly sanitised before being returned to the user. - An input passed via the 'disclaimer' and 'gm' parameters to /fuc is not properly sanitised before being returned to the user. - Application allows users to perform certain actions via HTTP requests without performing proper validity checks to verify the requests. Vulnerability Impact: Successful exploitation will allow attacker to conduct HTTP response splitting, conduct request forgery attacks and execute arbitrary HTML and script code in a user's browser session in the context of an affected site. Affected Software/OS: Frams&qt Fast File EXchange before version 20140526 Solution: Upgrade to Frams&qt Fast File EXchange version 20140526 or later. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2014-3876 http://packetstormsecurity.com/files/126906/F-EX-20140313-1-HTTP-Response-Splitting-Cross-Site-Scripting.html https://www.lsexperts.de/advisories/lse-2014-05-22.txt Common Vulnerability Exposure (CVE) ID: CVE-2014-3877 Common Vulnerability Exposure (CVE) ID: CVE-2014-3875 http://seclists.org/fulldisclosure/2014/Jun/1 http://www.openwall.com/lists/oss-security/2014/06/03/6 http://www.securityfocus.com/bid/67783 https://security-tracker.debian.org/tracker/CVE-2014-3875 |
| Copyright | Copyright (C) 2014 Greenbone AG |
| Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |