 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.806062 |
| Categoría: | Web application abuses |
| Título: | Web Reference Database Multiple Vulnerabilities |
| Resumen: | Reference Database is prone to multiple vulnerabilities. |
| Descripción: | Summary: Reference Database is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws are due to: - The application does not employ cross-site request forgery protection (CSRF) mechanisms, such as CSRF tokens. - Insufficient sanitization of user supplied input via referrer GET parameter by multiple pages. - Insufficient sanitization of user supplied via id GET parameter in unapi.php and stylesheet GET parameter in sru.php file. - Multiple input sanitization errors in install.php file via defaultCharacterSet, adminPassword, pathToMYSQL and databaseStructureFile POST parameters. - Insufficient sanitization of user supplied input via errorNo and errorMsg GET parameters in error.php file. - Insufficient sanitization of user supplied input via viewType GET parameter in duplicate_manager.php. - Insufficient sanitization of user supplied input via where GET parameter in rss.php file. - Insufficient sanitization of user supplied input via sqlQuery GET parameter in search.php file. - Insufficient sanitization of user supplied input via sourceText and sourceIDs POST variables in import.php file. - Insufficient sanitization of user supplied input via adminUserName POST parameter in update.php. - Insufficient sanitization of user supplied input via typeName and fileName POST parameters in modify.php file. Vulnerability Impact: Successful exploitation will allow remote attackers to submit valid requests to the server on behalf of authenticated users, execute arbitrary code on the server, directly read, write, and modify arbitrary data in the application's database, redirect victims to malicious web addresses. Affected Software/OS: refbase versions 0.9.6 and possibly earlier Solution: As a workaround restrict access to the application to trusted users and networks and manually remove install.php and update.php scripts from production deployments of the application when they are not needed. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2015-6007 CERT/CC vulnerability note: VU#374092 http://www.kb.cert.org/vuls/id/374092 Common Vulnerability Exposure (CVE) ID: CVE-2015-6008 https://www.exploit-db.com/exploits/38292/ Common Vulnerability Exposure (CVE) ID: CVE-2015-6009 Common Vulnerability Exposure (CVE) ID: CVE-2015-6010 Common Vulnerability Exposure (CVE) ID: CVE-2015-6011 Common Vulnerability Exposure (CVE) ID: CVE-2015-6012 Common Vulnerability Exposure (CVE) ID: CVE-2015-7381 Common Vulnerability Exposure (CVE) ID: CVE-2015-7382 Common Vulnerability Exposure (CVE) ID: CVE-2015-7383 |
| Copyright | Copyright (C) 2015 Greenbone AG |
| Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |