 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.900204 |
| Categoría: | Web application abuses |
| Título: | MicroWorld MailScan for Mail Servers < 6.4a Multiple Vulnerabilities |
| Resumen: | MailScan is prone to multiple vulnerabilities. |
| Descripción: | Summary: MailScan is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws are due to: - an input validation error within the web administration interface. - the web administration interface does not properly restrict access to certain pages. can cause an authentication-bypass vulnerability. - an input passed via URL to the web administration interface is not properly sanitized before being returned to the user. Vulnerability Impact: Successful Remote exploitation will allow, to gain unauthorized access to disclose sensitive information, directory traversal attacks, cross site scripting, execution of arbitrary script code within the context of the website to steal cookie-based authentication credentials. Affected Software/OS: MicroWorld MailScan for Mail Servers 5.6a and prior versions. Solution: Upgrade to MicroWorld MailScan Version 6.4a or later. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2008-3726 BugTraq ID: 30700 http://www.securityfocus.com/bid/30700 Bugtraq: 20080815 Re: MicroWorld MailScan - Multiple Vulnerabilities within Admin-Webinterface (Google Search) http://marc.info/?l=bugtraq&m=121881329424635&w=2 http://www.oliverkarow.de/research/mailscan.txt http://secunia.com/advisories/31534 http://securityreason.com/securityalert/4172 XForce ISS Database: mailscan-admininterface-xss(44517) https://exchange.xforce.ibmcloud.com/vulnerabilities/44517 |
| Copyright | Copyright (C) 2008 Greenbone AG |
| Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |