ID de Prueba:	1.3.6.1.4.1.25623.1.0.900905
Categoría:	Web application abuses
Título:	Admin News Tools Multiple Vulnerabilities
Resumen:	Admin News Tools is prone to multiple vulnerabilities.
Descripción:	Summary: Admin News Tools is prone to multiple vulnerabilities. Vulnerability Insight: - Input passed via the 'fichier' parameter in 'system/download.php' is not properly verified before being processed and can be used to read arbitrary files via a .. (dot dot) sequence. - Access to system/message.php is not restricted properly and can be exploited to post news messages by accessing the script directly. Vulnerability Impact: Successful exploitation will allow remote attackers to bypass security restrictions by gaining sensitive information and redirect the user to other malicious sites. Affected Software/OS: Admin News Tools version 2.5. Solution: Upgrade to Admin News Tools version 3.0 or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-2557 Bugtraq: 20090715 Admin News Tools 2.5 Remote File Download Vulnerability (Google Search) http://www.securityfocus.com/archive/1/504949/100/0/threaded http://www.exploit-db.com/exploits/9153 http://osvdb.org/55856 http://secunia.com/advisories/35842 Common Vulnerability Exposure (CVE) ID: CVE-2009-2558 http://www.exploit-db.com/exploits/9161 XForce ISS Database: adminnewstools-message-sec-bypass(51780) https://exchange.xforce.ibmcloud.com/vulnerabilities/51780
Copyright	Copyright (C) 2009 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.