 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.901186 |
| Categoría: | Web application abuses |
| Título: | Symantec IM Manager <= 8.4.16 'eval()' Code Injection Vulnerability |
| Resumen: | Symantec IM Manager is prone to a code injection vulnerability. |
| Descripción: | Summary: Symantec IM Manager is prone to a code injection vulnerability. Vulnerability Insight: The flaw is caused by an input validation error in the 'ScheduleTask' method of the 'IMAdminSchedTask.asp' page within the administration console when processing a POST variable via an 'eval()' call, which could be exploited by attackers to inject and execute arbitrary ASP code by enticing a logged-in console user to visit a malicious link. Vulnerability Impact: Successful exploitation will allow attacker to execute arbitrary code on the system. Affected Software/OS: Symantec IM Manager versions 8.4.16 and prior. Solution: Update to version 8.4.17 or later. CVSS Score: 8.5 CVSS Vector: AV:N/AC:M/Au:S/C:C/I:C/A:C |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2010-3719 BugTraq ID: 45946 http://www.securityfocus.com/bid/45946 Bugtraq: 20110131 ZDI-11-037: Symantec IM Manager Administrative Interface IMAdminSchedTask.asp Eval Code Injection Remote Code Execution Vulnerability (Google Search) http://www.securityfocus.com/archive/1/516103/100/0/threaded http://www.zerodayinitiative.com/advisories/ZDI-11-037 http://osvdb.org/70755 http://secunia.com/advisories/43143 http://www.vupen.com/english/advisories/2011/0259 XForce ISS Database: immanager-scheduletask-code-execution(65040) https://exchange.xforce.ibmcloud.com/vulnerabilities/65040 |
| Copyright | Copyright (C) 2011 Greenbone Networks GmbH |
| Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |