ID de Prueba:	1.3.6.1.4.1.25623.1.0.902326
Categoría:	Web application abuses
Título:	Habari Multiple Vulnerabilities
Resumen:	Habari is prone to multiple vulnerabilities.
Descripción:	Summary: Habari is prone to multiple vulnerabilities. Vulnerability Insight: The flaws are due to - Input passed to the 'additem_form' parameter in 'system/admin/dash_additem.php' and 'status_data[]' parameter in 'system/admin/dash_status.php' is not properly sanitised before being returned to the user. - Error in '/system/admin/header.php' and '/system/admin/comments_items.php' script, which generate an error that will reveal the full path of the script. Vulnerability Impact: Successful exploitation will allow remote attackers to execute arbitrary HTML and script code in a user's browser session in the context of an affected site and determine the full path to the web root directory and other potentially sensitive information. Affected Software/OS: Habari version 0.6.5 Solution: Upgrade to Habari version 0.6.6 or later CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-4607 http://www.exploit-db.com/exploits/15799 http://www.htbridge.ch/advisory/xss_vulnerability_in_habari.html http://www.htbridge.ch/advisory/xss_vulnerability_in_habari_1.html http://secunia.com/advisories/42688 Common Vulnerability Exposure (CVE) ID: CVE-2010-4608 http://www.htbridge.ch/advisory/path_disclosure_in_habari.html
Copyright	Copyright (C) 2010 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.