Vulnerability   
Search   
    Search 202850 CVE descriptions
and 87302 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.11439
Category:CGI abuses
Title:Xoops path disclosure
Summary:NOSUMMARY
Description:Description:

The remote host is running the Xoops CGI suite.

There is a flaw in this version which allows an attacker
to obtain the physical path of the remote web root by supplying
a bogus option to one of the Xoops CGI.

In addition to this, other flaws are known to exist in Xoops
(SQL injection, information disclosure about the users and so on).

You are advised to remove this CGI.

Solution : None at this time
Risk factor : Medium

Cross-Ref: BugTraq ID: 3977
BugTraq ID: 3978
BugTraq ID: 3981
BugTraq ID: 5785
BugTraq ID: 6344
BugTraq ID: 6393
Common Vulnerability Exposure (CVE) ID: CVE-2002-0216
http://www.securityfocus.com/bid/3977
Bugtraq: 20020129 Xoops SQL fragment disclosure and SQL injection vulnerability (Google Search)
http://online.securityfocus.com/archive/1/252827
http://www.iss.net/security_center/static/8028.php
Common Vulnerability Exposure (CVE) ID: CVE-2002-0217
http://www.securityfocus.com/bid/3978
http://www.securityfocus.com/bid/3981
Bugtraq: 20020129 Xoops Private Message System Script injection (Google Search)
http://online.securityfocus.com/archive/1/252828
http://www.iss.net/security_center/static/8030.php
http://www.iss.net/security_center/static/8025.php
CopyrightThis script is Copyright (C) 2003 Renaud Deraison

This is only one of 87302 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.