 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.51736 |
| Category: | CGI abuses |
| Title: | pMachine code injection and file disclosure |
| Summary: | NOSUMMARY |
| Description: | Description: pMachine 4.2 suffers from a code injection attack and arbitrary file disclosure vulnerability. The 'mail_autocheck.php' script does not sanitize user input, allowing attackers to perform attacks such as the reading of abritrary files on the remote system, or worse, injecting code via a URL inclusion. Solution: None available. While it _may_ be possible to thwart this attack by disabling the 'register_globals' variable, you may not be able to do so dependent on other applications on your system. It should be noted that while BID 12597 recommends disabling allow_url_fopen, doing so will not prevent a malicious user from reading abitrary fiels such as your password file. Further, this package is no longer maintained by the vendor. It is recommend you remove this software from your system. Risk factor : High CVSS Score: 7.5 |
| Cross-Ref: |
BugTraq ID: 12597 Common Vulnerability Exposure (CVE) ID: CVE-2005-0513 http://www.securityfocus.com/bid/12597 BugTraq ID: 15473 http://www.securityfocus.com/bid/15473 http://marc.info/?l=full-disclosure&m=110883604531802&w=2 |
| Copyright | Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com |
| This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |