Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | |||
Test Kennung: | 1.3.6.1.4.1.25623.1.0.15451 |
Kategorie: | Web application abuses |
Titel: | GoSmart message board multiple flaws |
Zusammenfassung: | The remote host is running GoSmart message board, a bulletin board;manager written in ASP.;;;The remote version of this software contains multiple flaws, due o;to a failure of the application to properly sanitize user-supplied input.;;It is also affected by a cross-site scripting vulnerability.;As a result of this vulnerability, it is possible for a remote attacker;to create a malicious link containing script code that will be executed;in the browser of an unsuspecting user when followed.;;Furthermore, this version is vulnerable to SQL injection flaws that;let an attacker inject arbitrary SQL commands. |
Beschreibung: | Summary: The remote host is running GoSmart message board, a bulletin board manager written in ASP. The remote version of this software contains multiple flaws, due o to a failure of the application to properly sanitize user-supplied input. It is also affected by a cross-site scripting vulnerability. As a result of this vulnerability, it is possible for a remote attacker to create a malicious link containing script code that will be executed in the browser of an unsuspecting user when followed. Furthermore, this version is vulnerable to SQL injection flaws that let an attacker inject arbitrary SQL commands. Solution: Upgrade to the newest version of this software CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
Querverweis: |
BugTraq ID: 11361 Common Vulnerability Exposure (CVE) ID: CVE-2004-1588 http://www.securityfocus.com/bid/11361 Bugtraq: 20041011 [MAxpatrol Security Advisory] Multiple vulnerabilities in GoSmart Message Board (Google Search) http://marc.info/?l=bugtraq&m=109751522823011&w=2 http://secunia.com/advisories/12790/ XForce ISS Database: gosmart-forum-loginexec-sql-injection(17678) https://exchange.xforce.ibmcloud.com/vulnerabilities/17678 Common Vulnerability Exposure (CVE) ID: CVE-2004-1589 XForce ISS Database: gosmart-forum-mainmessageid-xss(17679) https://exchange.xforce.ibmcloud.com/vulnerabilities/17679 |
Copyright | Copyright (C) 2004 David Maciejak |
Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |