Web application abuses : GoSmart message board multiple flaws

Anfälligkeitssuche		Suche in 219043 CVE Beschreibungen und 99761 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.15451

Kategorie: Web application abuses

Titel: GoSmart message board multiple flaws

Zusammenfassung: The remote host is running GoSmart message board, a bulletin board;manager written in ASP.;;;The remote version of this software contains multiple flaws, due o;to a failure of the application to properly sanitize user-supplied input.;;It is also affected by a cross-site scripting vulnerability.;As a result of this vulnerability, it is possible for a remote attacker;to create a malicious link containing script code that will be executed;in the browser of an unsuspecting user when followed.;;Furthermore, this version is vulnerable to SQL injection flaws that;let an attacker inject arbitrary SQL commands.

Beschreibung: Summary:
The remote host is running GoSmart message board, a bulletin board
manager written in ASP.

The remote version of this software contains multiple flaws, due o
to a failure of the application to properly sanitize user-supplied input.

It is also affected by a cross-site scripting vulnerability.
As a result of this vulnerability, it is possible for a remote attacker
to create a malicious link containing script code that will be executed
in the browser of an unsuspecting user when followed.

Furthermore, this version is vulnerable to SQL injection flaws that
let an attacker inject arbitrary SQL commands.

Solution:
Upgrade to the newest version of this software

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Querverweis: BugTraq ID: 11361
Common Vulnerability Exposure (CVE) ID: CVE-2004-1588
http://www.securityfocus.com/bid/11361
Bugtraq: 20041011 [MAxpatrol Security Advisory] Multiple vulnerabilities in GoSmart Message Board (Google Search)
http://marc.info/?l=bugtraq&m=109751522823011&w=2
http://secunia.com/advisories/12790/
XForce ISS Database: gosmart-forum-loginexec-sql-injection(17678)
https://exchange.xforce.ibmcloud.com/vulnerabilities/17678
Common Vulnerability Exposure (CVE) ID: CVE-2004-1589
XForce ISS Database: gosmart-forum-mainmessageid-xss(17679)
https://exchange.xforce.ibmcloud.com/vulnerabilities/17679

Copyright Copyright (C) 2004 David Maciejak

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.15451
Kategorie:	Web application abuses
Titel:	GoSmart message board multiple flaws
Zusammenfassung:	The remote host is running GoSmart message board, a bulletin board;manager written in ASP.;;;The remote version of this software contains multiple flaws, due o;to a failure of the application to properly sanitize user-supplied input.;;It is also affected by a cross-site scripting vulnerability.;As a result of this vulnerability, it is possible for a remote attacker;to create a malicious link containing script code that will be executed;in the browser of an unsuspecting user when followed.;;Furthermore, this version is vulnerable to SQL injection flaws that;let an attacker inject arbitrary SQL commands.
Beschreibung:	Summary: The remote host is running GoSmart message board, a bulletin board manager written in ASP. The remote version of this software contains multiple flaws, due o to a failure of the application to properly sanitize user-supplied input. It is also affected by a cross-site scripting vulnerability. As a result of this vulnerability, it is possible for a remote attacker to create a malicious link containing script code that will be executed in the browser of an unsuspecting user when followed. Furthermore, this version is vulnerable to SQL injection flaws that let an attacker inject arbitrary SQL commands. Solution: Upgrade to the newest version of this software CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Querverweis:	BugTraq ID: 11361 Common Vulnerability Exposure (CVE) ID: CVE-2004-1588 http://www.securityfocus.com/bid/11361 Bugtraq: 20041011 [MAxpatrol Security Advisory] Multiple vulnerabilities in GoSmart Message Board (Google Search) http://marc.info/?l=bugtraq&m=109751522823011&w=2 http://secunia.com/advisories/12790/ XForce ISS Database: gosmart-forum-loginexec-sql-injection(17678) https://exchange.xforce.ibmcloud.com/vulnerabilities/17678 Common Vulnerability Exposure (CVE) ID: CVE-2004-1589 XForce ISS Database: gosmart-forum-mainmessageid-xss(17679) https://exchange.xforce.ibmcloud.com/vulnerabilities/17679
Copyright	Copyright (C) 2004 David Maciejak