English | Deutsch | Español
 
Startseite ▼
Startseite Über uns Kontact Datenschutz Partnerprogramme Zeugnisse In der Presse Mailinglisten Missbrauch Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Sicherheits
Überprüfungs ▼
Home Dediziert Erweitert Standard Wiederkehrend Risikolos Desktop Basis Sicherheits Segal FAQ Preis/Funktionszusammenfassung Bestellen Neue Anfälligkeiten Alle Anfälligkeiten Vertraulichkeit Anfälligkeiten Suche Durchführen Terminkalender IP Permissions Maßgeschneidert Warteschlange Erinnerer Siegel Berichte Berichts Stil
Verwaltetes
DNS ▼
Info Bestellen/Erneuern FAQ AUP Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password
Netzwerk
Überwachung ▼
Enterprise Erweiterte Standard Gratis Test FAQ Preis/Funktionszusammenfassung Bestellen Beispiele
Konfigurieren/Status Alarm Profile
Recherce
Berichte ▼
Home FAQ Glossary Archive
 Anmeldung/Registrierung 
 
 Anfälligkeitssuche        Suche in 219043 CVE Beschreibungen
und 99761 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.804110
Kategorie:Web application abuses
Titel:Gnew Multiple Vulnerabilities
Zusammenfassung:This host is running Gnew and is prone to multiple vulnerabilities
Beschreibung:Summary:
This host is running Gnew and is prone to multiple vulnerabilities

Vulnerability Insight:
Multiple flaws in Gnew exists due to:

- Insufficient filtration of 'friend_email' HTTP POST parameter passed to
/news/send.php and users/password.php scripts, 'user_email' HTTP POST
parameter passed to /users/register.php script, 'news_id' HTTP POST parameter
passed to news/send.php script, 'thread_id' HTTP POST parameter passed to
posts/edit.php script, 'story_id' HTTP POST parameter passed to
comments/index.php script, 'answer_id' and 'question_id' HTTP POST parameters
passed to polls/vote.php script, 'category_id' HTTP POST parameter passed to
news/submit.php script, 'post_subject' and 'thread_id' HTTP POST parameters
passed to posts/edit.php script.

- Insufficient validation of user-supplied input passed via the 'gnew_language'
cookie to /users/login.php script.

Vulnerability Impact:
Successful exploitation will allow remote attackers to execute arbitrary HTML
script code in a user's browser session in the context of an affected site,
and inject or manipulate SQL queries in the back-end database, allowing
for the manipulation or disclosure of arbitrary data.

Affected Software/OS:
Gnew version 2013.1, Other versions may also be affected.

Solution:
No known solution was made available for at least one year since the disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Querverweis: BugTraq ID: 62817
BugTraq ID: 62818
Common Vulnerability Exposure (CVE) ID: CVE-2013-5639
http://www.exploit-db.com/exploits/28684
http://packetstormsecurity.com/files/123482
https://www.htbridge.com/advisory/HTB23171
Common Vulnerability Exposure (CVE) ID: CVE-2013-5640
http://www.securityfocus.com/bid/62817
Common Vulnerability Exposure (CVE) ID: CVE-2013-7349
http://packetstormsecurity.com/files/122771
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2013-5153.php
https://www.netsparker.com/critical-xss-sql-injection-vulnerabilities-gnew/
Common Vulnerability Exposure (CVE) ID: CVE-2013-7368
BugTraq ID: 61721
http://www.securityfocus.com/bid/61721
CopyrightCopyright (C) 2013 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.



© 1998-2024 E-Soft Inc. Alle Rechte vorbehalten.