Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | |||
Test Kennung: | 1.3.6.1.4.1.25623.1.0.901186 |
Kategorie: | Web application abuses |
Titel: | Symantec IM Manager 'eval()' Code Injection Vulnerability |
Zusammenfassung: | This host is installed with Symantec IM Manager and is prone to; code injection vulnerability. |
Beschreibung: | Summary: This host is installed with Symantec IM Manager and is prone to code injection vulnerability. Vulnerability Insight: The flaw is caused by an input validation error in the 'ScheduleTask' method of the 'IMAdminSchedTask.asp' page within the administration console when processing a POST variable via an 'eval()' call, which could be exploited by attackers to inject and execute arbitrary ASP code by enticing a logged-in console user to visit a malicious link. Vulnerability Impact: Successful exploitation will allow attacker to execute arbitrary code on the system. Affected Software/OS: Symantec IM Manager versions 8.4.16 and prior Solution: Upgarade to Symantec IM Manager version 8.4.17 or later. CVSS Score: 8.5 CVSS Vector: AV:N/AC:M/Au:S/C:C/I:C/A:C |
Querverweis: |
BugTraq ID: 45946 Common Vulnerability Exposure (CVE) ID: CVE-2010-3719 http://www.securityfocus.com/bid/45946 Bugtraq: 20110131 ZDI-11-037: Symantec IM Manager Administrative Interface IMAdminSchedTask.asp Eval Code Injection Remote Code Execution Vulnerability (Google Search) http://www.securityfocus.com/archive/1/516103/100/0/threaded http://www.zerodayinitiative.com/advisories/ZDI-11-037 http://osvdb.org/70755 http://secunia.com/advisories/43143 http://www.vupen.com/english/advisories/2011/0259 XForce ISS Database: immanager-scheduletask-code-execution(65040) https://exchange.xforce.ibmcloud.com/vulnerabilities/65040 |
Copyright | Copyright (C) 2011 Greenbone Networks GmbH |
Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |