CGI abuses : aspWebAlbum SQL Injection

Búsqueda de Vulnerabilidad		Buscar 219043 Descripciones CVE y 99761 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.14817

Categoría: CGI abuses

Título: aspWebAlbum SQL Injection

Resumen: NOSUMMARY

Descripción: Description:

The remote host appears to be running aspWebAlbum, an ASP script
designed to faciliate the integration of multiple photo albums in a
web-based application.

There is a flaw in the remote software which may allow anyone
to inject arbitrary SQL commands, which may in turn be used to
gain administrative access on the remote host.

Solution : Upgrade to the latest version of this software
Risk factor : High

Referencia Cruzada: BugTraq ID: 11246
Common Vulnerability Exposure (CVE) ID: CVE-2004-1553
http://www.securityfocus.com/bid/11246
BugTraq ID: 30996
http://www.securityfocus.com/bid/30996
Bugtraq: 20040923 aspWebCalendar /aspWebAlbum: SQL injection (Google Search)
http://marc.info/?l=bugtraq&m=109604910025090&w=2
https://www.exploit-db.com/exploits/6357
https://www.exploit-db.com/exploits/6420
http://osvdb.org/47913
http://osvdb.org/47914
http://secunia.com/advisories/31649
XForce ISS Database: aspwebalbum-album-sql-injection(44877)
https://exchange.xforce.ibmcloud.com/vulnerabilities/44877
XForce ISS Database: aspwebalbum-image-file-upload(44876)
https://exchange.xforce.ibmcloud.com/vulnerabilities/44876
XForce ISS Database: aspwebalbum-sql-injection(17507)
https://exchange.xforce.ibmcloud.com/vulnerabilities/17507
Common Vulnerability Exposure (CVE) ID: CVE-2004-1552
BugTraq ID: 23098
http://www.securityfocus.com/bid/23098
https://www.exploit-db.com/exploits/3546
http://secunia.com/advisories/12651
http://secunia.com/advisories/24622
http://www.vupen.com/english/advisories/2007/1093
XForce ISS Database: aspwebcalendar-calendar-sql-injection(33157)
https://exchange.xforce.ibmcloud.com/vulnerabilities/33157
XForce ISS Database: aspwebcalendar-sql-injection(17506)
https://exchange.xforce.ibmcloud.com/vulnerabilities/17506

Copyright This script is Copyright (C) 2004 Tenable Network Security

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.14817
Categoría:	CGI abuses
Título:	aspWebAlbum SQL Injection
Resumen:	NOSUMMARY
Descripción:	Description: The remote host appears to be running aspWebAlbum, an ASP script designed to faciliate the integration of multiple photo albums in a web-based application. There is a flaw in the remote software which may allow anyone to inject arbitrary SQL commands, which may in turn be used to gain administrative access on the remote host. Solution : Upgrade to the latest version of this software Risk factor : High
Referencia Cruzada:	BugTraq ID: 11246 Common Vulnerability Exposure (CVE) ID: CVE-2004-1553 http://www.securityfocus.com/bid/11246 BugTraq ID: 30996 http://www.securityfocus.com/bid/30996 Bugtraq: 20040923 aspWebCalendar /aspWebAlbum: SQL injection (Google Search) http://marc.info/?l=bugtraq&m=109604910025090&w=2 https://www.exploit-db.com/exploits/6357 https://www.exploit-db.com/exploits/6420 http://osvdb.org/47913 http://osvdb.org/47914 http://secunia.com/advisories/31649 XForce ISS Database: aspwebalbum-album-sql-injection(44877) https://exchange.xforce.ibmcloud.com/vulnerabilities/44877 XForce ISS Database: aspwebalbum-image-file-upload(44876) https://exchange.xforce.ibmcloud.com/vulnerabilities/44876 XForce ISS Database: aspwebalbum-sql-injection(17507) https://exchange.xforce.ibmcloud.com/vulnerabilities/17507 Common Vulnerability Exposure (CVE) ID: CVE-2004-1552 BugTraq ID: 23098 http://www.securityfocus.com/bid/23098 https://www.exploit-db.com/exploits/3546 http://secunia.com/advisories/12651 http://secunia.com/advisories/24622 http://www.vupen.com/english/advisories/2007/1093 XForce ISS Database: aspwebcalendar-calendar-sql-injection(33157) https://exchange.xforce.ibmcloud.com/vulnerabilities/33157 XForce ISS Database: aspwebcalendar-sql-injection(17506) https://exchange.xforce.ibmcloud.com/vulnerabilities/17506
Copyright	This script is Copyright (C) 2004 Tenable Network Security