ID de Prueba:	1.3.6.1.4.1.25623.1.0.52164
Categoría:	FreeBSD Local Security Checks
Título:	FreeBSD Ports: postnuke
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to the system as announced in the referenced advisory. The following package is affected: postnuke CVE-2005-0617 SQL injection vulnerability in dl-search.php in PostNuke 0.750 and 0.760-RC2 allows remote attackers to execute arbitrary SQL commands via the show parameter. CVE-2005-0615 Multiple SQL injection vulnerabilities in (1) index.php, (2) modules.php, or (3) admin.php in PostNuke 0.760-RC2 allow remote attackers to execute arbitrary SQL code via the catid parameter. Solution: Update your system with the appropriate patches or software upgrades. http://news.postnuke.com/Article2669.html http://marc.theaimsgroup.com/?l=bugtraq&m=110962710805864 http://marc.theaimsgroup.com/?l=bugtraq&m=110962819232255 http://www.vuxml.org/freebsd/f3eec2b5-8cd8-11d9-8066-000a95bc6fae.html CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2005-0617 Bugtraq: 20050228 [SECURITYREASON.COM] PostNuke SQL Injection 0.760-RC2=>x cXIb8O3.3 (Google Search) http://marc.info/?l=bugtraq&m=110962710805864&w=2 http://securitytracker.com/id?1013324 Common Vulnerability Exposure (CVE) ID: CVE-2005-0615 Bugtraq: 20050228 [SECURITYREASON.COM] PostNuke Critical SQL Injection 0.760-RC2=>x (Google Search) http://marc.info/?l=bugtraq&m=110962819232255&w=2
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.