CGI abuses : PHPsysInfo Multiple Input Validation Vulnerabilities

Búsqueda de Vulnerabilidad		Buscar 219043 Descripciones CVE y 99761 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.56842

Categoría: CGI abuses

Título: PHPsysInfo Multiple Input Validation Vulnerabilities

Resumen: NOSUMMARY

Descripción: Description:

The remote host is running phpSysInfo, which according to its version
number, is vulnerable to a number of vulnerabilites. These include
an arbitrary file disclosure vulnerability, an HTTP response-splitting
vulnerability, and various cross-site scripting attacks, all due to
insufficient sanitization of user-supplied input.

Versions prior to 2.4.1 are vulnerable.

Solution : Upgrade to 2.4.1 or later.

Risk factor : High

CVSS Score:
6.8

Referencia Cruzada: BugTraq ID: 15414
Common Vulnerability Exposure (CVE) ID: CVE-2005-3347
BugTraq ID: 15396
http://www.securityfocus.com/bid/15396
http://www.securityfocus.com/bid/15414
Bugtraq: 20051115 Advisory 22/2005: Multiple vulnerabilities in phpSysInfo (Google Search)
http://www.securityfocus.com/archive/1/416543
Debian Security Information: DSA-897 (Google Search)
http://www.debian.org/security/2005/dsa-897
Debian Security Information: DSA-898 (Google Search)
http://www.debian.org/security/2005/dsa-898
Debian Security Information: DSA-899 (Google Search)
http://www.debian.org/security/2005/dsa-899
http://www.gentoo.org/security/en/glsa/glsa-200511-18.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2005:212
http://www.hardened-php.net/advisory_212005.81.html
http://secunia.com/advisories/17441
http://secunia.com/advisories/17570
http://secunia.com/advisories/17584
http://secunia.com/advisories/17616
http://secunia.com/advisories/17620
http://secunia.com/advisories/17643
http://secunia.com/advisories/17698
XForce ISS Database: phpsysinfo-registerglobal-data-manipulation(23107)
https://exchange.xforce.ibmcloud.com/vulnerabilities/23107
Common Vulnerability Exposure (CVE) ID: CVE-2005-3348
Common Vulnerability Exposure (CVE) ID: CVE-2005-0536
http://www.gentoo.org/security/en/glsa/glsa-200502-33.xml
http://securitytracker.com/id?1013260
http://secunia.com/advisories/14360

Copyright Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.56842
Categoría:	CGI abuses
Título:	PHPsysInfo Multiple Input Validation Vulnerabilities
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is running phpSysInfo, which according to its version number, is vulnerable to a number of vulnerabilites. These include an arbitrary file disclosure vulnerability, an HTTP response-splitting vulnerability, and various cross-site scripting attacks, all due to insufficient sanitization of user-supplied input. Versions prior to 2.4.1 are vulnerable. Solution : Upgrade to 2.4.1 or later. Risk factor : High CVSS Score: 6.8
Referencia Cruzada:	BugTraq ID: 15414 Common Vulnerability Exposure (CVE) ID: CVE-2005-3347 BugTraq ID: 15396 http://www.securityfocus.com/bid/15396 http://www.securityfocus.com/bid/15414 Bugtraq: 20051115 Advisory 22/2005: Multiple vulnerabilities in phpSysInfo (Google Search) http://www.securityfocus.com/archive/1/416543 Debian Security Information: DSA-897 (Google Search) http://www.debian.org/security/2005/dsa-897 Debian Security Information: DSA-898 (Google Search) http://www.debian.org/security/2005/dsa-898 Debian Security Information: DSA-899 (Google Search) http://www.debian.org/security/2005/dsa-899 http://www.gentoo.org/security/en/glsa/glsa-200511-18.xml http://www.mandriva.com/security/advisories?name=MDKSA-2005:212 http://www.hardened-php.net/advisory_212005.81.html http://secunia.com/advisories/17441 http://secunia.com/advisories/17570 http://secunia.com/advisories/17584 http://secunia.com/advisories/17616 http://secunia.com/advisories/17620 http://secunia.com/advisories/17643 http://secunia.com/advisories/17698 XForce ISS Database: phpsysinfo-registerglobal-data-manipulation(23107) https://exchange.xforce.ibmcloud.com/vulnerabilities/23107 Common Vulnerability Exposure (CVE) ID: CVE-2005-3348 Common Vulnerability Exposure (CVE) ID: CVE-2005-0536 http://www.gentoo.org/security/en/glsa/glsa-200502-33.xml http://securitytracker.com/id?1013260 http://secunia.com/advisories/14360
Copyright	Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com