 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.804110 |
| Categoría: | Web application abuses |
| Título: | Gnew Multiple Vulnerabilities |
| Resumen: | This host is running Gnew and is prone to multiple vulnerabilities |
| Descripción: | Summary: This host is running Gnew and is prone to multiple vulnerabilities Vulnerability Insight: Multiple flaws in Gnew exists due to: - Insufficient filtration of 'friend_email' HTTP POST parameter passed to /news/send.php and users/password.php scripts, 'user_email' HTTP POST parameter passed to /users/register.php script, 'news_id' HTTP POST parameter passed to news/send.php script, 'thread_id' HTTP POST parameter passed to posts/edit.php script, 'story_id' HTTP POST parameter passed to comments/index.php script, 'answer_id' and 'question_id' HTTP POST parameters passed to polls/vote.php script, 'category_id' HTTP POST parameter passed to news/submit.php script, 'post_subject' and 'thread_id' HTTP POST parameters passed to posts/edit.php script. - Insufficient validation of user-supplied input passed via the 'gnew_language' cookie to /users/login.php script. Vulnerability Impact: Successful exploitation will allow remote attackers to execute arbitrary HTML script code in a user's browser session in the context of an affected site, and inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data. Affected Software/OS: Gnew version 2013.1, Other versions may also be affected. Solution: No known solution was made available for at least one year since the disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
| Referencia Cruzada: |
BugTraq ID: 62817 BugTraq ID: 62818 Common Vulnerability Exposure (CVE) ID: CVE-2013-5639 http://www.exploit-db.com/exploits/28684 http://packetstormsecurity.com/files/123482 https://www.htbridge.com/advisory/HTB23171 Common Vulnerability Exposure (CVE) ID: CVE-2013-5640 http://www.securityfocus.com/bid/62817 Common Vulnerability Exposure (CVE) ID: CVE-2013-7349 http://packetstormsecurity.com/files/122771 http://www.zeroscience.mk/en/vulnerabilities/ZSL-2013-5153.php https://www.netsparker.com/critical-xss-sql-injection-vulnerabilities-gnew/ Common Vulnerability Exposure (CVE) ID: CVE-2013-7368 BugTraq ID: 61721 http://www.securityfocus.com/bid/61721 |
| Copyright | Copyright (C) 2013 Greenbone Networks GmbH |
| Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |