Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | |||
Test Kennung: | 1.3.6.1.4.1.25623.1.0.802388 |
Kategorie: | Web application abuses |
Titel: | Support Incident Tracker SiT! Multiple SQL Injection And XSS Vulnerabilities |
Zusammenfassung: | This host is running Support Incident Tracker and is prone to; multiple sql injection and cross-site scripting vulnerabilities. |
Beschreibung: | Summary: This host is running Support Incident Tracker and is prone to multiple sql injection and cross-site scripting vulnerabilities. Vulnerability Insight: The flaws are due to improper input validation errors in multiple scripts before being used in SQL queries and also allows attackers to execute arbitrary HTML. Vulnerability Impact: Successful exploitation will allow attacker to execute arbitrary HTML and script code in a user's browser session in the context of a vulnerable site and to cause SQL Injection attack to gain sensitive information. Affected Software/OS: Support Incident Tracker before version 3.65. Solution: Upgrade to the Support Incident Tracker version 3.65 or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2011-5071 Bugtraq: 20110726 [PT-2011-25] SQL injection vulnerabilities in Support Incident Tracker (Google Search) http://seclists.org/bugtraq/2011/Jul/174 http://en.securitylab.ru/lab/PT-2011-25 http://secunia.com/advisories/45277 http://secunia.com/advisories/45437 Common Vulnerability Exposure (CVE) ID: CVE-2011-5072 Bugtraq: 20110914 Multiple vulnerabilities in SiT! Support Incident Tracker (Google Search) http://www.securityfocus.com/archive/1/519636 https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_sit_support_incident_tracker.html http://secunia.com/advisories/46019 Common Vulnerability Exposure (CVE) ID: CVE-2011-5073 Common Vulnerability Exposure (CVE) ID: CVE-2011-5074 Common Vulnerability Exposure (CVE) ID: CVE-2011-5075 Bugtraq: 20111119 Support Incident Tracker <= 3.65 (translate.php) Remote Code Execution Vulnerability (Google Search) http://www.securityfocus.com/archive/1/520577 http://www.exploit-db.com/exploits/18132/ http://www.openwall.com/lists/oss-security/2011/11/22/3 |
Copyright | Copyright (c) 2012 Greenbone Networks GmbH |
Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |