Anfälligkeitssuche        Suche in 219043 CVE Beschreibungen
und 99761 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.902611
Kategorie:Web application abuses
Titel:Chyrp Multiple Directory Traversal Vulnerabilities
Zusammenfassung:The host is running Chyrp and is prone to Multiple directory; traversal vulnerabilities.
Beschreibung:Summary:
The host is running Chyrp and is prone to Multiple directory
traversal vulnerabilities.

Vulnerability Insight:
Multiple flaws are due to improper validation of user supplied input to
'file' parameter in 'includes/lib/gz.php' and 'action' parameter in
'index.php' before being used to include files.

Vulnerability Impact:
Successful exploitation will allow the attackers to read arbitrary files
and gain sensitive information on the affected application.

Affected Software/OS:
Chyrp version prior to 2.1.1

Solution:
Upgrade to Chyrp version 2.1.1

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Querverweis: BugTraq ID: 48672
Common Vulnerability Exposure (CVE) ID: CVE-2011-2780
http://www.securityfocus.com/bid/48672
Bugtraq: 20110713 [oCERT-2011-001] Chyrp input sanitization errors (Google Search)
http://www.securityfocus.com/archive/1/518890/100/0/threaded
http://www.justanotherhacker.com/advisories/JAHx113.txt
http://www.ocert.org/advisories/ocert-2011-001.html
http://www.openwall.com/lists/oss-security/2011/07/13/6
http://www.openwall.com/lists/oss-security/2011/07/13/5
http://osvdb.org/73891
http://secunia.com/advisories/45184
http://securityreason.com/securityalert/8312
XForce ISS Database: chyrp-gz-directory-traversal(68565)
https://exchange.xforce.ibmcloud.com/vulnerabilities/68565
Common Vulnerability Exposure (CVE) ID: CVE-2011-2744
http://osvdb.org/73890
XForce ISS Database: chyrp-action-local-file-include(68564)
https://exchange.xforce.ibmcloud.com/vulnerabilities/68564
CopyrightCopyright (C) 2011 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2024 E-Soft Inc. Alle Rechte vorbehalten.