 |
Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | ||
| Test Kennung: | 1.3.6.1.4.1.25623.1.0.17343 |
| Kategorie: | Web application abuses |
| Titel: | phpWebLog Cross Site Scripting |
| Zusammenfassung: | The remote web server is running phpWebLog, a news and content management; system written in PHP that is prone to several flaws, including possibly arbitrary code execution. |
| Beschreibung: | Summary: The remote web server is running phpWebLog, a news and content management system written in PHP that is prone to several flaws, including possibly arbitrary code execution. Vulnerability Impact: Due to improper filtering done by 'search.php' a remote attacker can cause the phpWebLog product to include arbitrary HTML and/or JavaScript. An attacker may use this bug to perform a cross site scripting attack using the remote host. There are also reportedly two flaws that, if PHP's 'register_globals' setting is enabled, allow for local file disclosure and arbitrary code execution. Solution: Disable this script. CVSS Score: 4.6 CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P |
| Querverweis: |
BugTraq ID: 12747 Common Vulnerability Exposure (CVE) ID: CVE-2005-0698 http://www.securityfocus.com/bid/12747 Bugtraq: 20050307 phpWebLog <= 0.5.3 arbitrary file inclusion (VXSfx) (Google Search) http://www.securityfocus.com/archive/1/392552 |
| Copyright | Copyright (C) 2005 Noam Rathaus |
| Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |