MapInfo Discovery 1.0/1.1 – Remote Log File Access Information Disclosure

MapInfo Discovery 1.0/1.1 – Remote Log File Access Information Disclosure

漏洞ID 1054524 漏洞类型
发布时间 2004-07-15 更新时间 2004-07-15
图片[1]-MapInfo Discovery 1.0/1.1 – Remote Log File Access Information Disclosure-安全小百科CVE编号 N/A
图片[2]-MapInfo Discovery 1.0/1.1 – Remote Log File Access Information Disclosure-安全小百科CNNVD-ID N/A
漏洞平台 ASP CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/24368
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/10927/info

Multiple remote vulnerabilities are reported in MapInfo Discovery.

The first issue is reported to be an information disclosure vulnerability. An attacker may gain access to potentially sensitive error log information that could aid an attacker in further system compromise.

The second issue is reported to be a cross-site scripting vulnerability. The application fails to properly sanitize user-supplied URI argument data. This could allow for execution of hostile HTML and script code in the web client of a user who visits a malicious link to the vulnerable site. This code execution would occur in the security context of the site hosting the vulnerable software. Exploitation could allow for theft of cookie-based authentication credentials. Other attacks are also possible.

The third issue is reported to be a plaintext password information disclosure vulnerability. An attacker with the ability to sniff network traffic could capture user and SQL database credentials.

The fourth issue is reported to be an administrative login authentication bypass vulnerability. An attacker with a regular user account on the application can gain administrative access.

MapInfo Discovery versions 1.0 and 1.1 are reported susceptible to these vulnerabilities.

http://www.example.com/midiscovery/ErrLog/mi3errors.log

相关推荐: Mailtraq 2.2 – ‘Browse.asp’ Cross-Site Scripting

Mailtraq 2.2 – ‘Browse.asp’ Cross-Site Scripting 漏洞ID 1053931 漏洞类型 发布时间 2003-06-04 更新时间 2003-06-04 CVE编号 N/A CNNVD-ID N/A 漏洞平台 ASP…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享