NTMail 的VRFY指令漏洞

19次阅读
没有评论

NTMail 的VRFY指令漏洞

漏洞ID 1107521 漏洞类型 未知
发布时间 2003-10-20 更新时间 2005-05-02
NTMail 的VRFY指令漏洞CVE编号 CVE-1999-0819
NTMail 的VRFY指令漏洞CNNVD-ID CNNVD-199912-004
漏洞平台 PHP CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/23264
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-199912-004
|漏洞详情
NTMail存在漏洞。即使管理者明确指示不执行VRFY指令仍能执行此指令。
|漏洞EXP
source: http://www.securityfocus.com/bid/8856/info

It has been reported that DeskPro is prone to multiple SQL injection vulnerabilities due to insufficient sanitization of user-supplied input. The problem is reported to be present in various parameters such as cat, article, and ticketid of the faq.php and view.php modules. This issue may allow a remote attacker to influence SQL query logic in order to compromise the DeskPro application or view/modify sensitive information. The consequences of exploitation may vary depending on the underlying database implementation.

DeskPro version 1.1.0 and prior have been reported to be prone to this issue, however other versions may also be affected. 

http://www.example.com/deskpro_v1/faq.php?cat=45'
http://www.example.com/deskpro_v1/faq.php?article=105'
http://www.example.com/deskpro_v1/view.php?ticketid=1'&ticket_pass=
|参考资料

来源:BUGTRAQ
名称:19991130NTmailandVRFY
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=94398141118586&w;=2

相关推荐: Meteor FTP Server Username Information Disclosure Vulnerability

Meteor FTP Server Username Information Disclosure Vulnerability 漏洞ID 1100161 漏洞类型 Design Error 发布时间 2003-05-27 更新时间 2003-05-27 CVE…

正文完
 0