NTMail 的VRFY指令漏洞

NTMail 的VRFY指令漏洞

漏洞ID 1107521 漏洞类型 未知
发布时间 2003-10-20 更新时间 2005-05-02
图片[1]-NTMail 的VRFY指令漏洞-安全小百科CVE编号 CVE-1999-0819
图片[2]-NTMail 的VRFY指令漏洞-安全小百科CNNVD-ID CNNVD-199912-004
漏洞平台 PHP CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/23264
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-199912-004
|漏洞详情
NTMail存在漏洞。即使管理者明确指示不执行VRFY指令仍能执行此指令。
|漏洞EXP
source: http://www.securityfocus.com/bid/8856/info

It has been reported that DeskPro is prone to multiple SQL injection vulnerabilities due to insufficient sanitization of user-supplied input. The problem is reported to be present in various parameters such as cat, article, and ticketid of the faq.php and view.php modules. This issue may allow a remote attacker to influence SQL query logic in order to compromise the DeskPro application or view/modify sensitive information. The consequences of exploitation may vary depending on the underlying database implementation.

DeskPro version 1.1.0 and prior have been reported to be prone to this issue, however other versions may also be affected. 

http://www.example.com/deskpro_v1/faq.php?cat=45'
http://www.example.com/deskpro_v1/faq.php?article=105'
http://www.example.com/deskpro_v1/view.php?ticketid=1'&ticket_pass=
|参考资料

来源:BUGTRAQ
名称:19991130NTmailandVRFY
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=94398141118586&w;=2

相关推荐: Meteor FTP Server Username Information Disclosure Vulnerability

Meteor FTP Server Username Information Disclosure Vulnerability 漏洞ID 1100161 漏洞类型 Design Error 发布时间 2003-05-27 更新时间 2003-05-27 CVE…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享