The remote web server is running a PHP application that is affected by multiple attack vectors.
The remote web server is running FireStats, a PHP-based website statistics application. The installed version of FireStats is earlier than 1.6.2. Such versions are reportedly affected by a SQL-injection vulnerability through an unspecified vector.
For your information, the reported version of FireStats is: %L
CVSS Base Score : 7.5 CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
The remote web server is running a PHP application that is affected by multiple attack vectors.
The remote web server is running a version of MyBB earlier than 1.4.8. Such versions reportedly fail to properly sanitize user-supplied data to unspecified parameters in the 'Archive' and 'Attachment' features of the application. An attacker could exploit this flaw to launch cross-site scripting attacks. For your information, the reported version of MyBB is: %L
CVSS Base Score : 4.3 CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N
Copyright Tenable Network Security Inc. 2009]]>2009-07-02T18:16:00-05:00
http://www.tenablesecurity.com/5089.html
Movable Type < 4.26 Multiple Vulnerabilities
Synopsis :
The remote host is vulnerable to multiple attack vectors.
The remote host is running Movable Type, a blogging software for Unix and Windows platforms. The installed version is earlier than 4.26. Such versions are reportedly affected by multiple vulnerabilities :
- An unspecified cross-site scripting vulnerability.
- A security-bypass issue in the 'mt-wizard.cgi' script.
For your information, the reported version of Movable Type is : %L
CVSS Base Score : 4.3 CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N
Copyright Tenable Network Security Inc. 2009]]>2009-07-02T18:16:00-05:00
http://www.tenablesecurity.com/5088.html
Samba Format String and Security Bypass Vulnerabilities
Synopsis :
The remote Samba server may be affected by an unauthorized access vulnerability.
According to its banner, the version of the Samba server on the remote host has a security bypass vulnerability. Access restrictions can be bypassed due to a read of uninitialized data in smbd. This could allow a user to modify an access control list (ACL), even when they should be denied permission.
Note the 'dos filemode' parameter must be set to 'yes' in smb.conf in order for an attack to be successful (the default setting is 'no'). For your information, the reported version of SAMBA is: %L
CVSS Base Score : 3.5 CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:N
Copyright Tenable Network Security Inc. 2009]]>2009-07-02T18:16:00-05:00
http://www.tenablesecurity.com/5087.html
BASE < 1.2.5 Authentication Bypass
Synopsis :
The remote host is running a PHP application that is vulnerable to an authentication bypass attack.
The remote host is running BASE, a web-based tool for analyzing alerts from one or more SNORT sensors. The version of BASE installed on the remote host is earlier than 1.2.5. Such versions are reportedly fail to sufficiently validate 'user', 'role', or passwords against the database in the 'readRoleCookie()' function of the 'includes/base_auth.inc/php' script. An attacker could exploit this in order to bypass authentication and gain unauthorized access to the application. For your information, the reported version of BASE is: %L
CVSS Base Score : 5.0 CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N
The remote web server is running a PHP application that is vulnerable to a SQL-injection attack.
The remote web server is running a version of MyBB earlier than 1.4.7. Such versions reportedly fail to properly sanitize user-supplied data to the 'birthdayprivacy' parameter of the 'usercp.php' script before using it in an SQL query. An attacker could exploit this flaw to access or modify sensitive information. For your information, the reported version of MyBB is: %L
CVSS Base Score : 5.5 CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:N
Copyright Tenable Network Security Inc. 2009]]>2009-07-02T18:16:00-05:00
http://www.tenablesecurity.com/5084.html
Last seen FTP client name
PVS observed at least one FTP session originating from this client address. PVS maintains the most recently seen FTP account used to download files. The detected user login string was: %L
Solution :
Risk factor :
LOW
Copyright Tenable Network Security Inc. 2009]]>2009-07-02T18:16:00-05:00
http://www.tenablesecurity.com/5083.html
Google Chrome < 2.0.172.33 Buffer Overflow vulnerability
Synopsis :
The remote host contains a web browser that is vulnerable to a buffer overflow attack.
The version of Google Chrome installed on the remote host is earlier than 2.0.172.33. Such versions are reportedly affected by a buffer overflow vulnerability when handling certain responses from HTTP servers. An attacker could exploit this issue to cause a denial of service, or execute arbitrary code with the privileges of the logged on user. For you information, the reported version is : %L
CVSS Base Score : 9.3 CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C