Vulnerability Solutions
 |
added scans last 7 days |
| The Nimsoft Cloud Monitor Periodic Vulnerability Scan checks for the vulnerability below. To see the most recently added vulnerability solutions that are scanned by WatchMouse, go to the Vulnerability Solutions overview |
| Category: FreeBSD Local Security Checks | Risk factor: High | Added: 31 Jan 2012 |
| Synopsis: The remote FreeBSD host is missing a security-related update. Description: The Postfix Admin Team reports : Multiple XSS vulnerabilities exist : - XSS with $_GET[domain] in templates/menu.php and edit-vacation - XSS in some create-domain input fields - XSS in create-alias and edit-alias error message - XSS (by values stored in the database) in fetchmail list view, list-domain and list-virtual Multiple SQL injection issues exist : - SQL injection in pacrypt() (if $CONF[encrypt] == 'mysql_encrypt') - SQL injection in backup.php - the dump was not mysql_escape()d, therefore users could inject SQL (for example in the vacation message) which will be executed when restoring the database dump. WARNING: database dumps created with backup.php from 2.3.4 or older might contain malicious SQL. Double-check before using them! See also: http://www.nessus.org/u?25791307 http://www.nessus.org/u?a9636ef1 Solution: Update the affected package. Risk factor: High |
||
