FreeBSD : postnuke -- multiple vulnerabilities (0274a9f1-0759-11da-bc08-0001020eed82)

This script is Copyright (C) 2006-2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Postnuke Security Announcementss reports of the following
vulnerabilities :

- missing input validation within /modules/Messages/readpmsg.php

- possible path disclosure within /user.php

- possible path disclosure within /modules/News/article.php

- possible remote code injection within /includes/pnMod.php

- possible cross-site-scripting in /index.php

- remote code injection via xml rpc library

See also :

http://marc.info/?l=bugtraq&m=111721364707520
http://news.postnuke.com/Article2691.html
http://news.postnuke.com/Article2699.html
http://www.nessus.org/u?0a995b31

Solution :

Update the affected package.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
Public Exploit Available : true

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 21379 (freebsd_pkg_0274a9f1075911dabc080001020eed82.nasl)

Bugtraq ID:

CVE ID: CVE-2005-1621
CVE-2005-1695
CVE-2005-1696
CVE-2005-1698
CVE-2005-1777
CVE-2005-1778
CVE-2005-1921

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now