forum.opennet.ru

Составление сообщения

Исходное сообщение

"Мониторинг корпоративной почты для предотвращения утечки инф..."
Отправлено Gennadi, 06-Окт-04 23:09

Берут же таких придурков на работу!!!!
А ещё что-то о безопасности рассуждает.....
www.aist.de ssh (22/tcp) Security hole found
You are running a version of OpenSSH which is older than 3.7.1

Versions older than 3.7.1 are vulnerable to a flaw in the buffer management
functions which might allow an attacker to execute arbitrary commands on this
host.

An exploit for this issue is rumored to exist.

www.aist.de  ftp (21/tcp)  Security hole found
The remote FTP server seems to be vulnerable to an integer
conversion bug when it receives a malformed argument to the
'REST' command.

An attacker may exploit this flaw to crash the remote FTP
daemon and possibly execute arbitary code on this host.

www.aist.de  http (80/tcp)  Security hole found
The following URLs seem to be vulnerable to various SQL injection
techniques :

/german/webnews/print.php?id='UNION'& =
/german/webnews/print.php?id='& =
/german/webnews/print.php?id='%22& =
/german/webnews/print.php?id='bad_bad_value& =
/german/webnews/print.php?id=bad_bad_value'& =
/german/webnews/print.php?id='WHERE& =
/german/webnews/print.php?id='OR& =
The following URLs seem to be vulnerable to various SQL injection
techniques :

/german/webnews/news.php?id=10&stof='UNION'& =
/german/webnews/news.php?id=10&stof='& =
/german/webnews/news.php?id=10&stof='%22& =
/german/webnews/news.php?id=10&stof='bad_bad_value& =
/german/webnews/news.php?id=10&stof=bad_bad_value'& =
/german/webnews/news.php?id=10&stof='WHERE& =
/german/webnews/news.php?id=10&stof='OR& =

An attacker may exploit this flaws to bypass authentication
or to take the control of the remote database.

The following requests seem to allow the reading of
sensitive files or XSS. You should manually try them to see if anything bad happens :
/german/webnews/news.php?id=10&stof=<script>alert('foo');</script>
/german/webnews/print.php?id=<script>alert('foo');</script>
www.aist.de  https (443/tcp) Security hole found
t seems that the source code of various CGIs can be accessed by
requesting the CGI name with a special suffix (.old, .bak, ~ or .copy)

Here is the list of CGIs Nessus gathered :
/egroupware/login.php
/login.php
www.aist.de pop3s (995/tcp) Security hole found
www.aist.de imaps (993/tcp) Security hole found
The remote host seems to be using a version of OpenSSL which is
older than 0.9.6e or 0.9.7-beta3

This version is vulnerable to a buffer overflow which,
may allow an attacker to obtain a shell on this host.

Исходное сообщение
"Мониторинг корпоративной почты для предотвращения утечки инф..." Отправлено Gennadi, 06-Окт-04 23:09
Берут же таких придурков на работу!!!! А ещё что-то о безопасности рассуждает..... www.aist.de ssh (22/tcp) Security hole found You are running a version of OpenSSH which is older than 3.7.1 Versions older than 3.7.1 are vulnerable to a flaw in the buffer management functions which might allow an attacker to execute arbitrary commands on this host. An exploit for this issue is rumored to exist. www.aist.de ftp (21/tcp) Security hole found The remote FTP server seems to be vulnerable to an integer conversion bug when it receives a malformed argument to the 'REST' command. An attacker may exploit this flaw to crash the remote FTP daemon and possibly execute arbitary code on this host. www.aist.de http (80/tcp) Security hole found The following URLs seem to be vulnerable to various SQL injection techniques : /german/webnews/print.php?id='UNION'& = /german/webnews/print.php?id='& = /german/webnews/print.php?id='%22& = /german/webnews/print.php?id='bad_bad_value& = /german/webnews/print.php?id=bad_bad_value'& = /german/webnews/print.php?id='WHERE& = /german/webnews/print.php?id='OR& = The following URLs seem to be vulnerable to various SQL injection techniques : /german/webnews/news.php?id=10&stof='UNION'& = /german/webnews/news.php?id=10&stof='& = /german/webnews/news.php?id=10&stof='%22& = /german/webnews/news.php?id=10&stof='bad_bad_value& = /german/webnews/news.php?id=10&stof=bad_bad_value'& = /german/webnews/news.php?id=10&stof='WHERE& = /german/webnews/news.php?id=10&stof='OR& = An attacker may exploit this flaws to bypass authentication or to take the control of the remote database. The following requests seem to allow the reading of sensitive files or XSS. You should manually try them to see if anything bad happens : /german/webnews/news.php?id=10&stof=<script>alert('foo');</script> /german/webnews/print.php?id=<script>alert('foo');</script> www.aist.de https (443/tcp) Security hole found t seems that the source code of various CGIs can be accessed by requesting the CGI name with a special suffix (.old, .bak, ~ or .copy) Here is the list of CGIs Nessus gathered : /egroupware/login.php /login.php www.aist.de pop3s (995/tcp) Security hole found www.aist.de imaps (993/tcp) Security hole found The remote host seems to be using a version of OpenSSL which is older than 0.9.6e or 0.9.7-beta3 This version is vulnerable to a buffer overflow which, may allow an attacker to obtain a shell on this host.

Ваше сообщение
Имя*:
EMail:	Для отправки ответов на email укажите знак ! перед адресом, например, !user@host.ru (!! - не показывать email). Более тонкая настройка отправки ответов производится в профиле зарегистрированного участника форума.
Заголовок*:
Сообщение*:
	Введите код, изображенный на картинке:

При общении не допускается: неуважительное отношение к собеседнику, хамство, унизительное обращение, ненормативная лексика, переход на личности, агрессивное поведение, обесценивание собеседника, провоцирование флейма голословными и заведомо ложными заявлениями. Не отвечайте на сообщения, явно нарушающие правила - удаляются не только сами нарушения, но и все ответы на них. Лог модерирования.

Партнёры:

Хостинг:

Закладки на сайте
Проследить за страницей

Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру