Users of Pandora FMS please be advised of an Authentication Bypass and Multiple Input Validation Vulnerabilities that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
Amplify’d from www.criticalwatch.com
Pandora-SA-11/30/2010: Pandora FMS Authentication Bypass and Multiple Input Validation Vulnerabilities
Pandora FMS Authentication Bypass and Multiple Input ValidationRead more at www.criticalwatch.com
Vulnerabilities
CVE IDs in this security advisory:
1) Authentication bypass - CVE-2010-4279
2) OS Command Injection - CVE-2010-4278
3) SQL Injection - CVE-2010-4280
4) Blind SQL Injection - CVE-2010-4280
5) Path Traversal - CVE-2010-4281 - CVE-2010-4282 - CVE-2010-4283
See this Amp at http://bit.ly/dYg6Y0
aduayam
ReplyDelete