Mein Rechner wurde gescannt!!

mega4141

Grünschnabel
Beiträge
4
CGI Scripts: Py-Membres Index.PHP Unauthorized Access Vulnerability
Port: 80
Description: A vulnerability has been reported for Py-Membres 3.1 that allows remote attackers to obtain administrative privileges on vulnerable installations. Reportedly, Py-Membres does not fully check some URI parameters. Thus it is possible for an attacker to manipulate URI parameters and log into the system as an arbitrary user without the need for passwords.
Risk Level: Medium
How To Fix: Upgrading to the most recent version of Midicart PHP.
Related Links: Midicart PHP Homepage

Script: http://www........de/index.php?pymembs=admin


Web Servers: Multiple OpenSSL Remote Buffer Overflow Vulnerabilities
Port: 80
Description: Multiple buffer overflow vulnerabilities have been reported for OpenSSL 0.9.7 and earlier.1. It is possible for the master key supplied by a client to an SSL version 2 server to be oversized. This would cause stack memory to become corrupted. It has been reported that this issue is remotely exploitable. Systems that do not enable SSLv2 functionality are not vulnerable to this issue. This issue has been given CVE ID: CAN-2002-0656.2. A SSL version 3 session ID supplied to a client from a malicious server may be oversized. This would cause a buffer to be overrun and corrupt key memory areas on the client system. This issue has been given CVE ID: CAN-2002-0656.3. A master key supplied to a SSL version 3 server could be oversized. This would cause stack memory on the vulnerable server to become corrupted. This issue only affects systems that use OpenSSL 0.9.7 before 0.9.7-beta3 with Kerberos enabled. This issue has been given CVE ID: CAN-2002-0657.4. An issue with buffers used to hold ASCII representations of integers on 64 bit platforms has been reported. It is possible to overflow these buffers on a vulnerable system if overly large values are submitted by a malicious attacker. This issue has been given CVE ID: CAN-2002-0655.5. Another issue exists with the ASN.1 library used by OpenSSL. Reportedly there are parsing issues with the library. This issue has been given CVD ID: CAN-2002-0659.
Risk Level: High
How To Fix: Upgrade to the current version of OpenSSL.


Wer kann mir über diese Attacken auskunft geben???

cu
mega4141
 

akidda

rookie
Beiträge
17
hi


naja würde dir empfehlen ein IDS zu installieren --- zb.:portsentry ......
 

Ähnliche Themen

Zugriff Ubuntu 16.04. auf Freigabe 18.04. LTS nicht möglich

Email via script via Exchange Server (SASL)

RHEL 6.3 Anaconda bug 824963 Workaround gesucht

Samba 4 Gast Zugang unter Ubuntu funktioniert nicht

JBidWatcher: Problem bei loading Auctions in Verbindung mit mySQL

Neueste Themen

Oben