Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusTenable3690.PRM
HistoryJul 25, 2006 - 12:00 a.m.

VisNetic MailServer < 8.5.0.5 lang_settings Parameter Remote File Inclusion

2006-07-2500:00:00
Tenable
www.tenable.com
5
JSON

The remote host is running VisNetic MailServer, a commercial mail server for the Microsoft platform. The version of VisNetic MailServer installed on the remote host fails to sanitize user-supplied input to the ‘lang_settings’ parameter of the ‘accounts/inc/include.php’ and ‘admin/inc/include.php’ scripts before using it to include PHP code. An unauthenticated attacker may be able to exploit these flaws to view arbitrary files on the remote host or to execute arbitrary PHP code after injecting it into the mail server’s log file.

Binary data 3690.prm
VendorProductVersionCPE
deerfieldvisnetic_mail_servercpe:/a:deerfield:visnetic_mail_server
JSON