JVN Info.
- Id
- 12721
- Name
- JVNDB-2014-001596
- Title
- OpenDocMan の ajax_udf.php における SQL インジェクションの脆弱性
- Summary
- OpenDocMan の ajax_udf.php には、SQL インジェクションの脆弱性が存在します。
- Nvdinfo
- CVE-2014-1945
- Cvssv2
- 7.5
- Jvnurl
- http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-001596.html
- Published Date
- 2014-02-24
- Registered Date
- 2014-03-11
- Last Updated Date
- 2014-03-11
Related Nessuslogs
| Id | Log ID | Jvninfo Id | Plugin ID | CVE | CVSS | Risk | Host | Protocol | Port | Name | Synopsis | Description | Solution | See Also | Plugin Output | Actions |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 51599 | H28_MUN_DWEB_Q4_172_16_240_seg.csv | 12721 | 89678 | CVE-2010-1188 | 9.3 | High | 172.16.240.115 | tcp | 443 | VMware ESX / ESXi Multiple Vulnerabilities (VMSA-2011-0009) (remote check) | The remote VMware ESX / ESXi host is missing a security-related patch. | The remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities : - A flaw exists in the Linux Kernel in the do_anonymous_page() function due to improper separation of the stack and the heap. An attacker can exploit this to execute arbitrary code. (CVE-2010-2240) - A packet filter bypass exists in the Linux Kernel e1000 driver due to processing trailing payload data as a complete frame. A remote attacker can exploit this to bypass packet filters via a large packet with a crafted payload. (CVE-2009-4536) - A use-after-free error exists in the Linux Kernel when IPV6_RECVPKTINFO is set on a listening socket. A remote attacker can exploit this, via a SYN packet while the socket is in a listening (TCP_LISTEN) state, to cause a kernel panic, resulting in a denial of service condition. (CVE-2010-1188) - An array index error exists in the Linux Kernel in the gdth_read_event() function. A local attacker can exploit this, via a negative event index in an IOCTL request, to cause a denial of service condition. (CVE-2009-3080) - A race condition exists in the VMware Host Guest File System (HGFS) that allows guest operating system users to gain privileges by mounting a filesystem on top of an arbitrary directory. (CVE-2011-1787) - A flaw exists in the VMware Host Guest File System (HGFS) that allows a Solaris or FreeBSD guest operating system user to modify arbitrary guest operating system files. (CVE-2011-2145) - A flaw exists in the VMware Host Guest File System (HGFS) that allows guest operating system users to disclose host operating system files and directories. (CVE-2011-2146) - A flaw exists in the bundled Tom Sawyer GET Extension Factory that allows a remote attacker to cause a denial of service condition or the execution of arbitrary code via a crafted HTML document. (CVE-2011-2217) | Apply the appropriate patch according to the vendor advisory that pertains to ESX version 3.5 / 4.0 / 4.1 or ESXi version 3.5 / 4.0 / 4.1 / 5.0. | https://www.vmware.com/security/advisories/VMSA-2011-0009 http://lists.vmware.com/pipermail/security-announce/2011/000158.html | Version : ESX 4.0 Installed build : 208167 Fixed build : 392990 | |
| 57180 | H28_DWEB_NW_Scan_Q1_172_16_240_Seg_20160518_hepxqa.csv | 12721 | 89678 | CVE-2010-1188 | 9.3 | High | 172.16.240.115 | tcp | 443 | VMware ESX / ESXi Multiple Vulnerabilities (VMSA-2011-0009) (remote check) | The remote VMware ESX / ESXi host is missing a security-related patch. | The remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities : - A flaw exists in the Linux Kernel in the do_anonymous_page() function due to improper separation of the stack and the heap. An attacker can exploit this to execute arbitrary code. (CVE-2010-2240) - A packet filter bypass exists in the Linux Kernel e1000 driver due to processing trailing payload data as a complete frame. A remote attacker can exploit this to bypass packet filters via a large packet with a crafted payload. (CVE-2009-4536) - A use-after-free error exists in the Linux Kernel when IPV6_RECVPKTINFO is set on a listening socket. A remote attacker can exploit this, via a SYN packet while the socket is in a listening (TCP_LISTEN) state, to cause a kernel panic, resulting in a denial of service condition. (CVE-2010-1188) - An array index error exists in the Linux Kernel in the gdth_read_event() function. A local attacker can exploit this, via a negative event index in an IOCTL request, to cause a denial of service condition. (CVE-2009-3080) - A race condition exists in the VMware Host Guest File System (HGFS) that allows guest operating system users to gain privileges by mounting a filesystem on top of an arbitrary directory. (CVE-2011-1787) - A flaw exists in the VMware Host Guest File System (HGFS) that allows a Solaris or FreeBSD guest operating system user to modify arbitrary guest operating system files. (CVE-2011-2145) - A flaw exists in the VMware Host Guest File System (HGFS) that allows guest operating system users to disclose host operating system files and directories. (CVE-2011-2146) - A flaw exists in the bundled Tom Sawyer GET Extension Factory that allows a remote attacker to cause a denial of service condition or the execution of arbitrary code via a crafted HTML document. (CVE-2011-2217) | Apply the appropriate patch according to the vendor advisory that pertains to ESX version 3.5 / 4.0 / 4.1 or ESXi version 3.5 / 4.0 / 4.1 / 5.0. | https://www.vmware.com/security/advisories/VMSA-2011-0009 http://lists.vmware.com/pipermail/security-announce/2011/000158.html | Version : ESX 4.0 Installed build : 208167 Fixed build : 392990 |
