| VID |
21812 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The Cerberus GUI Agent, according to its version number, has multiple vulnerabilities. Cerberus GUI Agent is a web graphic user interface about web based email management software. Cerberus GUI Agent versions prior to 2.7.1 are vulnerable to multiple vulnerabilities, which can be exploited by a remote attacker to disclose sensitive information, and to conduct SQL injection and cross-site scripting. A remote attacker who successfully exploited the most severe of these vulnerabilities could execute arbitrary system commands on the vulnerable system.
* Note: This check solely relied on the version number of Cerberus GUI Agent on the remote Web server to assess this vulnerability, so this might be a false positive.
* References:
http://secunia.com/advisories/18112
http://www.securityfocus.com/archive/1/archive/1/420271/100/0/threaded
http://lists.grok.org.uk/pipermail/full-disclosure/2005-December/040324.html
http://forum.cerberusweb.com/showthread.php?s=&postid=30315
* Platforms Affected:
Cerberus GUI Agent versions prior to 2.7.1
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of Cerberus GUI Agent (2.7.1 or later), available from the Cerberus GUI Agent Download Web site at http://www.cerberusweb.com/download/archives |
| Related URL |
CVE-2005-4427,CVE-2005-4428 (CVE) |
| Related URL |
16062 (SecurityFocus) |
| Related URL |
23834,23836 (ISS) |
|
