PPIM Multiple Remote Vulnerabilities Network Vulnerability

Summary

This host is running pPIM. pPIM is an information manger that can hold contacts, events in a calendar, links, send emails, check email, store notes, and uploads files. pPIM is prone to multiple vulnerabilities, including two security-bypass issues, a cross-site scripting issue, and a file-upload issue. Attackers can exploit these issues to: - execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site - steal cookie-based authentication credentials - delete local files within the context of the webserver process - upload arbitrary PHP scripts and execute them in the context of the webserver - change user passwords These issues affect pPIM 1.0 and prior versions. Seee http://www.phlatline.org/index.php?page=prod-ppim and http://www.securityfocus.com/bid/30627 for further informations.

Solution

Uninstall pPIM.

Severity

Classification

CVE CVE-2008-4425

CVSS	Base Score: 8.8 AV:N/AC:M/Au:N/C:N/I:C/A:C

Related Vulnerabilities

AlienVault Open Source SIEM (OSSIM) 'timestamp' Parameter Directory Traversal Vulnerability
Apache Struts2 Redirection and Security Bypass Vulnerabilities
Apache Tomcat /servlet Cross Site Scripting
b2ePMS Multiple SQL Injection Vulnerabilities
Alcatel-Lucent OmniPCX Enterprise Remote Command Execution Vulnerability

pPIM Multiple Remote Vulnerabilities

Take action and discover your vulnerabilities