Archive for September, 2012

Budno Oko

http://liquidworm.deviantart.com/art/Budno-Oko-329192037

ViArt Shop Multiple Vulnerabilities

ViArt Shop suffers from multiple stored cross-site scripting vulnerabilities. The issues are triggered when input passed via several parameters to several scripts is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user’s browser session in context of an affected site. Also, the software suffers from remote arbitrary command execution vulnerability when input passed to the ‘DATA’ POST parameter in ‘sips_response.php’ is not properly sanitised before being used to process product payment data. This can be exploited to execute arbitrary commands via specially crafted requests.

Advisories:

http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5108.php
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5109.php

Spiceworks 6.0.00993 Multiple Script Injection Vulnerabilities

Spiceworks suffers from multiple stored cross-site scripting vulnerabilities. The issues are triggered when input passed via several parameters to several scripts is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user’s browser session in context of an affected site. List of parameters and modules that are affected:

————————————————————————————————————–
# * Parameter * * Module / Component *
————————————————————————————————————–

1. agreement[account] ……………………………….. agreements
2. article[new_references][][url] …………………….. xbb/knowledge_base
3. asset[device_type] ……………………………….. asset
4. asset[mac_address] ……………………………….. asset
5. asset[name] ……………………………………… asset
6. category[name] …………………………………… settings/categories
7. international[global_date_abbrev_format] ……………. settings/advanced/save_international_settings
8. international[global_date_format] ………………….. settings/advanced/save_international_settings
9. international[global_date_time_format] ……………… settings/advanced/save_international_settings
10. international[global_date_simple_format] ……………. settings/advanced/save_international_settings
11. international[global_time_format] ………………….. settings/advanced/save_international_settings
12. navigation[name] …………………………………. my_tools
13. purchase[name] …………………………………… purchases
14. purchase[price] ………………………………….. purchases
15. purchase[purchased_for_name] ………………………. purchases
16. report[description] ………………………………. reports/create
17. vendor[name] …………………………………….. agreements
18. vendor[website] ………………………………….. agreements

————————————————————————————————————–

Advisory: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5107.php

Subrion CMS 2.2.1 XSS / CSRF Vulnerabilities

Subrion CMS suffers from multiple stored and reflected cross-site scripting vulnerabilities. The issues are triggered when input passed via several parameters to several scripts is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user’s browser session in context of an affected site. The application also allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests (Cross-Site Request Forgery – CSRF/XSRF). This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.

Advisories:

Subrion CMS 2.2.1 CSRF Add Admin ExploitZSL-2012-5106
Subrion CMS 2.2.1 Multiple Remote XSS POST Injection VulnerabilitiesZSL-2012-5105

Cannonbolt Portfolio Manager v1.0 Stored XSS and SQL Injection Vulnerabilities

The application suffers from a stored cross-site scripting and a SQL Injection vulnerability when input is passed to the ‘cname’ POST parameter in ‘add-category.php’ and ‘cdel’ GET parameter in ‘del.php’ script which is not properly sanitised before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code or execute arbitrary HTML and script code in a user’s browser session in context of an affected site.

Advisory: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5104.php