Posts Tagged ‘ закрпа

LimeSurvey v2.00+ (build 131107) Script Insertion And SQL Injection Vulnerability

LimeSurvey suffers from a stored cross-site scripting and SQL Injection vulnerability. Input passed to the ‘label_name’ POST parameter is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user’s browser session in context of an affected site. Input passed to the ‘group_name’ POST parameter is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

limesurvey-sql

Advisory [ZSL-2013-5161]:
LimeSurvey v2.00+ (build 131107) Script Insertion And SQL Injection Vulnerability

Vendor patch:
http://bugs.limesurvey.org/plugin.php?page=Source/view&id=13491
http://bugs.limesurvey.org/plugin.php?page=Source/view&id=13494
http://www.limesurvey.org/en/stable-release

WordPress WooCommerce Plugin 2.0.17 Cross-Site Scripting Vulnerability

The plugin suffers from a XSS issue due to a failure to properly sanitize user-supplied input to the ‘hide-wc-extensions-message’ parameter in the ‘admin/woocommerce-admin-settings.php’ script. Attackers can exploit this weakness to execute arbitrary HTML and script code in a user’s browser session.

woocommerce_xss2

Advisory: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2013-5156.php

Atlassian JIRA v6.0.3 Arbitrary HTML/Script Execution Vulnerability

JIRA suffers from a reflected XSS issue due to a failure to properly sanitize user-supplied input to the ‘name’ GET parameter in the ‘deleteuserconfirm.jsp’ script. Attackers can exploit this weakness to execute arbitrary HTML and script code in a user’s browser session.

Advisory: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2013-5151.php

jira_credits

jira2_xss

jira-workflow

Cisco.com закрпен од XSS ранливост

Ранливост од типот XSS (Cross-Site Scripting) беше пронајдена на еден од под-домените на Cisco официјалната страница. Пронајдената ранливост (23.04.2013) веднаш беше пријавена до безбедносниот тим на Cisco кадешто одговорија веднаш и стапија во соработка со Zero Science Lab за креирање на закрпа.

Закрпата е имплементирана од 15 јули, 2013 година. Поздрав до Cisco Emergency Response Team ;]

cisco_xss1

Barracuda SSL VPN 680Vx 2.3.3.193 Multiple Stored XSS Vulnerabilities

Barracuda SSL VPN suffers from multiple stored XSS vulnerabilities when parsing user input to several parameters via POST method. Attackers can exploit these weaknesses to execute arbitrary HTML and script code in a user’s browser session.

Advisory: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2013-5147.php

barr1_xss

barr2_xss

barr3_xss

barr4_xss

barr5_xss

WordPress Newsletter Plugin 3.2.6 (alert) Reflected XSS Vulnerability

The plugin suffers from a XSS issue due to a failure to properly sanitize user-supplied input to the ‘alert’ GET parameter in the ‘page.php’ script. Attackers can exploit this weakness to execute arbitrary HTML and script code in a user’s browser session.

newsletter_xss

Advisory ID: ZSL-2013-5141
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2013-5141.php

CMSLogik 1.2.1 Multiple Vulnerabilities

CMSLogik suffers from multiple stored XSS, arbitrary file upload and user enumeration weakness.

Advisories:

CMSLogik 1.2.1 Multiple Persistent XSS Vulnerabilities
CMSLogik 1.2.1 (user param) User Enumeration Weakness
CMSLogik 1.2.1 (upload_file_ajax()) Shell Upload Exploit

cmslogikenum2



OpenEMR 4.1.1 (site param) Remote XSS Vulnerability

OpenEMR suffers from a XSS issue due to a failure to properly sanitize user-supplied input to the ‘site’ GET parameter in the central ‘globals.php’ script which is called by every script. Attackers can exploit this weakness to execute arbitrary HTML and script code in a user’s browser session.

Advisory: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2013-5129.php

Vendor: http://www.open-emr.org/wiki/index.php/OpenEMR_Patches

Squirrelcart v3.5.4 (table) Remote Cross-Site Scripting Vulnerability

Squirrelcart suffers from a XSS issue due to a failure to properly sanitize user-supplied input to the ‘table’ GET parameter in the ‘index.php’ script. Attackers can exploit this weakness to execute arbitrary HTML and script code in a user’s browser session.

Squirrelcart XSS

Vendor:

Squirrelcart Security Patch #SC130218
Release date: 02/19/2013

XSS (Cross Site Scripting) vulnerability patch
Affected Squirrelcart versions: v2.0.0 – 3.5.4

How to find your version number:
———————————————————————
You can locate your Squirrelcart version in the upper right hand corner of your control panel.

Patch Info and Instructions
———————————————————————
This is a patch for protecting against a XSS (Cross Site Scripting) vulnerability that was discovered on 02/19/2013 by Zero Science Lab:
http://www.zeroscience.mk/. This vulnerability is due to the table parameter passed in the control panel not being sanitized properly,
and can result in HTML or Javascript being inserted into the page.

http://www.squirrelcart.com/downloads.php
http://www.squirrelcart.com/index.php?downloads=1&id=123

ZSL Advisory: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2013-5128.php

NASA Tri-Agency Climate Education (TrACE) Multiple Vulnerabilities

The Tri-Agency Climate Education (TrACE) Catalog provides search and browse access to a catalog of educational products and resources. TrACE focuses on climate education resources that have been developed by initiatives funded through NASA, NOAA, and NSF, comprising a tri-agency collaboration around climate education.

The application suffers from a reflected cross-site scripting vulnerability when input is passed to the ‘product_id’, ‘pi’, ‘project_id’ and ‘funder’ GET parameters in ‘trace_results.php’ script which is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user’s browser session in context of an affected site. The application also suffers from an SQL Injection vulnerabilities when input is passed to the ‘product_id’ and ‘grade’ GET parameters in ‘trace_results.php’ script which is not properly sanitised before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Advisories:

http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5111.php
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5112.php