Posts Tagged ‘ информации

ACE Stream Media 2.1 (acestream://) Format String Exploit PoC

ACE Stream Media (Ace Player HD) is prone to a remote format string vulnerability because the application fails to properly sanitize user-supplied input thru the URI using the ‘acestream://’ protocol before including it in the format-specifier argument of a formatted-printing function. A remote attacker may exploit this issue to execute arbitrary code with the privileges of the user running the affected application and/or cause memory address disclosure. Failed exploit attempts may cause denial-of-service (DoS) conditions.

aceplayercrash

acestream

Advisory: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5165.php

WordPress WooCommerce Plugin 2.0.17 Cross-Site Scripting Vulnerability

The plugin suffers from a XSS issue due to a failure to properly sanitize user-supplied input to the ‘hide-wc-extensions-message’ parameter in the ‘admin/woocommerce-admin-settings.php’ script. Attackers can exploit this weakness to execute arbitrary HTML and script code in a user’s browser session.

woocommerce_xss2

Advisory: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2013-5156.php

Gnew v2013.1 Multiple XSS And SQL Injection Vulnerabilities

Gnew 2013.1 suffers from multiple cross-site scripting and sql injection vulnerabilities. Input passed via several parameters is not properly sanitised before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code and HTML/script code in a user’s browser session in context of an affected site.

Advisory: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2013-5153.php

GLPI version 0.83.7 and 0.83.8 Multiple Vulnerabilities (SQLi/LFI)

GLPI suffers from a file inclusion vulnerability (LFI) when input passed thru the ‘filetype’ parameter to ‘common.tabs.php’ script is not properly verified before being used to include files. This can be exploited to include files from local resources with directory traversal attacks and URL encoded NULL bytes.

Input passed via the POST parameter ‘users_id_assign’ in ‘/ajax/ticketassigninformation.php’ script, POST parameter ‘filename’ in ‘/front/document.form.php’ script, and POST parameter ‘table’ in ‘/ajax/comments.php’ script is not properly sanitised before being used in SQL queries. This can be exploited by a malicious attacker to manipulate SQL queries by injecting arbitrary SQL code in the affected application.

There are several other parameters vulnerable to SQL Injection attacks. For your convenience, test logs: more_sqli-glpi

Advisory [ZSL-2013-5145]: GLPI v0.83.7 (itemtype) Parameter Traversal Arbitrary File Access Exploit
Advisory [ZSL-2013-5146]: GLPI v0.83.8 Multiple Error-based SQL Injection Vulnerabilities

WordPress Newsletter Plugin 3.2.6 (alert) Reflected XSS Vulnerability

The plugin suffers from a XSS issue due to a failure to properly sanitize user-supplied input to the ‘alert’ GET parameter in the ‘page.php’ script. Attackers can exploit this weakness to execute arbitrary HTML and script code in a user’s browser session.

newsletter_xss

Advisory ID: ZSL-2013-5141
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2013-5141.php

Sony PC Companion Multiple Stack-based Buffer Overflow Vulnerabilities

The vulnerabilities are caused due to a boundary error in several .dll libraries when handling the value assigned to different functions and can be exploited to cause a stack-based buffer overflow via an overly long string which may lead to execution of arbitrary code on the affected machine.

sehchain-sonypc-immdbg

sonypc_immdbg

sonypccuploadmgr

sonyresearch

Advisories:

Sony PC Companion 2.1 (Admin_RemoveDirectory()) Stack-based Unicode Buffer Overload
Sony PC Companion 2.1 (CheckCompatibility()) Stack-based Unicode Buffer Overload
Sony PC Companion 2.1 (Load()) Stack-based Unicode Buffer Overload SEH
Sony PC Companion 2.1 (DownloadURLToFile()) Stack-based Unicode Buffer Overload SEH

t00t

Oracle OpenSSO 8.0 Multiple XSS POST Injection Vulnerabilities

Oracle OpenSSO suffers from multiple cross-site scripting vulnerabilities when input passed via several parameters to several scripts is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user’s browser session in context of an affected site.

Advisory ID: ZSL-2012-5114
Link: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5114.php

Zoho BugTracker Multiple Stored XSS Vulnerabilities

The Bug Tracking Software suffers from a stored XSS vulnerability when parsing user input to the ‘comment’ and ‘mystatus’ parameters via POST method thru ‘bugdetails.do’ and ‘addmystatus.do’ scripts. Attackers can exploit these weaknesses to execute arbitrary HTML and script code in a user’s browser session.

Zoho Bug Tracker

Advisory ID: ZSL-2012-5096
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5096.php

PolarisCMS (blog.aspx) Remote URI Based Cross-Site Scripting Vulnerability

PolarisCMS suffers from a XSS issue when input passed to the function ‘WebForm_OnSubmit()’ via the URL to blog.aspx is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user’s browser session in context of an affected site.

Advisory: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5095.php

Anchor CMS v0.6 Multiple Persistent XSS Vulnerabilities

Anchor CMS suffers from multiple stored and reflected XSS vulnerabilities when parsing user input to several parameters via GET and POST method. Attackers can exploit this weakness to execute arbitrary HTML and script code in a user’s browser session.

Dork: “intext:Powered by Anchor, version 0.6

Advisory ID: ZSL-2012-5085
Advisory details: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5085.php