Posts Tagged ‘ advisory ’
The vulnerability is caused due to a boundary error in the processing of a playlist file, which can be exploited to cause a heap based buffer overflow when a user opens e.g. a specially crafted .M3U file. Successful exploitation could allow execution of arbitrary code on the affected node.
Apple: http://support.apple.com/kb/HT5318
ZSL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5093.php
PyroCMS suffers from a stored XSS and HTTP Response Splitting vulnerability when parsing user input to the ‘title’ and ‘redirect_to’ parameters via POST method thru ‘index.php’ script. Attackers can exploit these weaknesses to execute arbitrary HTML and script code in a user’s browser session or insert arbitrary HTTP headers, which are included in a response sent to the user.
Advisory ID: ZSL-2012-5092
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5092.php
Artiphp stores database backups using backupDB() utility with a predictable file name inside the web root, which can be exploited to disclose sensitive information by downloading the file. The backup is located in ‘/artzone/artpublic/database/’ directory as ‘db_backup_[type].[yyyy-mm-dd].sql.gz’ filename.
Advisory ID: ZSL-2012-5091
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5091.php
Artiphp CMS suffers from multiple cross-site scripting vulnerabilities via several parameters thru POST method. Attackers can exploit these weaknesses to execute arbitrary HTML and script code in a user’s browser session.
Advisory ID: ZSL-2012-5090
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5090.php
PoC:
POST /artpublic/recommandation/index.php HTTP/1.1
Content-Length: 619
Content-Type: application/x-www-form-urlencoded
Cookie: ARTI=tsouvg67cld88k9ihbqfgk3k77
Host: localhost:80
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
add_img_name_post "onmouseover=prompt(1) joxy
adresse_destinataire
adresse_expediteur lab%40zeroscience.mk
asciiart_post "onmouseover=prompt(2) joxy
expediteur "onmouseover=prompt(3) joxy
message Hello%20World
message1 %ef%bf%bd%20Recommand%20%ef%bf%bd%0a%bb%20http%3a%2f%2flocalhost%2fartpublic%2frecommandation%2f
send Send
titre_sav "onmouseover=prompt(4) joxy
url_sav http%3a%2f%2flocalhost%2fartpublic%2frecommandation%2f
z39d27af885b32758ac0e7d4014a61561 "onmouseover=prompt(5) joxy
zd178e6cdc57b8d6ba3024675f443e920 2
backupDB is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to the ‘onlyDB’ parameter of the ‘backupDB.php’ script. Attackers can exploit this weakness to execute arbitrary HTML and script code in a user’s browser session.
Advisory ID: ZSL-2012-5089
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5089.php
phpThumb is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to the ‘dir’ and the ‘title’ parameter of the ‘phpThumb.demo.random.php’ and ‘phpThumb.demo.showpic.php’ scripts. Attackers can exploit this weakness to execute arbitrary HTML and script code in a user’s browser session.
Advisory ID: ZSL-2012-5088
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5088.php
Andromeda is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to the ‘s’ parameter of the ‘andromeda.php’ script.
Advisory ID: ZSL-2012-5087
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5087.php
Dork: “powered by andromeda version”
PoC: http://localhost/AndromedaPHP/andromeda.php?q=s&s=”><script>alert(1);</script>
Baby Gekko CMS suffers from multiple stored (post-auth) XSS vulnerabilities and path disclosure issues when parsing user input to several parameters via GET and POST method. Attackers can exploit this weakness to execute arbitrary HTML and script code in a user’s browser session or disclose the full installation path of the affected CMS.
——————————————————————————–
Reflected (Non-Persistent) XSS:
1. username
2. password
3. verification_code
4. email_address
5. password_verify
6. firstname
7. lastname
Stored (Persistent) XSS:
8. groupname
9. virtual_filename
10. branch
11. contact_person
12. street
13. city
14. province
15. postal
16. country
17. tollfree
18. phone
19. fax
20. mobile
21. title
22. meta_key
23. meta_description
——————————————————————————–
Advisory: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5086.php
Vendor: http://www.babygekko.com/site/news/general/baby-gekko-v1-2-0-released-with-3rd-party-independent-security-testing-performed-by-zero-science-lab.html
Anchor CMS suffers from multiple stored and reflected XSS vulnerabilities when parsing user input to several parameters via GET and POST method. Attackers can exploit this weakness to execute arbitrary HTML and script code in a user’s browser session.
Dork: “intext:Powered by Anchor, version 0.6”
Advisory ID: ZSL-2012-5085
Advisory details: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5085.php
BGS CMS suffers from multiple stored and reflected XSS vulnerabilities when parsing user input to several parameters via GET and POST method (post-auth). Attackers can exploit this weakness to execute arbitrary HTML and script code in a user’s browser session.
Dork: footer: “powered by BGS CMS”
Advisory ID: ZSL-2012-5084
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5084.php
IT.com.mk Exploit Database