Posts Tagged ‘ multiple

Stark CRM v1.0 Multiple Script Injection And Session Riding Vulnerabilities

Multiple stored XSS and CSRF vulnerabilities exist when parsing user input to several POST parameters. The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site and/or execute arbitrary HTML and script code in a user’s browser session.

starkcrm_xss

Advisory: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5169.php

ImpressPages CMS 3.6 Multiple Vulnerabilities (XSS/SQLi/FD/RCE)

Input passed via several parameters is not properly sanitized before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code and HTML/script code in a user’s browser session in context of an affected site.

Input passed to the ‘files[0][file]’ parameter in ‘/ip_cms/modules/administrator/repository/controller.php’ is not properly sanitised before being used to delete files. This can be exploited to delete files with the permissions of the web server via directory traversal sequences passed within the affected POST parameter.

The RCE vulnerability is caused due to the improper verification of uploaded files in ‘/ip_cms/modules/developer/config_exp_imp/manager.php’ script thru the ‘manage()’ function (@line 65) when importing a configuration file. This can be exploited to execute arbitrary PHP code by uploading a malicious PHP script file that will be stored in ‘/file/tmp’ directory after successful injection. Permission Developer[Modules exp/imp] is required (parameter ‘i_n_2[361]’ = on) for successful exploitation.

impresspages-linux-exploit44

impresspages-rce44

Advisories:

ImpressPages CMS v3.6 Multiple XSS/SQLi Vulnerabilities
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2013-5157.php

ImpressPages CMS v3.6 Remote Arbitrary File Deletion Vulnerability
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2013-5158.php

ImpressPages CMS v3.6 manage() Function Remote Code Execution Exploit
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2013-5159.php

Vendor: http://www.impresspages.org/blog/impresspages-cms-3-7-is-mobile-as-never-before/

Ovidentia 7.9.4 Multiple Remote Vulnerabilities

Input passed via several parameters is not properly sanitized before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code and HTML/script code in a user’s browser session in context of an affected site.

ovidentia-sqli2

Advisory: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2013-5154.php

Gnew v2013.1 Multiple XSS And SQL Injection Vulnerabilities

Gnew 2013.1 suffers from multiple cross-site scripting and sql injection vulnerabilities. Input passed via several parameters is not properly sanitised before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code and HTML/script code in a user’s browser session in context of an affected site.

Advisory: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2013-5153.php

FluxBB 1.5.3 Multiple Remote Vulnerabilities

FluxBB suffers from a cross-site scripting, cross-site request forgery and URL redirect vulnerability. The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site. Input passed via the ‘redirect_url’ parameter in ‘misc.php’ script is not properly verified before being used to redirect users. This can be exploited to redirect a user to an arbitrary website e.g. when a user clicks a specially crafted link to the affected script hosted on a trusted domain. It also fails to properly sanitize user-supplied input to the ‘form[board_title]’ POST parameter in the ‘admin_options.php’ script. Attackers can exploit this weakness to execute arbitrary HTML and script code in a user’s browser session.

fluxbb_xss

Advisory: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2013-5150.php

Qool CMS v2.0 RC2 Cross-Site Scripting and Cross-Site Request Forgery Vulnerabilities

Qool CMS suffers from multiple persistent cross-site scripting vulnerabilities. The issues are triggered when input passed via several POST parameters to several scripts is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user’s browser session in context of an affected site. Also, Qool CMS allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.

Qool CMS XSS

Advisory ZSL-2013-5133: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2013-5133.php
Advisory ZSL-2013-5134: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2013-5134.php

Spiceworks 6.0.00993 Multiple Script Injection Vulnerabilities

Spiceworks suffers from multiple stored cross-site scripting vulnerabilities. The issues are triggered when input passed via several parameters to several scripts is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user’s browser session in context of an affected site. List of parameters and modules that are affected:

————————————————————————————————————–
# * Parameter * * Module / Component *
————————————————————————————————————–

1. agreement[account] ……………………………….. agreements
2. article[new_references][][url] …………………….. xbb/knowledge_base
3. asset[device_type] ……………………………….. asset
4. asset[mac_address] ……………………………….. asset
5. asset[name] ……………………………………… asset
6. category[name] …………………………………… settings/categories
7. international[global_date_abbrev_format] ……………. settings/advanced/save_international_settings
8. international[global_date_format] ………………….. settings/advanced/save_international_settings
9. international[global_date_time_format] ……………… settings/advanced/save_international_settings
10. international[global_date_simple_format] ……………. settings/advanced/save_international_settings
11. international[global_time_format] ………………….. settings/advanced/save_international_settings
12. navigation[name] …………………………………. my_tools
13. purchase[name] …………………………………… purchases
14. purchase[price] ………………………………….. purchases
15. purchase[purchased_for_name] ………………………. purchases
16. report[description] ………………………………. reports/create
17. vendor[name] …………………………………….. agreements
18. vendor[website] ………………………………….. agreements

————————————————————————————————————–

Advisory: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5107.php

Subrion CMS 2.2.1 XSS / CSRF Vulnerabilities

Subrion CMS suffers from multiple stored and reflected cross-site scripting vulnerabilities. The issues are triggered when input passed via several parameters to several scripts is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user’s browser session in context of an affected site. The application also allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests (Cross-Site Request Forgery – CSRF/XSRF). This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.

Advisories:

Subrion CMS 2.2.1 CSRF Add Admin ExploitZSL-2012-5106
Subrion CMS 2.2.1 Multiple Remote XSS POST Injection VulnerabilitiesZSL-2012-5105

Multiple vulnerabilities in multiple web applications

ZSL-2012-5097SiNG cms 2.9.0 (email) Remote XSS POST Injection Vulnerability
ZSL-2012-5098web@all CMS 2.0 Multiple Remote XSS Vulnerabilities
ZSL-2012-5099web@all CMS 2.0 (_order) SQL Injection Vulnerability
ZSL-2012-5100KindEditor 4.1.2 (name parameter) Reflected XSS Vulnerability
ZSL-2012-5101Monstra 1.2.1 Multiple HTML Injection Vulnerabilities
ZSL-2012-5102xt:Commerce v4.0.15 (products_name_de) Script Insertion Vulnerability

The applications suffer from multiple stored and reflected XSS vulnerabilities including an SQL Injection.

Zoho BugTracker Multiple Stored XSS Vulnerabilities

The Bug Tracking Software suffers from a stored XSS vulnerability when parsing user input to the ‘comment’ and ‘mystatus’ parameters via POST method thru ‘bugdetails.do’ and ‘addmystatus.do’ scripts. Attackers can exploit these weaknesses to execute arbitrary HTML and script code in a user’s browser session.

Zoho Bug Tracker

Advisory ID: ZSL-2012-5096
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5096.php