Zero Science Lab - Macedonian information security research and development laboratory http://www.zeroscience.mk en-us Fri, 11 Feb 2011 23:14:27 GMT 144400 http://www.zeroscience.mk http://www.zeroscience.mk/images/rss.gif http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5091.php Wed, 16 May 2012 03:00:55 GMT Artiphp stores database backups using backupDB() utility with a predictable file name inside the web root, which can be exploited to disclose sensitive information by downloading the file. The backup is located in '/artzone/artpublic/database/' directory as 'db_backup_[type].[yyyy-mm-dd].sql.gz' filename. http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5090.php Wed, 16 May 2012 03:00:55 GMT Artiphp CMS suffers from multiple cross-site scripting vulnerabilities via several parameters thru POST method. Attackers can exploit these weaknesses to execute arbitrary HTML and script code in a user's browser session. http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5089.php Wed, 16 May 2012 03:00:55 GMT backupDB is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to the 'onlyDB' parameter of the 'backupDB.php' script. Attackers can exploit this weakness to execute arbitrary HTML and script code in a user's browser session. http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5088.php Wed, 16 May 2012 03:00:55 GMT phpThumb is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to the 'dir' and the 'title' parameter of the 'phpThumb.demo.random.php' and 'phpThumb.demo.showpic.php' scripts. Attackers can exploit this weakness to execute arbitrary HTML and script code in a user's browser session. http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5087.php Wed, 09 May 2012 03:00:55 GMT Andromeda is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to the 's' parameter of the 'andromeda.php' script. http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5086.php Wed, 02 May 2012 03:00:55 GMT Baby Gekko CMS suffers from multiple stored (post-auth) XSS vulnerabilities and path disclosure issues when parsing user input to several parameters via GET and POST method. Attackers can exploit this weakness to execute arbitrary HTML and script code in a user's browser session or disclose the full installation path of the affected CMS. http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5085.php Fri, 20 Apr 2012 03:00:55 GMT Anchor CMS suffers from multiple stored and reflected XSS vulnerabilities when parsing user input to several parameters via GET and POST method. Attackers can exploit this weakness to execute arbitrary HTML and script code in a user's browser session. http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5084.php Wed, 11 Apr 2012 03:00:55 GMT BGS CMS suffers from multiple stored and reflected XSS vulnerabilities when parsing user input to several parameters via GET and POST method (post-auth). Attackers can exploit this weakness to execute arbitrary HTML and script code in a user's browser session. http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5083.php Tue, 03 Apr 2012 03:00:55 GMT The Zend Optimizer package for Windows is vulnerable to an elevation of privileges vulnerability which can be used by a simple user that can change the library file with a binary of choice. The vulnerability exist due to the improper permissions, with the 'F' flag (full control) for the 'Everyone' group, for the 'ZendExtensionManager.dll' library file and 'ZendOptimizer.dll' which are bundled with the Zend Optimizer (Runtime for PHP 5.2 and earlier) installation package. http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5082.php Fri, 23 Mar 2012 03:00:55 GMT The vulnerability is caused due to the Search box function not checking the boundary of user input. This can be exploited to cause a DoS due to memory exhaustion when inserting a long string of bytes (~80mil B / 80 MB) into the Search field in the GUI. http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5081.php Wed, 21 Mar 2012 03:00:55 GMT Input passed via the parameter 'sortby' is not properly sanitised before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The param 'num' is vulnerable to a XSS issue where the attacker can execute arbitrary HTML and script code in a user's browser session in context of an affected site. http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5080.php Tue, 20 Mar 2012 03:00:55 GMT WinLicense is prone to an unspecified memory corruption vulnerability. An attacker can exploit this issue by tricking a victim into opening a malicious XML file to execute arbitrary code and to cause denial-of-service conditions. http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5079.php Tue, 20 Mar 2012 03:00:55 GMT The vulnerability is caused due to a boundary error in the processing of a project file, which can be exploited to cause a buffer overflow when a user opens e.g. a specially crafted .TMD file. Successful exploitation may allow execution of arbitrary code. http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5078.php Sat, 10 Mar 2012 03:00:55 GMT Zend Server and its components suffers from a cross-site scripting vulnerability. The persistent (stored) XSS issues are triggered when input passed via several parameters to several scripts is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5077.php Wed, 07 Mar 2012 03:00:55 GMT Input passed via the parameters 'entSortOrder' and 'entSort' in 'ent_i.jsp' script are not properly sanitised before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The parameters 'startTime' and 'endTime' in 'ent_i.jsp' are vulnerable to a XSS issue where the attacker can execute arbitrary HTML and script code in a user's browser session in context of an affected site. The parameter 'userID' in 'usr_ent.jsp' and 'usr_t.jsp' is vulnerable to HTTP Response Splitting which can be exploited to insert arbitrary HTTP headers, which are included in a response sent to the user.