08 April, 2013
07 March, 2013
26 January, 2013
14 November, 2012
03 October, 2012
29 May, 2012
12 April, 2012
27 December, 2011
09 November, 2011
01 November, 2011
20 September, 2011
Toko Lite CMS Multiple XSS POST Injection / CRLF Injection / HTTP Response Splitting
Toko CMS suffers from a XSS vulnerability when parsing user input to the ‘currPath’ and ‘path’ parameters via POST method in ‘editnavbar.php’. Attackers can exploit this weakness to execute arbitrary HTML and script code in a user’s browser session. Input passed to the ‘charSet’ parameter in ‘edit.php’ is not properly sanitised before being returned to the user. This can be exploited to insert arbitrary HTTP headers, which are included in a response sent to the user.
Advisory ID: ZSL-2011-5047
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-5047.php
PoC: http://www.zeroscience.mk/codes/tokocms_xss.txt
Advisory ID: ZSL-2011-5048
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-5048.php
PoC: http://www.zeroscience.mk/codes/tokocms_crlf.txt
Ref: http://zeroscience.mk/blog/09/2011/toko-lite-cms-multiple-xss-post-injection-crlf-injection-http-response-splitting/
Advisory ID: ZSL-2011-5047
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-5047.php
PoC: http://www.zeroscience.mk/codes/tokocms_xss.txt
Advisory ID: ZSL-2011-5048
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-5048.php
PoC: http://www.zeroscience.mk/codes/tokocms_crlf.txt
Ref: http://zeroscience.mk/blog/09/2011/toko-lite-cms-multiple-xss-post-injection-crlf-injection-http-response-splitting/
25 July, 2011
Online Grades 3.2.5 Multiple XSS Vulnerabilites
Online Grades suffers from multiple cross-site scripting vulns. The issue is triggered when input passed via multiple parameters to the 'admin/admin.php' script is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
---
Advisory: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-5029.php
---
Advisory: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-5029.php
14 June, 2011
04 June, 2011
31 May, 2011
Kentico CMS <=5.5R2.23 Cross-Site Scripting POST Injection Vulnerability
Kentico CMS suffers from a XSS vulnerability when parsing user input to the 'userContextMenu_parameter' parameter via POST method in '/examples/webparts/membership/users-viewer.aspx'. Attackers can exploit this weakness to execute arbitrary HTML and script code in a user's browser session.
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-5015.php
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-5015.php
21 April, 2011
Gesytec ElonFmt ActiveX 1.1.14 (ElonFmt.ocx) pid Item Buffer Overflow (SEH)
The ElonFmt ActiveX Control Module suffers from a buffer overflow vulnerability. When a large buffer is sent to the pid item of the GetItem1 function in elonfmt.ocx module, we get a few memory registers overwritten including the SEH. We’re dealing with a character translation. An attacker can gain access to the system on the affected node and execute arbitrary code.
Read on: http://zeroscience.mk/blog/04/2011/gesytec-elonfmt-activex-1-1-14-elonfmt-ocx-pid-item-buffer-overflow-seh/
Read on: http://zeroscience.mk/blog/04/2011/gesytec-elonfmt-activex-1-1-14-elonfmt-ocx-pid-item-buffer-overflow-seh/
06 April, 2011
Anfibia Reactor 2.1.1 (login.do) Remote XSS POST Injection Vulnerability
Vendor: Anfibia Software
Product web page: http://www.anfibia-soft.com
Affected version: 2.1.1.12
Summary: Fast web-based server monitoring. Keep an eye on servers,
connections, databases, cpu, hard drives and more!
Desc: The Anfibia Reactor JS service suffers from a XSS vulnerability
when parsing user input to the 'email' parameter via POST method in
'reactor/login.do' script at the manager login interface. Attackers
can exploit this weakness to execute arbitrary HTML and script code
in a user's browser session.
Tested on: Microsoft Windows XP Professional SP3 (EN)
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
liquidworm gmail com
Zero Science Lab - http://www.zeroscience.mk
[14.03.2011] Vulnerability discovered.
[16.03.2011] Contact with the vendor.
[16.03.2011] Vendor replies asking more details.
[16.03.2011] Sent vulnerability details to vendor.
[16.03.2011] Vendor confirms XSS issue.
[06.04.2011] Vendor releases version 3 to address this issue.
[06.04.2011] Coordinated public advisory released.
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-5008.php
http://www.zeroscience.mk/codes/anfibiareactor_xss.txt
Product web page: http://www.anfibia-soft.com
Affected version: 2.1.1.12
Summary: Fast web-based server monitoring. Keep an eye on servers,
connections, databases, cpu, hard drives and more!
Desc: The Anfibia Reactor JS service suffers from a XSS vulnerability
when parsing user input to the 'email' parameter via POST method in
'reactor/login.do' script at the manager login interface. Attackers
can exploit this weakness to execute arbitrary HTML and script code
in a user's browser session.
Tested on: Microsoft Windows XP Professional SP3 (EN)
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
liquidworm gmail com
Zero Science Lab - http://www.zeroscience.mk
[14.03.2011] Vulnerability discovered.
[16.03.2011] Contact with the vendor.
[16.03.2011] Vendor replies asking more details.
[16.03.2011] Sent vulnerability details to vendor.
[16.03.2011] Vendor confirms XSS issue.
[06.04.2011] Vendor releases version 3 to address this issue.
[06.04.2011] Coordinated public advisory released.
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-5008.php
http://www.zeroscience.mk/codes/anfibiareactor_xss.txt
03 April, 2011
Subscribe to:
Posts (Atom)
