New User, Welcome!     Login

Next Page >>

XSS attack

OpenCms (7.5.0) - Vulnerability: Cross-Site Scripting, Phishing Through Frames, Application Error

Version: 7.5.0

Hardware: Tomcat/Oracle

Vulnerability: Cross-Site Scripting, Phishing Through Frames,
Application Error


Overview:

Survey: "MIME/Content-Type-Sniffing" Issues in Image Uploads in Forum Scripts

[5] http://secunia.com/advisories/34220/

APPENDIX: Advisories
====================================================

Advisory: “Cross-Site Scripting” in Avatar uploads in fluxBB

Application: fluxBB
Vulnerable Versions: 1.3-legacy and older 1.3 versions.
Reported By: Jacques Copeau

QuickerSite Multiple Vulnerabilities

                2.3.1. Exploit:
                                Check the exploit section.
        2.4. Failure to Restrict URL Access [in "mailPage.asp"]. Everyone can mailbomb others.
                2.4.1. Exploit:
                                Check the exploit section.
        2.5. Cross Site Scripting (XSS) [in "showThumb.aspx"]. Reflected XSS attack by circumventing the ASP.Net XSS denier (Path disclosure on the open error mode).
                2.5.1. Exploit:
                                Check the exploit section.
        2.6. Cross Site Scripting (XSS), Failure to Restrict URL Access [in "process_send.asp"]. Redirect Reflected XSS Attack In "SB_redirect" parameter. Reflected XSS, Content Spoofing In "SB_feedback" parameter. Everyone can mailbomb others.
                2.6.1. Exploit:
                                Check the exploit section.

Academic Web Tools CMS <= 1.4.2.8 Multiple Vulnerabilities

                2.1.1. Exploit:
                                                Check the exploit/POC section.
        2.2. Injection Flaws. SQL Injection in "/rating.php" in "book_id" parameter.
                2.2.1. Exploit:
                                                Check the exploit/POC section.
        2.3. Cross Site Scripting (XSS). Reflected XSS attack in "/login.php" in URL parameters.
                2.3.1. Exploit:
                                                Check the exploit/POC section.
        2.4. Cross Site Scripting (XSS). Reflected XSS attack in "/hta/htmlarea.js.php" in "glb_sid" parameters.
                2.3.1. Exploit:
                                                Check the exploit/POC section.

Academic Web Tools CMS <= 1.4.2.8 Multiple Vulnerabilities

                2.1.1. Exploit:
                                                Check the exploit/POC section.
        2.2. Injection Flaws. SQL Injection in "/rating.php" in "book_id" parameter.
                2.2.1. Exploit:
                                                Check the exploit/POC section.
        2.3. Cross Site Scripting (XSS). Reflected XSS attack in "/login.php" in URL parameters.
                2.3.1. Exploit:
                                                Check the exploit/POC section.
        2.4. Cross Site Scripting (XSS). Reflected XSS attack in "/hta/htmlarea.js.php" in "glb_sid" parameters.
                2.3.1. Exploit:
                                                Check the exploit/POC section.

Academic Web Tools CMS <= 1.4.2.8 Multiple Vulnerabilities

                2.1.1. Exploit:
                                                Check the exploit/POC section.
        2.2. Injection Flaws. SQL Injection in "/rating.php" in "book_id" parameter.
                2.2.1. Exploit:
                                                Check the exploit/POC section.
        2.3. Cross Site Scripting (XSS). Reflected XSS attack in "/login.php" in URL parameters.
                2.3.1. Exploit:
                                                Check the exploit/POC section.
        2.4. Cross Site Scripting (XSS). Reflected XSS attack in "/hta/htmlarea.js.php" in "glb_sid" parameters.
                2.3.1. Exploit:
                                                Check the exploit/POC section.

[CVE-2010-0432] Apache OFBiz Multiple XSS Vulnerabilities

Release mode: Coordinated release


2. *Vulnerability Information*

Class: Multiple Cross Site Scripting (XSS)
Remotely Exploitable: Yes
Locally Exploitable: Yes
CVE Name: CVE-2010-0432

[DSECRG-11-011] SAP Crystal Reports 2008 - Multiple XSS

[DSECRG-11-011] SAP Crystal Reports 2008 - Multiple XSS 

SAP Crystal Report Server 2008 - multiple cross-site scripting vulnerabilities. 

SAP Crystal Report Server 2008 - Multiple cross-site scripting vulnerabilities. [DSecRG-11-011] (Internal DSECRG-00147) 


Multiple XSS vulnerabilities found in the module PerformanceManagement application SAP Crystal Report Server 2008. An attacker can intercept the cookie administrator or regular user of the system. 

Application: SAP Crystal Report Server 2008

[MORNINGSTAR-2009-02] Multiple security issues in Cute News and UTF-8 Cute News

Release Type: Co-ordinated, responsible disclosure


2. Vulnerability Information
------------------------------------------------------------------------------------------------------------------------
Class: Cross Site Request Forgery, Cross Site Scripting, File Path 
Disclosure, Local File Inclusion, Authentication Bypass and PHP Command 
Injection
Remotely Exploitable: Yes
Locally Exploitable: No

Phorum < 5.2.10 Cross-Site Scripting/Request Forgery

#=cicatriz <c1c4tr1z@voodoo-labs.org>=#=~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~(advisories)=#
                                     /)           /)     /)                   
                        _ _  _______(/ ________  // _   (/_ _       _____  _  
                        (/__(_)(_)(_(_(_)(_)    (/_(_(_/_) /_)_ o  (_)/ (_(_/_
                                                                         .-/  
#=Phorum < 5.2.10 Cross-Site Scripting/Request Forgery=#=~~~~~~~~~~~~~~~(_/~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~=#
#=~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~=#
#=Advisory & Vulnerability Information=#=~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~=#

        Title: Phorum < 5.2.10 Cross-Site Scripting/Request Forgery
        Advisory ID: VUDO-2009-1504

CORE-2009-0108: Multiple vulnerabilities in Sun Calendar Express Web Server

Release mode: Coordinated release


2. *Vulnerability Information*

Class: Denial of service (DoS), Cross site scripting (XSS)
Remotely Exploitable: Yes
Locally Exploitable: No
Bugtraq ID: 34150, 34152, 34153
CVE Name: N/A

CORE-2009-0109 - Multiple XSS in Sun Communications Express

Release mode: Coordinated release


2. *Vulnerability Information*

Class: Cross site scripting (XSS)
Remotely Exploitable: Yes
Locally Exploitable: No
Bugtraq ID: 34154, 34155
CVE Name: CVE-2009-1729

SQL Injection and XSS vulnerabilities in CubeCart version 4.3.3

over a million store owners around the world."

The following web vulnerabilities were found in CubeCart version 4.3.3;

1.SQL injection in “/cubecart_4/index.php”, parameter “searchStr”.
2.Cross-site Scripting vulnerability in
“/cubecart_4/modules/gateway/WorldPay/return.php”, parameter “amount”.
3.Cross-site Scripting vulnerability in
“/cubecart_4/modules/gateway/WorldPay/return.php”, parameter “cartId”.
4.Cross-site Scripting vulnerability in
“/cubecart_4/modules/gateway/WorldPay/return.php”, parameter “email”.

YEKTA WEB Academic Web Tools CMS Multiple XSS

Vulnerabilities:
------------------

        1- Cross Site Scripting (XSS) in "/page.php" in "sid","logincase" and "redirect" parameters.
        http://yoursite/page.php?sid=[XSS]
        http://yoursite/page.php?logincase=[XSS]
        http://yoursite/page.php?redirect=[XSS]
        
        2- Cross Site Scripting (XSS) in "/page_arch.php" in "sid","logincase" and "redirect" parameters.

WP Comment Remix 1.4.3 Multiple Vulnerabilities

Version: 1.4.3
From: Remote
Severity: Extremely Critical
Impact:
    Manipulation of data
    Cross-Site Scripting
Type of Advisory: Full Disclosure

_________________
Software Description |
===============

eLineStudio Site Composer (ESC) <=2.6 Multiple Vulnerabilities

####################
        eLineStudio Site Composer is a 100% browser-based database-driven content management system that helps companies to better manage, update & share web content. eLineStudio Site Composer provides affordable & flexible licensing for end users & web developers.
####################
2. Vulnerabilities:
####################
        2.1. Injection Flaws, Cross Site Scripting (XSS). SQL Injection in "/ansFAQ.asp" in "id" parameter. Reflected XSS attack in "/ansFAQ.asp" in "topic" and "button" parameters.
                2.1.1. Exploit:
                                                Check the exploit/POC section.
        2.2. Injection Flaws. SQL Injection in "preview.asp" in "template_id" parameter.
                2.2.1. Exploit:
                                                Check the exploit/POC section.

TYPO3 Security Bulletin TYPO3-20080611-1: Multiple vulnerabilities in TYPO3 Core

Dear users of TYPO3,

It has been discovered that the default value of the TYPO3 configuration variable fileDenyPattern allows arbitrary code execution on Apache web servers. Besides that, the library fe_adminlib.inc allows Cross Site Scripting (XSS).

=== Component Type ===
TYPO3 Core

=== Affected Versions ===
TYPO3 versions 3.x, 4.0 to 4.0.7, 4.1 to 4.1.6, 4.2

eLineStudio Site Composer (ESC) <=2.6 Multiple Vulnerabilities

####################
        eLineStudio Site Composer is a 100% browser-based database-driven content management system that helps companies to better manage, update & share web content. eLineStudio Site Composer provides affordable & flexible licensing for end users & web developers.
####################
2. Vulnerabilities:
####################
        2.1. Injection Flaws, Cross Site Scripting (XSS). SQL Injection in "/ansFAQ.asp" in "id" parameter. Reflected XSS attack in "/ansFAQ.asp" in "topic" and "button" parameters.
                2.1.1. Exploit:
                                                Check the exploit/POC section.
        2.2. Injection Flaws. SQL Injection in "preview.asp" in "template_id" parameter.
                2.2.1. Exploit:
                                                Check the exploit/POC section.

eLineStudio Site Composer (ESC) <=2.6 Multiple Vulnerabilities

####################
        eLineStudio Site Composer is a 100% browser-based database-driven content management system that helps companies to better manage, update & share web content. eLineStudio Site Composer provides affordable & flexible licensing for end users & web developers.
####################
2. Vulnerabilities:
####################
        2.1. Injection Flaws, Cross Site Scripting (XSS). SQL Injection in "/ansFAQ.asp" in "id" parameter. Reflected XSS attack in "/ansFAQ.asp" in "topic" and "button" parameters.
                2.1.1. Exploit:
                                                Check the exploit/POC section.
        2.2. Injection Flaws. SQL Injection in "preview.asp" in "template_id" parameter.
                2.2.1. Exploit:
                                                Check the exploit/POC section.

Security Advisory for Bugzilla 3.2.8, 3.4.8, 3.6.2, and 3.7.3

Bugzilla is a Web-based bug-tracking system used by a large number of
software projects. The following security issues have been discovered
in Bugzilla:

* There is a way to inject both headers and content to users, causing
  a serious Cross-Site Scripting vulnerability.

* It was possible to see graphs from Old Charts even if you did not
  have access to a particular product, and you could browse a
  particular URL to see all product names.

Cross-Site Scripting vulnerability in Mozilla Firefox, Opera and other browsers

Hello Bugtraq!

I want to warn you about Cross-Site Scripting vulnerability in Mozilla
Firefox, Opera and other browsers. It allows to bypass protection from
executing of JavaScript code in location-header redirectors (by redirecting
to javascript: URI).

Recently, 04.08.2010, I wrote about vulnerability in Mozilla and Mozilla
Firefox at my site. I made full disclosure because Mozilla completely
ignored similar vulnerability, which I informed them in August 2009, like

Vtiger CRM 5.2.0 Multiple Vulnerabilities

Summary:

 A) Remote Code Execution (RCE) Vulnerability
 B) Local File Inclusion (LFI) Vulnerability (pre-auth)
 C) Cross Site Scripting (XSS) Vulnerabilities (pre-auth, reflected)
 D) Cross Site Scripting (XSS) Vulnerabilities (post-auth, reflected)

A) Remote Code Execution (RCE) Vulnerability

A Remote Code Execution vulnerability exists in Vtiger CRM version 5.2.0.

Palo Alto Network Vulnerability - Cross-Site Scripting (XSS)

Class:          Cross-Site Scripting (XSS) Vulnerability
CVE:    CVE-2010-0475
Remote: Yes 
Local:  Yes 
Published: May 11, 2010 08:30AM
Timeline:Submission to MITRE: 1/18/2010
Vendor Contact: 2/18/2010
Vendor Response:  2/18/2010
Patch Available:  5/2010  Patched in maintenance releases (3.1.1 & 3.0.9)
Credit: Jeromie Jackson CISSP, CISM

net2ftp <= 0.97 Cross-Site Scripting/Request Forgery

#=cicatriz <c1c4tr1z@voodoo-labs.org>=#=~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~(advisories)=#
                                     /)           /)     /)                   
                        _ _  _______(/ ________  // _   (/_ _       _____  _  
                        (/__(_)(_)(_(_(_)(_)    (/_(_(_/_) /_)_ o  (_)/ (_(_/_
                                                                         .-/  
#=net2ftp <= 0.97 Cross-Site Scripting/Request Forgery=#=~~~~~~~~~~~~~~~(_/~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~=#
#=~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~=#
#=Advisory & Vulnerability Information=#=~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~=#

        Title: net2ftp <= 0.97 Cross-Site Scripting/Request Forgery
        Advisory ID: VUDO-2009-0804

SEC Consult SA-20090415-0 :: Multiple Vulnerabilities in Novell Teaming

SEC Consult Security Advisory < 20090415-0 >
==========================================================================
              title: Novell Teaming Multiple Vulnerabilities
                     * Username Enumeration
                     * Multiple Cross Site Scripting
                     * Includes vulnerable Liferay portal
            program: Novell Teaming
 vulnerable version: 1.0.3
           homepage: http://www.novell.com/products/teaming/
              found: February 2009

[AK-ADV2008-001] Openfire Jabber-Server: Multiple Vulnerabilities (Authentication Bypass, SQL injection, ...)

It is possible to pass SQL statements to the backend database through
a SQL injection vulnerability. Depending on the particular
runtime environment and database permissions it is even possible to
write files to disk and execute code on operating system level.

3) Multiple Cross-Site Scripting
Permits arbitrary insertion of HTML- and JavaScript code in login.jsp.
An attacker could also manipulate a parameter to specify
a destination to which a user will be forwarded to after successful
authentication.

Syhunt: HFS (HTTP File Server) Template Cross-Site Scripting and Information Disclosure Vulnerabilities

Syhunt: HFS (HTTP File Server) Template Cross-Site Scripting and
Information Disclosure Vulnerabilities

Advisory-ID: 200801161
Discovery Date: 1.16.2008
Release Date: 1.23.2008
Affected Applications: HFS 2.0 to and including 2.3(Beta Build
#174)
Non-Affected Applications: HFS 1.6a and earlier versions
Class: Cross-Site Scripting (XSS), Information Disclosure

Sophos Anti-Virus 6.5.4 Vulnerability

Name                Cross Site Scripting Vulnerability in Sophos Anti-Virus 
Systems Affected    Sophos Anti-Virus, version 6.5.4 R2
Severity            Medium
Category            Cross Site Scripting
Author              Context Information Security Ltd
Advisory            6th September 2007


Description
-----------

phpMyAdmin 3.3.5 / 2.11.10 <= Cross Site Scripting (XSS) Vulnerability

==============================================================================
 phpMyAdmin 3.3.5 / 2.11.10 <= Cross Site Scripting (XSS) Vulnerability
==============================================================================


1. OVERVIEW

The phpMyAdmin web application was vulnerable to Cross Site Scripting
vulnerability.

CORE-2011-0103 - ZOHO ManageEngine ADSelfService multiple vulnerabilities

2. *Vulnerability Information*

Class: Protection Mechanism Failure [CWE-693], Authentication Issues
[CWE-287], Cross-Site Scripting (XSS) [CWE-79]
Impact: Code execution, Security bypass
Remotely Exploitable: Yes
Locally Exploitable: No
CVE Name: CVE-2010-3272, CVE-2010-3273, CVE-2010-3274
Next Page>>

Copyright © 1995-2012 LinuxRocket.net. All rights reserved.

Nearly all of LinuxRocket's features are free. Be kind and donate to the cause!