Next Page >>
exploited
Status: Fixed by Vendor
Risk level: High
Credit: High-Tech Bridge SA Security Research Lab ( https://www.htbridge.ch/advisory/ )
Vulnerability Details:
High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in SiT! Support Incident Tracker, which can be exploited to perform SQL injection, cross-site scripting, cross-site request forgery attacks.
1) Input passed via the "start" GET parameter to /portal/kb.php is not properly sanitised before being used in a SQL query.
This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
The following PoC code is available:
======================================================================
4) Description of Vulnerabilities
Multiple vulnerabilities have been discovered in OpenX, which can be
exploited by malicious people to conduct cross-site scripting,
cross-site request forgery, and file inclusion attacks and by
malicious users to conduct script insertion and SQL injection attacks.
1) Input passed to the "clientid" parameter in "www/admin/banner-
acl.php", "www/admin/banner-edit.php", "www/admin/campaign-zone.php",
-----------------------------------------------------------------------------------------------
Advisory Details:
High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in osCmax, which can be exploited to perform SQL Injection and Cross-Site Scripting (XSS) attacks.
1) Multiple Cross-Site Scripting (XSS) in osCmax: CVE-2012-1664
1.1 Input passed via the "username" POST parameter to /admin/login.php is not properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in user's browser session in context of affected website.
======================================================================
4) Description of Vulnerability
Secunia Research has discovered some vulnerabilities in AproxEngine,
which can be exploited by malicious users to manipulate certain data,
conduct spoofing, SQL injection, and script insertion attacks and by
malicious people to conduct SQL injection and script insertion
attacks.
1) Input passed via the "login" parameter to index.php is not properly
Vulnerability Type: XSS, SQL Injection, Local File Inclusion, Information Disclosure
Risk level: High
Credit: High-Tech Bridge SA Security Research Lab ( https://www.htbridge.ch/advisory/ )
Vulnerability Details:
High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in OBM, which can be exploited to perform information disclosure, cross-site scripting, local file inclusion and SQL injection attacks.
1) Input passed via the "module" GET parameter to /exportcsv/exportcsv_index.php is not properly verified before being used to include files.
This can be exploited to include local files via directory traversal sequences.
The following PoC is available:
1) Multiple Cross-Site Scripting (XSS) in Kajona: CVE-2012-3805
1.1 Input passed via the "absender_name", "absender_email" and "absender_nachricht" GET parameters to /index.php (when "page" is set to "contact") is not properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in user's browser session in context of affected website.
The following PoC (Proof of Concept) demonstrate the vulnerabilities:
http://kajona/index.php?page=contact&absender_name=%22%3E%3Cscript%3Ealert%28document.cookie%29;%3C/script%3E
Status: Fixed by Vendor
Risk level: High
Credit: High-Tech Bridge SA Security Research Lab ( https://www.htbridge.ch/advisory/ )
Vulnerability Details:
High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in Efront, which can be exploited to perform sql injection and cross-site scripting attacks.
1) Input passed via the "course" GET parameter to index.php is not properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of affected website.
The following PoC code is available:
Status: Fixed by Vendor
Risk level: Medium
Credit: High-Tech Bridge SA Security Research Lab ( https://www.htbridge.ch/advisory/ )
Vulnerability Details:
High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in PHPShop CMS Free, which can be exploited to perform cross-site scripting, sql injection attacks.
1) Input appended to the URL after multiple files is not properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
The following PoC code is available:
======================================================================
4) Description of Vulnerability
Secunia Research has discovered multiple vulnerabilities in Novell
iPrint Client, which can be exploited by malicious people to
compromise a user's system.
1) A boundary error in the Novell iPrint ActiveX control (ienipp.ocx)
when handling the "GetDriverFile()" method can be exploited to cause a
stack-based buffer overflow by passing an overly long string as the
-----------------------------------------------------------------------------------------------
Advisory Details:
High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in PBBoard, which can be exploited to perform SQL injection attacks, change password of arbitrary user and create arbitrary files in folder of the vulnerable application.
1) Multiple SQL Injections in PBBoard: CVE-2012-4034
1.1 Input passed via the "username" POST parameter to /index.php (when "id", "member" and "start" parameters are set, and "page" is set to "send") is not properly sanitised before being used in a SQL query.
A cross-site scripting vulnerability in WebAccess allows for
disclosure of sensitive information. The flaw is due to insufficient
verification of certain parameters which may lead to redirection of
a user's requests.
This vulnerability can only be exploited if the attacker tricks the
WebAccess user into clicking a malicious link and the attacker has
control of a server on the same network as the system where
WebAccess is being used.
Workaround
Vulnerability Type: XSS, SQL Injection
Risk level: High
Credit: High-Tech Bridge SA Security Research Lab ( https://www.htbridge.ch/advisory/ )
Vulnerability Details:
High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in Browser CRM, which can be exploited to perform cross-site scripting, sql injection attacks.
1) Input appended to the URL after multiple files is not properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site
The following PoC code is available:
Status: Fixed by Vendor
Risk level: Medium
Credit: High-Tech Bridge SA Security Research Lab ( http://www.htbridge.ch/advisory/ )
Vulnerability Details:
High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in Open-Realty, which can be exploited to perform cross-site scripting and SQL Injection attacks.
1) Input passed via the "name", "email", "friend_email", "subject", "message" POST parameters to index.php is not properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of affected website.
The following PoC code is available:
Status: Fixed by Vendor
Risk level: High
Credit: High-Tech Bridge SA Security Research Lab ( https://www.htbridge.ch/advisory/ )
Vulnerability Details:
High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in Help Desk Software, which can be exploited to perform SQL injection, cross-site scripting and cross-site request forgery attacks.
1) Input passed via the user POST parameter to index.php is not properly sanitised before being used in a SQL query.
This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
The following PoC code is available:
-----------------------------------------------------------------------------------------------
Advisory Details:
High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in Newscoop, which can be exploited to perform Remote File Inclusion, SQL Injection and Cross-Site Scripting (XSS) attacks.
1) Multiple Remote File Inclusion in Newscoop: CVE-2012-1933
1.1 Input passed via the "GLOBALS[g_campsiteDir]" GET parameter to /include/phorum_load.php is not properly verified before being used in require_once() function and can be exploited to include arbitrary remote files.
======================================================================
4) Description of Vulnerability
Secunia Research has discovered vulnerabilities in HP OpenView Network
Node Manager, which can be exploited by malicious people to compromise
a vulnerable system.
1) Various boundary errors in the OpenView5.exe CGI application when
processing parameters can be exploited to cause stack-based buffer
overflows via HTTP requests to the CGI application with overly long
Vulnerability Type: XSS (Cross Site Scripting) , CSRF (Cross-Site Request Forgery)
Risk level: Medium
Credit: High-Tech Bridge SA Security Research Lab ( http://www.htbridge.ch/advisory/ )
Vulnerability Details:
High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in miniblog, which can be exploited to perform cross-site scripting & cross-site request forgery attacks.
1) Input passed via the GET "post_list" parameter to /adm/list.php is not properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of affected website.
The following PoC code is available:
Status: Fixed by Vendor
Risk level: Medium
Credit: High-Tech Bridge SA Security Research Lab ( http://www.htbridge.ch/advisory/ )
Vulnerability Details:
High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in N-13 News, which can be exploited to perform cross-site scripting attacks.
1) Input passed via the GET "id" parameter to index.php is not properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of affected website.
The following PoC code is available:
Status: Fixed by Vendor
Risk level: High
Credit: High-Tech Bridge SA Security Research Lab ( https://www.htbridge.ch/advisory/ )
Vulnerability Details:
High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in Dolibarr, which can be exploited to perform cross-site scripting & sql injection attacks.
1) Input appended to the URL after multiple files is not properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site
The following PoC code is available:
-----------------------------------------------------------------------------------------------
Advisory Details:
High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in ZENphoto, which can be exploited to perform arbitrary PHP code execution, sql injection and cross site scripting attacks.
1) Arbitrary PHP Code Execution in ZENphoto: CVE-2012-0993
Input passed via "viewer_size_image_saved" COOKIE parameter is not properly sanitised before being used in an "eval()" call.
This can be exploited to execute arbitrary PHP code.
-----------------------------------------------------------------------------------------------
Advisory Details:
High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in Pligg CMS , which can be exploited to perform Cross-Site Scripting (XSS) and Local File Inclusion attacks.
1) Multiple Cross-Site Scripting (XSS) in Pligg CMS: CVE-2012-2436
1.1 Input passed via the arbitrary (any) GET parameter to /admin/admin_index.php is not properly sanitised before being returned to the user.
-----------------------------------------------------------------------------------------------
Advisory Details:
High-Tech Bridge Security Research Lab discovered multiple command execution vulnerabilities in Smartphone Pentest Framework (SPF) web-based GUI, which could be exploited to get control over a pentester's machine remotely.
Similar vulnerabilities were discovered (https://www.htbridge.com/advisory/HTB23123 , CVE-2012-5693) in the previous version (0.1.2) of SPF and were patched by vendor.
However, multiple CSRF vulnerabilities (HTB23123, CVE-2012-5695) were not patched by the vendor. Therefore even if the web server hosting SPF GUI is not accessible from the Internet (which is a case for the majority of pentesters) the vulnerabilities can still be easily exploited via a local/internal network, or even from the Internet via CSRF vector. In default installation of Smartphone Pentest Framework its web server port and application path of its GUI are easily predictable: localhost:80/frameworkgui/
-----------------------------------------------------------------------------------------------
Advisory Details:
High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in Banana Dance, which can be exploited to gain access to sensitive information, perform SQL injection attacks and compromise vulnerable system.
1) PHP File Inclusion in Banana Dance: CVE-2012-5242
Input passed via the "name" POST parameter to "/functions/ajax.php" is not properly verified before being used in "include_once()" function and can be exploited to include arbitrary local files. This can be exploited to include local files via directory traversal sequences and URL-encoded NULL bytes.
server-status page is used. This allows remote attackers to inject
arbitrary web script or HTML via unspecified vectors involving
charsets with browsers that perform "charset detection" when the
content-type is not specified.
- Fixes an error in the Multi-Processing Module (MPM) which could be
exploited to send signals to arbitrary processes and cause them to
be terminated.
- A bug was found in the mod_cache module. On sites where caching is
enabled, a remote attacker could send a carefully crafted request
that would cause the Apache child process handling that request to
crash. This could lead to a denial of service if using a threaded
Vulnerability Type: ActiveX Control Insecure Method
Risk level: High
Credit: High-Tech Bridge SA Security Research Lab ( http://www.htbridge.ch/advisory/ )
Vulnerability Details:
High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in Easewe FTP OCX ActiveX Control, which can be exploited to potentially compromise a user's system.
1) The vulnerability is caused due to the EaseWeFtp.FtpLibrary ActiveX control (EaseWeFtp.ocx) including the insecure "Execute()" method. This can be exploited to execute arbitrary local files via specially crafted parameters passed to the affected method.
The following PoC code is available:
Vulnerability Type: XSS (Cross Site Scripting)
Risk level: Medium
Credit: High-Tech Bridge SA Security Research Lab ( https://www.htbridge.ch/advisory/ )
Vulnerability Details:
High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in Pretty Link WordPress Plugin, which can be exploited to perform cross-site scripting attacks.
1) Input passed via the "min_date" GET parameter to /wp-content/plugins/pretty-link/classes/views/prli-clicks/head.php is not properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of affected website.
The following PoC code is available:
======================================================================
4) Description of Vulnerability
Secunia Research has discovered four vulnerabilities in Free Download
Manager, which can be exploited by malicious people to compromise a
user's system.
1) A boundary error when opening folders within the "Site Explorer"
functionality can be exploited to cause a stack-based buffer overflow.
======================================================================
4) Description of Vulnerability
Secunia Research has discovered multiple vulnerabilities in the
BookLibrary component for Joomla, which can be exploited by malicious
people to conduct SQL injection attacks.
1) Input passed via the "bid[]" parameter to index.php (when "option"
is set to "com_booklibrary" and "task" is set to "lend_request") is
not properly sanitised before being used in a SQL query. This can be
======================================================================
4) Description of Vulnerability
Secunia Research has discovered some vulnerabilities in Free Download
Manager, which can be exploited by malicious people to compromise a
user's system.
1) A boundary error in the parsing of file names inside torrent files
can be exploited to cause a heap-based buffer overflow via an overly
long file name.
======================================================================
4) Description of Vulnerability
Secunia Research has discovered multiple vulnerabilities in Lotus
Notes, which can be exploited by malicious people to compromise a
user's system.
1) A boundary error in the EML reader (emlsr.dll) when parsing certain
headers ("To:", "Cc:", "Bcc:", "From:", "Date:", "Subject:",
"Priority:", "Importance:", and "X-MSMail-Priority:") in EML files can
Next Page>>
|
