WordPress 3.9.2 Cross Site Scripting

21 novembre 2014 - Fonte: http://www.mondounix.com
 
OVERVIEW
========
 
A security flaw in WordPress 3 allows injection of JavaScript into certain text fields. In particular, the problem affects comment boxes on WordPress posts and pages. These don't require authentication by default.
 
The JavaScript injected into a comment is executed when the target user views it, either on a blog post, a page, or in the Comments section of the administrative Dashboard.
 
In the most obvious scenario the attacker leaves a comment containing the JavaScript and some links in order to put the comment in the moderation queue. The exploit is not then visible to normal users, search engines, etc.
 
When a blog administrator goes to the Dashboard/Comments section to review new comments,...

Leggi il seguito »

Joomla Simple Email Form 1.8.5 Cross Site Scripting

20 novembre 2014 - Fonte: http://www.mondounix.com
Advisory ID: HTB23241
Product: Simple Email Form Joomla Extension
Vendor: Doug Bierer
Vulnerable Version(s): 1.8.5 and probably prior
Tested Version: 1.8.5
Advisory Publication:  October 29, 2014  [without technical details]
Vendor Notification: October 29, 2014 
Public Disclosure: November 19, 2014 
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2014-8539
Risk Level: Medium 
CVSSv2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Solution Status: Solution Available
Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory/ ) 
 
-----------------------------------------------------------------------------------------------
 
Advisory Details:
 
High-Tech...

Leggi il seguito »

Snowfox CMS 1.0 Open Redirect

19 novembre 2014 - Fonte: http://www.mondounix.com
Snowfox CMS v1.0 (rd param) Open Redirect Vulnerability
 
 
Vendor: Globiz Solutions
Product web page: http://www.snowfoxcms.org
Affected version: 1.0
 
Summary: Snowfox is an open source Content Management System (CMS)
that allows your website users to create and share content based
on permission configurations.
 
Desc: Input passed via the 'rd' GET parameter in 'selectlanguage.class.php'
script is not properly verified before being used to redirect users. This
can be exploited to redirect a user to an arbitrary website e.g. when a user
clicks a specially crafted link to the affected script hosted on a trusted
domain.
 
===========================================================================
\modules\system\controller\selectlanguage.class.php:
----------------------------------------------------
 
28:...

Leggi il seguito »

XOOPS 2.5.6 SQL Injection

18 novembre 2014 - Fonte: http://www.mondounix.com
=============================================
MGC ALERT 2014-003
- Original release date: March 6, 2014
- Last revised:  November 18, 2014
- Discovered by: Manuel Garcia Cardenas
- Severity: 7,1/10 (CVSS Base Score)
=============================================
 
I. VULNERABILITY
-------------------------
Blind SQL Injection in XOOPS <= 2.5.6
 
II. BACKGROUND
-------------------------
XOOPS is an acronym of "eXtensible Object Oriented Portal System". Though
started as a portal system, it later developed into a web application
framework. It aims to serve as a web framework for use by small, medium and
large sites, through the installation of modules.
 
III. DESCRIPTION
-------------------------
It...

Leggi il seguito »

Proticaret E-Commerce Script 3.0 SQL Injection

18 novembre 2014 - Fonte: http://www.mondounix.com
Document Title:
============
Proticaret E-Commerce Script v3.0 >= SQL Injection
 
Release Date:
===========
13 Nov 2014
 
Product & Service Introduction:
========================
Proticaret is a free e-commerce script.
 
Abstract Advisory Information:
=======================
BGA Security Team discovered an SQL injection vulnerability in Proticaret E-Commerce Script v3.0
 
Vulnerability Disclosure Timeline:
=========================
20 Oct 2014    :    Contact with Vendor
20 Nov 2014    :    Vendor Response
June 26, 2014 :    Patch Released
13 Nov 2014    :    Public Disclosure
 
Discovery Status:
=============
Published
 
Affected Product(s):
===============
Promist Bilgi Ýletiþim...

Leggi il seguito »

Pandora FMS 5.1SP1 Cross Site Scripting

18 novembre 2014 - Fonte: http://www.mondounix.com
I. VULNERABILITY
 
-------------------------
 
XSS Reflected in Page visualization agents in Pandora FMS v5.1SP1 - Revisión PC141031
 
II. BACKGROUND
Pandora FMS is the monitoring software chosen by several companies all around the world for managing their IT infrastructure. Besides ensuring high performance and maximum flexibility, it has aIII.
 
DESCRIPTION
-------------------------
Has been detected a Reflected XSS vulnerability in Pandora FMS in page visualization agents, that allows the execution of arbitrary HTML/script code to be executed in the context of the victim user's browser.
 
The code injection is done through the parameter "refr" in the page “/index.php?sec=estado&sec2=operation/agentes/estado_agente&refr=”
 
IV....

Leggi il seguito »

Openkm Document Management System 6.4.17 Cross Site Scripting

18 novembre 2014 - Fonte: http://www.mondounix.com
Openkm Document Management System Suffers From Cross Site Scripting Attack
 
http://khalil-shreateh.com/khalil.shtml/images/articles/websites/vulnerabili
ties/openkm.jpg
 
Version <=6.4.17
Software Test http://demo.openkm.com/OpenKM/login.jsp
Auther :  <https://www.facebook.com/khalil.shr> Khalil
<https://www.facebook.com/khalil.shr> Shreateh
 
Auther Website: http://khalil-shreateh.com
Status : Reported .
Report Link : http://issues.openkm.com/view.php?id=3056
 
Attack Description
 
log in with any user
Navigate to :
<http://demo.openkm.com/OpenKM/frontend/Download?export&uuid=%3Cscript%3Eale
rt%28%22XSS%20BY%20KHALIL%20SHREATEH\nkhalil-shreateh.com%22%29%3C/script%3E
>
http://demo.openkm.com/OpenKM/frontend/Download?export&uuid=%3Cscript%3Ealer
t%28%22XSS%20BY%20KHALIL%20SHREATEH\nkhalil-shreateh.com%22%29%3C/script%3E
 
 
 
POC...

Leggi il seguito »

Nibbleblog 4.0.1 Cross Site Scripting

18 novembre 2014 - Fonte: http://www.mondounix.com
=============================================
MGC ALERT 2014-002
- Original release date: March 5, 2014
- Last revised:  November 17, 2014
- Discovered by: Manuel Garcia Cardenas
- Severity: 4,8/10 (CVSS Base Score)
=============================================
 
I. VULNERABILITY
-------------------------
Reflected XSS in Nibbleblog <= v4.0.1
 
II. BACKGROUND
-------------------------
Nibbleblog is a powerful engine for creating blogs, all you need is PHP to
work.
 
III. DESCRIPTION
-------------------------
Has been detected a reflected XSS vulnerability in Nibbleblog, that allows
the execution of arbitrary HTML/script code to be executed in the context
of the victim user's browser.
 
The code injection...

Leggi il seguito »

Gogs Repository Search SQL Injection

16 novembre 2014 - Fonte: http://www.mondounix.com
Unauthenticated SQL Injection in Gogs repository search
=======================================================
Researcher: Timo Schmid <tschmid@ernw.de>
 
 
Description
===========
Gogs(Go Git Service) is a painless self-hosted Git Service written in
Go. (taken
 from [1])
 
It is very similiar to the github hosting plattform. Multiple users can
create
multiple repositories and share code with others with the git version
control
system. Repositories can be marked as public or private to prevent
access from
 unauthorized users.
 
Gogs provides an api view to give javascript code the possibility to
search for
existing repositories in the system. This view is accessible at
/api/v1/repos/search?q=<search...

Leggi il seguito »

Gogs Label Search Blind SQL Injection

15 novembre 2014 - Fonte: http://www.mondounix.com
 
Blind SQL Injection in Gogs label search
========================================
Researcher: Timo Schmid <tschmid@ernw.de>
 
 
Description
===========
Gogs(Go Git Service) is a painless self-hosted Git Service written in
Go. (taken
 from [1])
 
It is very similiar to the github hosting plattform. Multiple users can
create
multiple repositories and share code with others with the git version
control
system. Repositories can be marked as public or private to prevent
access from
 unauthorized users.
 
Gogs provides a view to filter issues by labels. This view is accessible at
/<username>/<repository>/issues?labels=&type=&state=
 
The labels Parameter of this view is vulnerable...

Leggi il seguito »