[Full-disclosure] Cross Site Scripting (XSS) Vulnerabilitiy in cpcommerce, CVE-2008-4121
Cross Site Scripting (XSS) Vulnerabilitiy in cpcommerce, CVE-2008-4121 References http://www.datensalat.eu/~fabian/cve/CVE-2008-4121-cpcommerce.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4121 http://cpcommerce.cpradio.org/ Description cpCommerce is an open-source e-commerce solution that is maintained by templates and modules. Example Assuming cpcommerce is installed on http://localhost/cpcommerce/, anybody could inject JavaScript: http://localhost/cpcommerce/search.php";> http://localhost/cpcommerce/sendtofriend.php";> Disclosure Timeline 2008-09-23 Vendor contacted 2008-09-23 Vendor released 1.2.4 2008-10-19 Published advisory CVE Information The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2008-4121 to this issue. This is a candidate for inclusion in the CVE list (http://cve.mitre.org/), which standardizes names for security problems. Credits and copyright This vulnerability was discovered by Fabian Fingerle (published with help from Hanno Boeck [0]). It's licensed under the creative commons attribution license. Fabian Fingerle, 2008-09-04, http://www.fabian-fingerle.de [0] http://www.hboeck.de signature.asc Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Cross Site Scripting (XSS) Vulnerabilitiy in flatpress 0.804, CVE-2008-4120
Cross Site Scripting (XSS) Vulnerabilitiy in flatpress 0.804, CVE-2008-4120 References http://www.datensalat.eu/~fabian/cve/CVE-2008-4120-flatpress.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4120 http://www.flatpress.org/ Description FlatPress is an open-source standard-compliant multi-lingual extensible blogging engine which does not require a DataBase Management System to work. Example Assuming flatpress is installed on http://localhost/flatpress/, anybody could inject JavaScript: http://localhost/flatpress/login.php";> http://localhost/flatpress/login.php";> http://localhost/flatpress/contact.php";> Workaround/Fix Update to 0.804.1. Disclosure Timeline 2008-09-25 Vendor contacted 2008-09-25 Vendor released 0.804.1 2008-09-25 Published advisory CVE Information The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2008-4120 to this issue. This is a candidate for inclusion in the CVE list (http://cve.mitre.org/), which standardizes names for security problems. Credits and copyright This vulnerability was discovered by Fabian Fingerle (published with help from Hanno Boeck [0]). It's licensed under the creative commons attribution license [1]. Fabian Fingerle, 2008-09-25, http://www.fabian-fingerle.de [0] http://www.hboeck.de [1] http://creativecommons.org/licenses/by/3.0/de/ signature.asc Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Cross Site Scripting (XSS) Vulnerabilitiy in fuzzylime (cms) >=3.02, CVE-2008-3098
Cross Site Scripting (XSS) Vulnerabilitiy in fuzzylime (cms) >=3.02, CVE-2008-3098 References http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3098 http://cms.fuzzylime.co.uk http://www.datensalat.eu/~fabian/cve/CVE-2008-3098-fuzzylime-cms.html Description Fuzzylime (cms) is a way to run websites and keep it up-to-date. Once installed, you can update from any internet-connected PC in the world - you don't even need to know HTML! It has tons of features so whatever you want from your site, chances are this script will be able to do it for you. Example Assuming Fuzzylime is installed on http://localhost/fuzzylime/, anybody could inject JavaScript: http://localhost/fuzzylime/admin/usercheck.php";> Disclosure Timeline 2008-09-10 Vendor contacted 2008-09-20 Vendor released 3.03 2008-09-22 Advisory published CVE Information The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2008-3098 to this issue. This is a candidate for inclusion in the CVE list (http://cve.mitre.org/), which standardizes names for security problems. Credits and copyright This vulnerability was discovered by Fabian Fingerle (published with help from Hanno Boeck). It's licensed under the creative commons attribution license. Fabian Fingerle, 2008-09-22, http://www.fabian-fingerle.de signature.asc Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Cross Site Scripting (XSS) Vulnerabilitiy in fuzzylime (cms) >=3.02, CVE-2008-3098
Cross Site Scripting (XSS) Vulnerabilitiy in fuzzylime (cms) >=3.02, CVE-2008-3098 References http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3098 http://cms.fuzzylime.co.uk Description Fuzzylime (cms) is a way to run websites and keep it up-to-date. Once installed, you can update from any internet-connected PC in the world - you don't even need to know HTML! It has tons of features so whatever you want from your site, chances are this script will be able to do it for you. Example Assuming Fuzzylime is installed on http://localhost/fuzzylime/, anybody could inject JavaScript: http://localhost/fuzzylime/admin/usercheck.php";> Disclosure Timeline 2008-09-10 Vendor contacted 2008-09-20 Vendor released 3.03 2008-09-22 Advisory published CVE Information The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2008-3098 to this issue. This is a candidate for inclusion in the CVE list (http://cve.mitre.org/), which standardizes names for security problems. Credits and copyright This vulnerability was discovered by Fabian Fingerle (published with help from Hanno Boeck). It's licensed under the creative commons attribution license. Fabian Fingerle, 2008-09-22, http://www.fabian-fingerle.de ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Multiple Cross Site Scripting (XSS) and SQL injection Vulnerabilities in XRMS, CVE-2008-3664
Multiple Cross Site Scripting (XSS) and SQL injection Vulnerabilities in XRMS, CVE-2008-3664 References http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3664 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3664 http://xrms.sourceforge.net Description XRMS is a web-based application for managing business entities such as employees, customers, contacts, activities with those contacts, etc. The application is vulnerable to simple Cross Site Scripting, which can be used for several isues Example Assuming XRMS is installed on http://localhost/xrms/, anybody could inject JavaScript with: http://localhost/xrms/login.php?target=";>alert(1); http://localhost/xrms/activities/some.php?title=";>alert(1); http://localhost/xrms/companies/some.php?company_name=";>alert(1); http://localhost/xrms/contacts/some.php?last_name=";>alert(1); http://localhost/xrms/campaigns/some.php?campaign_title=";>alert(1); http://localhost/xrms/opportunities/some.php?opportunity_title=";>alert(1); http://localhost/xrms/cases/some.php?case_title=";>alert(1); http://localhost/xrms/files/some.php?file_id=";>alert(1); http://localhost/xrms/reports/custom/mileage.php?starting=";>alert(1); ... A user could change their real name to alert(1); will be executed when the administrator looks at user list A user could edit name/email of any user using SQL injection vulnerbility in admin/users/self-2.php Disclosure Timeline 2008-08-07 Vendor contacted 2008-09-04 Advisory published CVE Information The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2008- to this issue. This is a candidate for inclusion in the CVE list (http://cve.mitre.org/), which standardizes names for security problems. Credits and copyright This vulnerability was discovered by Fabian Fingerle (published with help from Hanno Boeck). This vulnerability relate to CVE-2008-1129 It's licensed under the creative commons attribution license. Fabian Fingerle, 2008-09-04, http://www.fabian-fingerle.de -- _GPG_ 3D17 CAC8 1955 1908 65ED 5C51 FDA3 6A09 AB41 AB85 _chaos events near stuttgart_ www.datensalat.eu signature.asc Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Multiple Cross Site Scripting (XSS) Vulnerabilities in vtigerCRM 5.0.4, CVE-2008-3101
Multiple Cross Site Scripting (XSS) Vulnerabilities in vtigerCRM 5.0.4, CVE-2008-3101 References http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3101 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3101 http://www.vtiger.de/ Description vtigerCRM is a Open Source Customer Relationship Management (CRM) Software. The application is vulnerable to simple Cross Site Scripting, which can be used for several isues Example Assuming vtigerCRM is installed on http://localhost/vtigercrm/, one can inject JavaScript with: http://localhost/vtigercrm/index.php?module=Products&action=index&parenttab=";>alert(1); http://localhost/vtigercrm/index.php?module=Users&action=Authenticate&user_password=";>alert(1); http://localhost/vtigercrm/index.php?module=Home&action=UnifiedSearch&query_string=";>alert(1); Workaround/Fix vtiger CRM Security Patch for 5.0.4 [1] Disclosure Timeline 2008-07-28 Vendor contacted 2008-07-28 Vendor fixed issue in test environment 2008-07-30 Vender released patch 2008-07-30 Vendor dev statet they'll release a second patch within days 2008-09-01 published advisory, no second patch from upstream yet CVE Information The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2008-3101 to this issue. This is a candidate for inclusion in the CVE list (http://cve.mitre.org/), which standardizes names for security problems. Credits and copyright This vulnerability was discovered by Fabian Fingerle [2] (published with help from Hanno Boeck [3]). It's licensed under the creative commons attribution license [4]. Fabian Fingerle, 2008-09-01 [1] http://www.vtiger.de/vtiger-crm/downloads/patches.html?tx_abdownloads_pi1[action]=getviewdetailsfordownload&tx_abdownloads_pi1[uid]=128&tx_abdownloads_pi1[category_uid]=5&cHash=e16be773a5 [2] http://www.fabian-fingerle.de [3] http://www.hboeck.de [4] http://creativecommons.org/licenses/by/3.0/de/ -- _GPG_ 3D17 CAC8 1955 1908 65ED 5C51 FDA3 6A09 AB41 AB85 _chaos events near stuttgart_ www.datensalat.eu signature.asc Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/