Vendor | Operating System | Software Name | Vulnerability/Impact | Patches/Workarounds/ Alerts | Common Name | Risk* | Attacks/ Scripts |
ASP-Nuke(6) | Multiple | ASP-Nuke RC1 | A vulnerability exists because script code is not adequately filtered from image tags, which could let a malicious user execute arbitrary script code. | Upgrade available at: | ASP-Nuke Image Tag | High | Bug discussed in newsgroups and websites. |
ASP-Nuke(7) | Multiple | ASP-Nuke RC1, RC2 | Several Cross-Site Scripting vulnerabilities exist because user-supplied input in not properly stripped of commands when the 'downloads.asp' and 'post.asp' pages build HTML content, which could let a malicious user execute arbitrary script code; a vulnerability exists because user issued cookies are stored in an unencrypted format, which could let a malicious user manipulate values in their cookie and authenticate as an arbitrary user of the service, including the administrative account; and a vulnerability exists because authentication cookies may be modified, which could let a malicious user obtain sensitive information. | Upgrade to ASP-Nuke RC3. | ASP-Nuke Cross-Site Multiple Vulnerabilities | Medium/High (High if arbitrary code can be executed) | Bug discussed in newsgroups and websites. There is no exploit code required for the plaintext cookie vulnerability. |
http://www.elhacker.net/foro/index.php/elhackernet/t23207.htm
privat(e)
besked(er).
Ulęst 0
Lęst 0