Vendor Operating System Software Name Vulnerability/Impact Patches/Workarounds/ Alerts Common Name Risk* Attacks/ Scripts
ASP-Nuke(6) Multiple ASP-Nuke RC1 A vulnerability exists because script code is not adequately filtered from image tags, which could let a malicious user execute arbitrary script code. Upgrade available at:

http://www.asp-nuke.com/

ASP-Nuke Image Tag High Bug discussed in newsgroups and websites.
ASP-Nuke(7) Multiple ASP-Nuke RC1, RC2 Several Cross-Site Scripting vulnerabilities exist because user-supplied input in not properly stripped of commands when the 'downloads.asp' and 'post.asp' pages build HTML content, which could let a malicious user execute arbitrary script code; a vulnerability exists because user issued cookies are stored in an unencrypted format, which could let a malicious user manipulate values in their cookie and authenticate as an arbitrary user of the service, including the administrative account; and a vulnerability exists because authentication cookies may be modified, which could let a malicious user obtain sensitive information. Upgrade to ASP-Nuke RC3. ASP-Nuke Cross-Site Multiple Vulnerabilities Medium/High

(High if arbitrary code can be executed)
Bug discussed in newsgroups and websites. There is no exploit code required for the plaintext cookie vulnerability.

http://www.elhacker.net/foro/index.php/elhackernet/t23207.htm

 

 

 privat(e) besked(er).
Ulęst 0
Lęst 0