Wednesday, 11 February 2015

CVE-2014-9560 Softbb.net SoftBB SQL Injection Security Vulnerabilities

computer-phone




Exploit Title: Softbb.net SoftBB /redir_last_post_list.php post Parameter SQL Injection
Product: SoftBB (mods)
Vendor: Softbb.net
Vulnerable Versions: v0.1.3
Tested Version: v0.1.3
Advisory Publication: Jan 10, 2015
Latest Update: Jan 10, 2015
Vulnerability Type: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') (CWE-89)
CVE Reference: CVE-2014-9560
CVSS Severity (version 2.0):
CVSS v2 Base Score: 7.5 (HIGH) (AV:N/AC:L/Au:N/C:P/I:P/A:P) (legend)
Impact Subscore: 6.4
Exploitability Subscore: 10.0 
Credit: Wang Jing [Mathematics, Nanyang Technological University (NTU), Singapore]



http://www.inzeed.com/kaleidoscope/sql-injection-vulnerability/cve-2014-9560-softbb-net-softbb-sql-injection-security-vulnerability/

CVE-2014-9561 Softbb.net SoftBB XSS (Cross-Site Scripting) Security Vulnerability

security-solutions





Exploit Title: Softbb.net SoftBB /redir_last_post_list.php post Parameter XSS
Product: SoftBB (mods)
Vendor: Softbb.net
Vulnerable Versions: v0.1.3
Tested Version: v0.1.3
Advisory Publication: Jan 10, 2015
Latest Update: Jan 10, 2015
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2014-9561
CVSS Severity (version 2.0):
CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)
Impact Subscore: 2.9
Exploitability Subscore: 8.6
Credit: Wang Jing [Mathematics, Nanyang Technological University (NTU), Singapore]






http://diebiyi.com/articles/%E5%AE%89%E5%85%A8/xss-vulnerability/cve-2014-9561-softbb-net-softbb-xss-cross-site-scripting-security-vulnerability/

CVE-2014-7294 NYU OpenSSO Integration 2.1 Dest Privilege Escalation Web Security Vulnerability



















CVE-2014-7294 NYU OpenSSO Integration 2.1 Dest Privilege Escalation Web Security Vulnerability



Exploit Title: NYU OpenSSO Integration Logon Page url Parameter Open Redirect
Product: OpenSSO Integration
Vendor: NYU
Vulnerable Versions: 2.1 and probability prior
Tested Version: 2.1
Advisory Publication: December 14, 2014
Latest Update: January 05, 2015
Vulnerability Type: Open Redirect [CWE-601]
CVE Reference: CVE-2014-7294
mpact CVSS Severity (version 2.0):
CVSS v2 Base Score: 6.4 (MEDIUM) (AV:N/AC:L/Au:N/C:P/I:P/A:N) (legend)
Impact Subscore: 4.9
Exploitability Subscore: 10.0
CVSS Version 2 Metrics:
Access Vector: Network exploitable
Access Complexity: Low
Authentication: Not required to exploit
Impact Type: Allows unauthorized disclosure of information; Allows unauthorized modification
Discover and Writer: Jing Wang [School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore] (@justqdjing)








Suggestion Details:

(1) Vendor & Product Description:


Vendor:
NYU


Product & Vulnerable Versions:
OpenSSO Integration 
2.1


Vendor URL & Download:
OpenSSO Integration can be obtrained from here,


Product Description:
"NYU has integrated PDS with Sun's OpenSSO Identity Management application. The PDS/OpenSSO integration uses PDS as the NYU Libraries' single sign-on system and leverages NYU's OpenSSO system to provide seamless interaction between library applications and university services. The integration merges patron information from OpenSSO (e.g. name, email, e-resources access) with patron information from Aleph (e.g. borrower status and type) to ensure access to the multitude of library services."

"The NYU Libraries operate in a consortial environment in which not all users are in OpenSSO and not all OpenSSO users are in Aleph. PDS is hosted in an active/passive capacity on our Primo front-end servers. Due to the nature of PDS and Aleph, patrons are required to have an Aleph account in order to login to the library's SSO environment. The exception to this rule is EZProxy."

"Author: Scot Dalton
Additional author(s):
Institution: New York University
Year: 2009
License: BSD style
Short description: Use, modification and distribution of the code are permitted provided the copyright notice, list of conditions and disclaimer appear in all related material.
Link to terms: [Detailed license terms]"





(2) Vulnerability Details:

NYU Opensso Integration web application has a computer security bug problem. It can be exploited by Unvalidated Redirects and Forwards (URL Redirection) attacks. This could allow a user to create a specially crafted URL, that if clicked, would redirect a victim from the intended legitimate web site to an arbitrary web site of the attacker's choosing. Such attacks are useful as the crafted URL initially appear to be a web page of a trusted site. This could be leveraged to direct an unsuspecting user to a web page containing attacks that target client side software such as a web browser or document rendering programs.

Other similar products 0day vulnerabilities have been found by some other bug hunter researchers before. NYU has patched some of them. Web Security Watch is an aggregator of security reports coming from various sources. It aims to provide a single point of tracking for all publicly disclosed security issues that matter. "Its unique tagging system enables you to see a relevant set of tags associated with each security alert for a quick overview of the affected products. What's more, you can now subscribe to an RSS feed containing the specific tags that you are interested in - you will then only receive alerts related to those tags." It has published suggestions, advisories, solutions details related to website vulnerabilities.


(2.1) The vulnerability occurs at "PDS" service's logon page, with "&url" parameter.









References:

CVE-2014-7293 NYU OpenSSO Integration XSS (Cross-Site Scripting) Web Security Vulnerability





















CVE-2014-7293  NYU OpenSSO Integration XSS (Cross-Site Scripting) Web Security Vulnerability

Exploit Title: NYU OpenSSO Integration Logon Page url Parameter XSS
Product: OpenSSO Integration
Vendor: NYU 
Vulnerable Versions: 2.1 and probability prior
Tested Version: 2.1
Advisory Publication: December 29, 2014
Latest Update: December 29, 2014
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2014-7293
Impact CVSS Severity (version 2.0):
CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)
Impact Subscore: 2.9
Exploitability Subscore: 8.6
CVSS Version 2 Metrics:
Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism
Access Complexity: Medium
Authentication: Not required to exploit
Impact Type: Allows unauthorized modification
Discover and Writer: Jing Wang [School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore] (@justqdjing)








Suggestion Details:

(1) Vendor & Product Description:


Vendor:
NYU


Product & Vulnerable Versions:
OpenSSO Integration 
2.1


Vendor URL & Download:
OpenSSO Integration can be obtrained from here,


Product Description:
"NYU has integrated PDS with Sun's OpenSSO Identity Management application. The PDS/OpenSSO integration uses PDS as the NYU Libraries' single sign-on system and leverages NYU's OpenSSO system to provide seamless interaction between library applications and university services. The integration merges patron information from OpenSSO (e.g. name, email, e-resources access) with patron information from Aleph (e.g. borrower status and type) to ensure access to the multitude of library services."

"The NYU Libraries operate in a consortial environment in which not all users are in OpenSSO and not all OpenSSO users are in Aleph. PDS is hosted in an active/passive capacity on our Primo front-end servers. Due to the nature of PDS and Aleph, patrons are required to have an Aleph account in order to login to the library's SSO environment. The exception to this rule is EZProxy."

"Author: Scot Dalton
Additional author(s):
Institution: New York University
Year: 2009
License: BSD style
Short description: Use, modification and distribution of the code are permitted provided the copyright notice, list of conditions and disclaimer appear in all related material.
Link to terms: [Detailed license terms]"





(2) Vulnerability Details:

NYU Opensso Integration web application has a computer cyber security bug problem. Hacker can exploit it by XSS attacks. This may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server.


Other similar products 0day vulnerabilities have been found by some other bug hunter researchers before. NYU has patched some of them. Web Security Watch is an aggregator of security reports coming from various sources. It aims to provide a single point of tracking for all publicly disclosed security issues that matter. "Its unique tagging system enables you to see a relevant set of tags associated with each security alert for a quick overview of the affected products. What's more, you can now subscribe to an RSS feed containing the specific tags that you are interested in - you will then only receive alerts related to those tags." It has published suggestions, advisories, solutions details related to website vulnerabilities.

(2.1) The vulnerability occurs at “PDS” service’s logon page, with “&url” parameter,









Reference:
http://tetraph.com/security/cves/cve-2014-7293-ex-libris-patron-directory-services-pds-xss
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7293
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7293
http://seclists.org/fulldisclosure/2014/Dec/125
http://www.securityfocus.com/bid/71812

http://frenchairing.blogspot.fr/2015/06/ping.html
http://computerobsess.blogspot.com/2015/02/cve-2014-7293-nyu-opensso-integration.html
http://whitehatview.tumblr.com/post/110719704806/shellmantis-cve-2014-7293
http://itsecurity.lofter.com/post/1cfbf9e7_5c667f0
http://tetraph.blogspot.com/2015/02/cve-2014-7293-nyu-opensso-integration.html
https://itswift.wordpress.com/2015/02/12/cve-2014-7293

http://lists.kde.org/?a=139222176300014&r=1&w=2
http://www.inzeed.com/kaleidoscope/computer-security/cve-2014-7293
http://mathswift.blogspot.com/2015/02/cve-2014-7293-nyu-opensso-integration.html
https://vulnerabilitypost.wordpress.com/2015/02/18/cve-2014-7293
https://computertechhut.wordpress.com/2015/02/10/cve-2014-7293-nyu-opensso
http://diebiyi.com/articles/security/xss-vulnerability/cve-2014-7293






CVE-2014-8752 JCE-Tech “Video Niche Script” XSS (Cross-Site Scripting) Security Vulnerability

CVE-2014-8752 JCE-Tech "Video Niche Script" XSS (Cross-Site Scripting) Web Application Zero Day Bug


Exploit Title: JCE-Tech "Video Niche Script" /view.php Multiple Parameters XSS
Product: "Video Niche Script"
Vendor: JCE-Tech
Vulnerable Versions: 4.0
Tested Version: 4.0
Advisory Publication: Nov 18, 2014
Latest Update: Nov 18, 2014
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2014-8752
Impact CVSS Severity (version 2.0):
CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)
Impact Subscore: 2.9
Exploitability Subscore: 8.6
CVSS Version 2 Metrics:
Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism
Access Complexity: Medium
Authentication: Not required to exploit
Impact Type: Allows unauthorized modification
Discover and Reporter: Wang Jing [School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore] (@justqdjing)






















Advisory Details:

(1) Vendor & Product Description:


Vendor:

JCE-Tech



Product & Vulnerable Versions:
Video Niche Script
4.0



Vendor URL & Download:
Product can be obtained from here,
http://sourceforge.net/p/vufind/news/




Product Introduction Overview:



Product Description:
"The PHP Video Script instantly creates a niche video site based on keywords users control via the admin console. The videos are displayed on users' site, but streamed from the YouTube servers."




(2) Vulnerability Details.

JCE-Tech "Video Niche Script" web application has a computer security problem. Hackers can exploit it by reflected XSS cyber attacks. This may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server.

Several other similar products 0-day vulnerabilities have been found by some other bug researchers before. JCE-Tech has patched some of them. "scip AG was founded in 2002. We are driven by innovation, sustainability, transparency, and enjoyment of our work. We are completely self-funded and are thus in the comfortable position to provide completely independent and neutral services. Our staff consists of highly specialized experts who focus on the topic information security and continuously further their expertise through advanced training".


(2.1) The code flaw occurs at "view.php" page with "video", "title" parameter.










References:


Tuesday, 10 February 2015

CVE-2014-9559 SnipSnap XSS (Cross-Site Scripting) Security Web Application Zero Day Bug

keyboard and lock 





















CVE-2014-9559 SnipSnap XSS (Cross-Site Scripting) Security Web Application Zero Day Bug
Exploit Title: SnipSnap /snipsnap-search? query Parameter XSS
Product: SnipSnap
Vulnerable Versions: 0.5.2a  1.0b1  1.0b2
Tested Version: 0.5.2a  1.0b1  1.0b2
Advisory Publication: Jan 30, 2015
Latest Update: Jan 30, 2015
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2014-9559
Impact CVSS Severity (version 2.0):
CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)
Impact Subscore: 2.9
Exploitability Subscore: 8.6
CVSS Version 2 Metrics:
Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism
Access Complexity: Medium
Authentication: Not required to exploit
Impact Type: Allows unauthorized modification
Discover and Reporter: Wang Jing [School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore] (@justqdjing)






Advisory Details:


(1) Vendor & Product Description
Vendor: 
SnipSnap



Product & Version: 
SnipSnap
0.5.2a
1.0b1
1.0b2



Vendor URL & Download:
Product Description: 
“SnipSnap is a user friendly content management system with features such as wiki and weblog. “






(2) Vulnerability Details:
Snipsnap web application has a computer security problem. Hackers can exploit it by XSS cyber attacks. This may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server.

Several other similar products 0-day vulnerabilities have been found by some other bug hunter researchers before. Snipsnap has patched some of them. CXSECurity is a huge collection of information on data communications safety. Its main objective is to inform about errors in various applications. It also publishes suggestions, advisories, solutions details related to XSS vulnerabilities and cyber intelligence recommendations.





(2.1) The code flaw occurs at “snipsnap-search?” page with “query” parameter.









References:
https://webtechwire.wordpress.com/2015/02/11/cve-2014-9559

CVE-2014-8490 TennisConnect COMPONENTS System XSS (Cross-Site Scripting) Security Vulnerability












CVE-2014-8490  TennisConnect COMPONENTS System XSS (Cross-Site Scripting) Web Application Zero Day Bug



Exploit Title: TennisConnect "TennisConnect COMPONENTS System" /index.cfm pid Parameter XSS
Product: TennisConnect COMPONENTS System
Vendor:    TennisConnect
Vulnerable Versions: 9.927
Tested Version:    9.927
Advisory Publication: Nov 18, 2014
Latest Update:    Nov 18, 2014
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2014-8490
Impact CVSS Severity (version 2.0):
CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)
Impact Subscore: 2.9
Exploitability Subscore: 8.6
CVSS Version 2 Metrics:
Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism
Access Complexity: Medium
Authentication: Not required to exploit
Impact Type: Allows unauthorized modification
Discover and Reporter: Wang Jing [School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore] (@justqdjing)






Advisory Details:

(1) Vendor & Product Description:


Vendor:

TennisConnect



Product & Vulnerable Versions:

TennisConnect COMPONENTS System
9.927


Vendor URL & Download:

Product can be obtained from here,
http://www.tennisconnect.com/products.cfm#Components



Product Description:
TennisConnect COMPONENTS
* Contact Manager (online player database)
* Interactive Calendar including online enrollment
* League & Ladder Management through Tencap Tennis
* Group Email (including distribution lists, player reports, unlimited sending volume and frequency)
* Multi-Administrator / security system with Page Groups
* Member Administration
* MobileBuilder
* Online Tennis Court Scheduler
* Player Matching (Find-a-Game)
* Web Site Builder (hosted web site and editing tools at www. your domain name .com)




(2) Vulnerability Details.
TennisConnect COMPONENTS System web application has a computer security problem. Hackers can exploit it by reflected XSS cyber attacks. This may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server.

Several other similar products 0-day vulnerabilities have been found by some other bug hunter researchers before. T
ennisConnect COMPONENTS System has patched some of them. "Bugtraq is an electronic mailing list dedicated to issues about computer security. On-topic issues are new discussions about vulnerabilities, vendor security-related announcements, methods of exploitation, and how to fix them. It is a high-volume mailing list, and almost all new vulnerabilities are discussed there.". It has listed similar exploits, such as Bugtraq (Security Focus) 32920.

TennisConnect COMPONENTS System has a security problem. It is vulnerable to XSS attacks.

(2.1) The code flaw occurs at "/index.cfm?" page, with "&pid" parameter.








References:

http://packetstormsecurity.com/files/129662/TennisConnect-9.927-Cross-Site-Scripting.html
http://tetraph.com/security/cves/cve-2014-8490
https://cxsecurity.com/issue/WLB-2014120151
http://cve.scap.org.cn/CVE-2014-8490.html
http://en.hackdig.com/?11701.htm
http://webtechhut.blogspot.com/2015/02/cve-2014-8490-tennisconnect-components.html
http://seclists.org/fulldisclosure/2014/Dec/83
http://computerobsess.blogspot.com/2015/02/cve-2014-8490-tennisconnect-components.html
http://diebiyi.com/articles/security/xss-vulnerability/cve-2014-8490
https://www.mail-archive.com/fulldisclosure%40seclists.org/msg01464.html
https://progressive-comp.com/?l=full-disclosure&m=141896694615302&w=1
http://whitehatpost.blog.163.com/blog/static/2422320542015110102316210/#
http://tetraph.blogspot.com/2015/02/cve-2014-8490-tennisconnect-components.html
http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1352