F*EX 20100208/20111129-2 Multiple Cross Site Scripting Vulnerabilities
2012-02-20T00:00:00
ID EDB-ID:36851 Type exploitdb Reporter muuratsalo Modified 2012-02-20T00:00:00
Description
F*EX 20100208/20111129-2 Multiple Cross Site Scripting Vulnerabilities. CVE-2012-0869. Webapps exploit for php platform
source: http://www.securityfocus.com/bid/52085/info
F*EX is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.
Exploiting these issues could allow an attacker to execute arbitrary script on the affected server and steal cookie-based authentication credentials. Other attacks are also possible.
http://www.example.com/fup [id parameter]
http://www.example.com/fup [to parameter]
http://www.example.com/fup [from parameter]
{"id": "EDB-ID:36851", "hash": "df8e5036fe4dbfb247d951a079b70e66", "type": "exploitdb", "bulletinFamily": "exploit", "title": "F*EX 20100208/20111129-2 Multiple Cross Site Scripting Vulnerabilities", "description": "F*EX 20100208/20111129-2 Multiple Cross Site Scripting Vulnerabilities. CVE-2012-0869. Webapps exploit for php platform", "published": "2012-02-20T00:00:00", "modified": "2012-02-20T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://www.exploit-db.com/exploits/36851/", "reporter": "muuratsalo", "references": [], "cvelist": ["CVE-2012-0869"], "lastseen": "2016-02-04T04:30:15", "history": [], "viewCount": 1, "enchantments": {"score": {"value": 4.6, "vector": "NONE", "modified": "2016-02-04T04:30:15"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2012-0869"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2414-1:6D7A5", "DEBIAN:DSA-2414-2:E4CCF", "DEBIAN:BSA-062:06DFD"]}, {"type": "openvas", "idList": ["OPENVAS:136141256231071145", "OPENVAS:71141", "OPENVAS:71145", "OPENVAS:136141256231071141", "OPENVAS:1361412562310803034"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-2414.NASL"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:27814", "SECURITYVULNS:VULN:12275"]}], "modified": "2016-02-04T04:30:15"}, "vulnersScore": 4.6}, "objectVersion": "1.4", "sourceHref": "https://www.exploit-db.com/download/36851/", "sourceData": "source: http://www.securityfocus.com/bid/52085/info\r\n\r\nF*EX is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.\r\n\r\nExploiting these issues could allow an attacker to execute arbitrary script on the affected server and steal cookie-based authentication credentials. Other attacks are also possible. \r\n\r\nhttp://www.example.com/fup [id parameter]\r\nhttp://www.example.com/fup [to parameter]\r\nhttp://www.example.com/fup [from parameter] ", "osvdbidlist": ["79420"], "_object_type": "robots.models.exploitdb.ExploitDbBulletin", "_object_types": ["robots.models.exploitdb.ExploitDbBulletin", "robots.models.base.Bulletin"]}
{"cve": [{"lastseen": "2019-05-29T18:12:20", "bulletinFamily": "NVD", "description": "Cross-site scripting (XSS) vulnerability in fup in Frams' Fast File EXchange (F*EX, aka fex) before 20120215 allows remote attackers to inject arbitrary web script or HTML via the id parameter.", "modified": "2017-08-29T01:31:00", "id": "CVE-2012-0869", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0869", "published": "2012-09-25T23:55:00", "title": "CVE-2012-0869", "type": "cve", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "openvas": [{"lastseen": "2017-07-24T12:50:44", "bulletinFamily": "scanner", "description": "The remote host is missing an update to fex\nannounced via advisory DSA 2414-2.", "modified": "2017-07-07T00:00:00", "published": "2012-03-12T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=71145", "id": "OPENVAS:71145", "title": "Debian Security Advisory DSA 2414-2 (fex)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2414_2.nasl 6612 2017-07-07 12:08:03Z cfischer $\n# Description: Auto-generated from advisory DSA 2414-2 (fex)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that the last security update for F*X, DSA-2414-1,\nintroduced a regression. Updated packages are now available to address\nthis problem.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 20100208+debian1-1+squeeze3.\n\nThe testing (wheezy) and unstable (sid) distributions are not affected\nby this problem.\n\nWe recommend that you upgrade your fex packages.\";\ntag_summary = \"The remote host is missing an update to fex\nannounced via advisory DSA 2414-2.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202414-2\";\n\nif(description)\n{\n script_id(71145);\n script_cve_id(\"CVE-2012-0869\");\n script_version(\"$Revision: 6612 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:08:03 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-03-12 11:31:57 -0400 (Mon, 12 Mar 2012)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_name(\"Debian Security Advisory DSA 2414-2 (fex)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"fex\", ver:\"20100208+debian1-1+squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"fex-utils\", ver:\"20100208+debian1-1+squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-07-24T12:50:57", "bulletinFamily": "scanner", "description": "The remote host is missing an update to fex\nannounced via advisory DSA 2414-1.", "modified": "2017-07-07T00:00:00", "published": "2012-03-12T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=71141", "id": "OPENVAS:71141", "title": "Debian Security Advisory DSA 2414-1 (fex)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2414_1.nasl 6612 2017-07-07 12:08:03Z cfischer $\n# Description: Auto-generated from advisory DSA 2414-1 (fex)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Nicola Fioravanti discovered that F*X, a web service for transferring\nvery large files, is not properly sanitizing input parameters of the fup\nscript. An attacker can use this flaw to conduct reflected cross-site\nscripting attacks via various script parameters.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 20100208+debian1-1+squeeze2.\n\nFor the testing distribution (wheezy), this problem will be fixed soon.\n\nFor the unstable distribution (sid), this problem has been fixed\nin version 20120215-1.\n\nWe recommend that you upgrade your fex packages.\";\ntag_summary = \"The remote host is missing an update to fex\nannounced via advisory DSA 2414-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202414-1\";\n\nif(description)\n{\n script_id(71141);\n script_cve_id(\"CVE-2012-0869\");\n script_version(\"$Revision: 6612 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:08:03 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-03-12 11:31:28 -0400 (Mon, 12 Mar 2012)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_name(\"Debian Security Advisory DSA 2414-1 (fex)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"fex\", ver:\"20100208+debian1-1+squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"fex-utils\", ver:\"20100208+debian1-1+squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-05-29T18:38:56", "bulletinFamily": "scanner", "description": "The remote host is missing an update to fex\nannounced via advisory DSA 2414-2.", "modified": "2019-03-18T00:00:00", "published": "2012-03-12T00:00:00", "id": "OPENVAS:136141256231071145", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231071145", "title": "Debian Security Advisory DSA 2414-2 (fex)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2414_2.nasl 14275 2019-03-18 14:39:45Z cfischer $\n# Description: Auto-generated from advisory DSA 2414-2 (fex)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.71145\");\n script_cve_id(\"CVE-2012-0869\");\n script_version(\"$Revision: 14275 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:39:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-03-12 11:31:57 -0400 (Mon, 12 Mar 2012)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_name(\"Debian Security Advisory DSA 2414-2 (fex)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB6\");\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202414-2\");\n script_tag(name:\"insight\", value:\"It was discovered that the last security update for F*X, DSA-2414-1,\nintroduced a regression. Updated packages are now available to address\nthis problem.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 20100208+debian1-1+squeeze3.\n\nThe testing (wheezy) and unstable (sid) distributions are not affected\nby this problem.\");\n\n script_tag(name:\"solution\", value:\"We recommend that you upgrade your fex packages.\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update to fex\nannounced via advisory DSA 2414-2.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"fex\", ver:\"20100208+debian1-1+squeeze3\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"fex-utils\", ver:\"20100208+debian1-1+squeeze3\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:39:14", "bulletinFamily": "scanner", "description": "The remote host is missing an update to fex\nannounced via advisory DSA 2414-1.", "modified": "2019-03-18T00:00:00", "published": "2012-03-12T00:00:00", "id": "OPENVAS:136141256231071141", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231071141", "title": "Debian Security Advisory DSA 2414-1 (fex)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2414_1.nasl 14275 2019-03-18 14:39:45Z cfischer $\n# Description: Auto-generated from advisory DSA 2414-1 (fex)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.71141\");\n script_cve_id(\"CVE-2012-0869\");\n script_version(\"$Revision: 14275 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:39:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-03-12 11:31:28 -0400 (Mon, 12 Mar 2012)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_name(\"Debian Security Advisory DSA 2414-1 (fex)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB6\");\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202414-1\");\n script_tag(name:\"insight\", value:\"Nicola Fioravanti discovered that F*X, a web service for transferring\nvery large files, is not properly sanitizing input parameters of the fup\nscript. An attacker can use this flaw to conduct reflected cross-site\nscripting attacks via various script parameters.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 20100208+debian1-1+squeeze2.\n\nFor the testing distribution (wheezy), this problem will be fixed soon.\n\nFor the unstable distribution (sid), this problem has been fixed\nin version 20120215-1.\");\n\n script_tag(name:\"solution\", value:\"We recommend that you upgrade your fex packages.\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update to fex\nannounced via advisory DSA 2414-1.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"fex\", ver:\"20100208+debian1-1+squeeze3\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"fex-utils\", ver:\"20100208+debian1-1+squeeze3\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:38:45", "bulletinFamily": "scanner", "description": "This host is running F*EX (Frams", "modified": "2018-10-12T00:00:00", "published": "2012-09-27T00:00:00", "id": "OPENVAS:1361412562310803034", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310803034", "title": "F*EX (Frams's Fast File EXchange) Multiple XSS Vulnerabilities", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fex_fup_mult_xss_vuln.nasl 11857 2018-10-12 08:25:16Z cfischer $\n#\n# F*EX (Frams's Fast File EXchange) Multiple XSS Vulnerabilities\n#\n# Authors:\n# Rachana Shetty <srachana@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.803034\");\n script_version(\"$Revision: 11857 $\");\n script_cve_id(\"CVE-2012-0869\", \"CVE-2012-1293\");\n script_bugtraq_id(52085);\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 10:25:16 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-09-27 16:41:55 +0530 (Thu, 27 Sep 2012)\");\n script_name(\"F*EX (Frams's Fast File EXchange) Multiple XSS Vulnerabilities\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/47971\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/48066\");\n script_xref(name:\"URL\", value:\"http://seclists.org/oss-sec/2012/q1/att-441/FEX_20100208.txt\");\n script_xref(name:\"URL\", value:\"http://seclists.org/oss-sec/2012/q1/att-441/FEX_20111129-2.txt\");\n script_xref(name:\"URL\", value:\"http://archives.neohapsis.com/archives/bugtraq/2012-02/0112.html\");\n\n script_category(ACT_ATTACK);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Web Servers\");\n script_dependencies(\"gb_get_http_banner.nasl\");\n script_require_ports(\"Services/www\", 8888);\n script_mandatory_keys(\"fexsrv/banner\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote attackers to insert arbitrary HTML\n and script code, which will be executed in a user's browser session in the\n context of an affected site.\");\n script_tag(name:\"affected\", value:\"Frams' Fast File EXchange versions before 20111129-2\");\n script_tag(name:\"insight\", value:\"The inputs passed via 'to', 'from' and 'id' parameter to 'fup' is not\n properly validated, which allows attackers to execute arbitrary HTML and\n script code in a user's browser session in the context of an affected site.\");\n script_tag(name:\"solution\", value:\"Upgrade to Frams' Fast File EXchange version 20111129-2 or later.\");\n script_tag(name:\"summary\", value:\"This host is running F*EX (Frams's Fast File EXchange) and is\n prone to multiple cross site scripting vulnerabilities.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_vul\");\n\n script_xref(name:\"URL\", value:\"http://fex.rus.uni-stuttgart.de/index.html\");\n exit(0);\n}\n\n\ninclude(\"http_func.inc\");\ninclude(\"http_keepalive.inc\");\n\nport = get_http_port(default:8888);\n\nbanner = get_http_banner(port:port);\nif(!banner || \"Server: fexsrv\" >!< banner){\n exit(0);\n}\n\nurl = '/fup?id=38c66\"><script>alert(document.cookie);</script>'+\n 'b08f61c45c6&to=%0d&from=%0d';\n\nif(http_vuln_check(port:port, url:url, check_header:TRUE,\n pattern:\"<script>alert\\(document.cookie\\);</script>\",\n extra_check: make_list('F*EX upload<', 'F*EX server'))) {\n report = report_vuln_url( port:port, url:url);\n security_message(port:port, data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "nessus": [{"lastseen": "2019-12-13T06:51:14", "bulletinFamily": "scanner", "description": "Nicola Fioravanti discovered that F*X, a web service for transferring\nvery large files, is not properly sanitizing input parameters of the\n", "modified": "2019-12-02T00:00:00", "id": "DEBIAN_DSA-2414.NASL", "href": "https://www.tenable.com/plugins/nessus/58077", "published": "2012-02-22T00:00:00", "title": "Debian DSA-2414-2 : fex - insufficient input sanitization", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2414. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(58077);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/11/10 11:49:35\");\n\n script_cve_id(\"CVE-2012-0869\");\n script_xref(name:\"DSA\", value:\"2414\");\n\n script_name(english:\"Debian DSA-2414-2 : fex - insufficient input sanitization\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Nicola Fioravanti discovered that F*X, a web service for transferring\nvery large files, is not properly sanitizing input parameters of the\n'fup'script. An attacker can use this flaw to conduct reflected\ncross-site scripting attacks via various script parameters.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/fex\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2012/dsa-2414\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the fex packages.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 20100208+debian1-1+squeeze3.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fex\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"fex\", reference:\"20100208+debian1-1+squeeze3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"fex-utils\", reference:\"20100208+debian1-1+squeeze3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "debian": [{"lastseen": "2019-05-30T02:21:57", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2413-1 security@debian.org\nhttp://www.debian.org/security/ Nico Golde\nFebruary 21, 2012 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : fex\nVulnerability : insufficient input sanitization\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2012-0869\n\nNicola Fioravanti discovered that F*X, a web service for transferring\nvery large files, is not properly sanitizing input parameters of the "fup"\nscript. An attacker can use this flaw to conduct reflected cross-site\nscripting attacks via various script parameters.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 20100208+debian1-1+squeeze2.\n\nFor the testing distribution (wheezy), this problem will be fixed soon.\n\nFor the unstable distribution (sid), this problem has been fixed\nin version 20120215-1.\n\nWe recommend that you upgrade your fex packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2012-02-21T23:12:11", "published": "2012-02-21T23:12:11", "id": "DEBIAN:DSA-2414-1:6D7A5", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2012/msg00041.html", "title": "[SECURITY] [DSA 2414-1] fex security update", "type": "debian", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-30T02:22:14", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2414-2 security@debian.org\nhttp://www.debian.org/security/ Nico Golde\nFebruary 25, 2012 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : fex\nVulnerability : insufficient input sanitization\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2012-0869\n\nIt was discovered that the last security update for F*X, DSA-2414-1,\nintroduced a regression. Updated packages are now available to address\nthis problem.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 20100208+debian1-1+squeeze3.\n\nThe testing (wheezy) and unstable (sid) distributions are not affected\nby this problem.\n\nWe recommend that you upgrade your fex packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2012-02-25T16:27:08", "published": "2012-02-25T16:27:08", "id": "DEBIAN:DSA-2414-2:E4CCF", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2012/msg00045.html", "title": "[SECURITY] [DSA 2414-2] fex regression", "type": "debian", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-30T02:23:01", "bulletinFamily": "unix", "description": "Kilian Krause uploaded new packages for fex which fixed the\nfollowing security problems:\n\nCVE-2012-0869, CVE-2012-1293 (see also DSA 2414-1 and 2412-2)\n\nNicola Fioravanti discovered that F*EX, a web service for transferring\nvery large files, is not properly sanitizing input parameters of the "fup"\nscript. An attacker can use this flaw to conduct reflected cross-site\nscripting attacks via various script parameters.\n\nFor the squeeze-backports distribution the problems have been fixed in\nversion 20120215-3~bpo60+1.\n\nThe Debian stable and unstable distribution are already fixed, testing (wheezy)\nwill receive this update in the next days.\n\nWe recommend that you upgrade your fex packages.\n\n-- \nBest regards,\nKilian\n", "modified": "2012-03-16T08:07:42", "published": "2012-03-16T08:07:42", "id": "DEBIAN:BSA-062:06DFD", "href": "https://lists.debian.org/debian-backports-announce/2012/debian-backports-announce-201203/msg00000.html", "title": "[BSA-062] Security Update for fex", "type": "debian", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:44", "bulletinFamily": "software", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- -------------------------------------------------------------------------\r\nDebian Security Advisory DSA-2413-1 security@debian.org\r\nhttp://www.debian.org/security/ Nico Golde\r\nFebruary 21, 2012 http://www.debian.org/security/faq\r\n- -------------------------------------------------------------------------\r\n\r\nPackage : fex\r\nVulnerability : insufficient input sanitization\r\nProblem type : remote\r\nDebian-specific: no\r\nCVE ID : CVE-2012-0869\r\n\r\nNicola Fioravanti discovered that F*X, a web service for transferring\r\nvery large files, is not properly sanitizing input parameters of the "fup"\r\nscript. An attacker can use this flaw to conduct reflected cross-site\r\nscripting attacks via various script parameters.\r\n\r\nFor the stable distribution (squeeze), this problem has been fixed in\r\nversion 20100208+debian1-1+squeeze2.\r\n\r\nFor the testing distribution (wheezy), this problem will be fixed soon.\r\n\r\nFor the unstable distribution (sid), this problem has been fixed\r\nin version 20120215-1.\r\n\r\nWe recommend that you upgrade your fex packages.\r\n\r\nFurther information about Debian Security Advisories, how to apply\r\nthese updates to your system and frequently asked questions can be\r\nfound at: http://www.debian.org/security/\r\n\r\nMailing list: debian-security-announce@lists.debian.org\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.11 (GNU/Linux)\r\n\r\niEYEARECAAYFAk9EIJ0ACgkQHYflSXNkfP9sRwCguCPbt0Ip6mCJMnfv0HXBLmKj\r\nHvwAnjwOhMw8QqcSWQsgVJFA8KWcyg9g\r\n=mRCu\r\n-----END PGP SIGNATURE-----\r\n", "modified": "2012-03-19T00:00:00", "published": "2012-03-19T00:00:00", "id": "SECURITYVULNS:DOC:27814", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:27814", "title": "[SECURITY] [DSA 2414-1] fex security update", "type": "securityvulns", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-08-31T11:09:46", "bulletinFamily": "software", "description": "PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.", "modified": "2012-03-19T00:00:00", "published": "2012-03-19T00:00:00", "id": "SECURITYVULNS:VULN:12275", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12275", "title": "Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)", "type": "securityvulns", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}
