Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:10712
HistoryDec 18, 2005 - 12:00 a.m.

Honeycomb Archive & Honeycomb Archive Enterprise vuln.

2005-12-1800:00:00
vulners.com
10
JSON

Honeycomb Archive & Honeycomb Archive Enterprise vuln.

Vuln. discovered by : r0t
Date: 17 dec. 2005
orginal advisory:http://pridels.blogspot.com/2005/12/honeycomb-archive-honeycomb-archive.html
vendor:http://www.quicksquare.com/
affected version:Honeycomb Archive 3.0 and Honeycomb Archive Enterprise

Product Description:

Honeycomb Archive™ is an image library service that functions as a
stand-alone web site solution providing a central repository for
graphics & files needed to support marketing, advertising, and sales
personnel with print and web publishing needs. Industry leaders such
as Master Lock(r) & Valvoline(r) rely on Honeycomb Archive™ every day
to distribute the correct brand images to thousands of users from all
over the world.

Vuln. Description:

  1. Multiple SQL inj. vuln. in Honeycomb Archive and Honeycomb Archive Enterprise

Honeycomb Archive and Honeycomb Archive Enterprise contains a flaw
that allows a remote cross site scripting attack. This flaw exists
because input passed "series" "cat_parent" "cat" "div" in
"CategoryResults.cfm" isn't properly sanitised before being returned
to the user.
This could allow a user to create a specially crafted URL that would
execute arbitrary code in a user's browser within the trust
relationship between the browser and the server, leading to a loss of
integrity.

examples:

/CategoryResults.cfm?div=7&cat=118&cat_parent=107&series=[SQL]
/CategoryResults.cfm?div=7&cat=118&cat_parent=[SQL]
/CategoryResults.cfm?div=7&cat=[SQL]
/CategoryResults.cfm?div=[SQL]

  1. XSS in Honeycomb Archive Enterprise search module

Honeycomb Archive Enterprise contains a flaw that allows a remote
cross site scripting attack. This flaw exists because input passed to
search module paremters isn't properly sanitised before being returned
to the user.
This could allow a user to create a specially crafted URL that would
execute arbitrary code in a user's browser within the trust
relationship between the browser and the server, leading to a loss of
integrity.

Solution:
Edit the source code to ensure that input is properly sanitised.

JSON