Vulners
Lucene search
Campaign Enterprise 11 SQL Injection / Unauthorized Access
| Reporter | Title | Published | Views | Family All 30 |
|---|---|---|---|---|
 | CVE-2012-3822 | 10 Jan 202020:32 | – | circl |
| CVE-2012-3823 | 10 Jan 202020:32 | – | circl |
| CVE-2012-3824 | 10 Jan 202020:32 | – | circl |
 | CVE-2012-3820 | 14 Aug 201414:00 | – | cve |
| CVE-2012-3821 | 10 Jan 202019:21 | – | cve |
| CVE-2012-3822 | 10 Jan 202016:49 | – | cve |
| CVE-2012-3823 | 10 Jan 202016:52 | – | cve |
| CVE-2012-3824 | 10 Jan 202016:55 | – | cve |
 | CVE-2012-3820 | 14 Aug 201414:00 | – | cvelist |
| CVE-2012-3821 | 10 Jan 202019:21 | – | cvelist |
10
Overview
===============
Campaign Enterprise 11, by ArialSoftware (www.arialsoftware.com), "is
a mass email system you install on your own computer or server, is
accessible using a web browser inside and/or outside your network, is
only a one-time cost, and has the best US-based tech support
available."
Multiple vulnerabilities were discovered in the "standard" software
package (other's were not assessed) <= v11.0.538.
Analysis
===============
For more information on the analysis and how the vulnerabilities were
discovered, I've setup a blog post covering the subject in greater
detail:
http://sadgeeksinsnow.blogspot.com/2012/10/my-first-experiences-bug-hunting-part-2.html
Timeline
===============
06/29/2011 - Discovered multiple bugs in an product vendor's application
06/29/2012 - Disclosure of details to product vendor & CVE assignment
10/08/2012 - Product vendor released patch for all all CVEs (v11.0.551)
10/18/2012 - Public disclosure to Bugtraq
CVE(s)
===============
CVE-2012-3820: Multiple SQL Injection: activate.asp – SerialNumber
field, User-Edit.asp – UID field
CVE-2012-3821: Unauthorized access to the activate.asp page, allows
modification of stored database field SerialNumber without
authentication or authorization.
CVE-2012-3822: Unauthorized access to the User-Edit.asp page, allows
attacker to enumerate users and their credentials by supplying their
UID in the querystring.
CVE-2012-3823: The product has stores passwords in clear text and
these may be retrieved using the User-Edit.asp page.
CVE-2012-3824: Multiple pages accessible without authentication or
authorization which may lead to the unintended disclosure of
information or functionality but was not assessed. Register.asp,
Group-Edit.asp, Subscriber-Edit.asp, SMTP-Edit.asp, Email-Edit.asp,
Admin-GlobalConfig.asp, Admin-Users.asp, Campaign-Datasource.asp
Remediation
===============
Update to the current version of Campaign Enterprise 11, v11.0.551.
# 0day.today [2018-03-09] #Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
19 Oct 2012 00:00Current
7.9High risk
Vulners AI Score7.9
EPSS0.01298