|
 |
| SecurityReason | ||
| WLB | ||
| Services | ||
| RSS | ||
| Corporate | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
Home  SecurityAlert Database |
||||
SecurityAlert : 201 CVE : CVE-2005-3849 SecurityRisk : Low  (About) Remote Exploit : Yes Local Exploit : No Exploit Given : Yes Credit : Moritz Naumann Published : 23.11.2005
Advisory Text : -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SA0005 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ +++++ PmWiki 2.0.12 Cross Site Scripting +++++ +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ PUBLISHED ON Nov 22, 2005 PUBLISHED AT http://moritz-naumann.com/adv/0005/pmwiki/0005.txt http://moritz-naumann.com/adv/0005/pmwiki/0005.txt.sig PUBLISHED BY Moritz Naumann IT Consulting & Services Hamburg, Germany http://moritz-naumann.com/ SECURITY at MORITZ hyphon NAUMANN d0t COM GPG key: http://moritz-naumann.com/keys/0x277F060C.asc AFFECTED APPLICATION OR SERVICE PmWiki http://www.pmwiki.org/ AFFECTED VERSION Version 2.0 up to and including 2.0.12 BACKGROUND Everybody knows XSS. http://en.wikipedia.org/wiki/XSS http://www.cgisecurity.net/articles/xss-faq.shtml ISSUE PmWiki 2.0.12 is subject to a XSS vulnerability. The problem exists in the 'q' parameter passed to the search function. Successful exploitation may allow for impersonification through session stealing. The following URL demonstrates this issue: [pmwiki_basedir]/Site/Search?action=search&q=TRY%20ANOTHER%20SEARCH%20NO W!%20YES,%20YOU!'%20onMouseOver='alert(document.title);'%20 This issue is caused by insufficient input validation. WORKAROUND Client: Disable Javascript. Server: Prevent access to pagelist.php. SOLUTIONS Install or upgrade to the latest release, version 2.0.13. Both releases and patch files are available at http://www.pmwiki.org/pub/pmwiki/ TIMELINE Nov 05, 2005 Discovery Nov 05, 2005 Code maintainer notified Nov 09, 2005 Code maintainer replies Nov 10, 2005 Code maintainer provides fix Nov 11, 2005 CVE candidate assignment requested Nov 22, 2005 Sick of waiting for Mitre to fix their DB Nov 22, 2005 Public disclosure REFERENCES N/A ADDITIONAL CREDIT N/A LICENSE Creative Commons Attribution-ShareAlike License Germany http://creativecommons.org/licenses/by-sa/2.0/de/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) iD8DBQFDg4k6n6GkvSd/BgwRAkHNAKCTcGJKosuxhRzWh4BBSxMdhPN5hgCgh6ge 12nFL+rppdBzzKf9w3XXETc= =idBd -----END PGP SIGNATURE-----  Feedback : If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com. |
||||
| Alert | ||
Multiple Vendors libc/gdtoa printf(3) Array Overrun
SecurityReason realised new advisory about vulnerabilities libc/gdtoa... |
||
| Apache |  |
|
» Apache Tomcat |
||
» Apache Tomcat User |
||
| PHP | |
|
» PHP |
||
- 2009-05-30| Copyright © SecurityReason.com. All Rights Reserved. |