CVE-2015-2214 – NetCat CMS Full Path Disclosure (Information Disclosure) Web Security Vulnerabilities

theusgovernm

 

CVE-2015-2214 – NetCat CMS Full Path Disclosure (Information Disclosure) Web Security Vulnerabilities


 

Exploit Title: CVE-2015-2214 NetCat CMS Full Path Disclosure Web Security Vulnerabilities

Product: NetCat CMS (Content Management System)

Vendor: NetCat

Vulnerable Versions: 5.01 3.12 3.0 2.4 2.3 2.2 2.1 2.0 1.1

Tested Version: 5.01 3.12

Advisory Publication: February 27, 2015

Latest Update: May 05, 2015

Vulnerability Type: Information Leak / Disclosure [CWE-200]

CVE Reference: CVE-2015-2214

Impact CVSS Severity (version 2.0):

CVSS v2 Base Score: 5.0 (MEDIUM) (AV:N/AC:L/Au:N/C:P/I:N/A:N) (legend)

Impact Subscore: 2.9

Exploitability Subscore: 10.0

CVSS Version 2 Metrics:

Access Vector: Network exploitable

Access Complexity: Low

Authentication: Not required to exploit

Impact Type: Allows unauthorized disclosure of information

Credit and Writer: Wang Jing [School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore] (@justqdjing)

 
 
 

Consultation Details:


 

(1) Vendor & Product Description:

Vendor:

NetCat


 

Product & Version:

NetCat

5.01 3.12 3.0 2.4 2.3 2.2 2.1 2.0 1.1


 

Vendor URL & Download:

NetCat can be accessed from here,

http://netcat.ru/


 

Product Introduction Overview:

NetCat.ru is russian local company. “NetCat designed to create an absolute majority of the types of sites: from simple “business card” with a minimum content to complex web-based systems, from corporate offices to online stores, libraries or media data – in other words, projects completely different directions and at any level of complexity. View examples of sites running on NetCat CMS can be in a special section.”


“Manage the site on the basis of NetCat can even inexperienced user, because it does not require knowledge of Internet technologies, programming and markup languages. NetCat constantly improving, adds new features. In the process of finalizing necessarily take into account the wishes of our partners and clients, as well as trends in Internet development. More than 2,000 studios and private web developers have chosen for their projects is NetCat, and in 2013 sites, successfully working on our CMS, created more than 18,000.”


“We give a discount on any edition NetCat

We try to help our partners to enter into a close-knit team. To reduce your expenses on the development of a new system, we provide special conditions for the acquisition of commercial licenses NetCat, for a partner is assigned a permanent discount of 40%, which according to the results of further sales could be increased to 60%.”


“Teach your developers work with the secrets NetCat

In addition to the detailed documentation and video tutorials to new partners we offer a unique free service – direct contact with the developer from the team NetCat, which will help in the development of product development tools.”


“We give customers

Once you develop the three sites NetCat information about you appear in our ranking developers. This means that you not only begin to receive direct requests from clients but also become a member of tenders conducted by customers. In addition, if the partner is really good work, employees NetCat begin recommending it to clients requesting assistance in the choice of contractor.”


“We will help in the promotion of

The company is a regular participant NetCat large number of forums, seminars and conferences. We are happy to organize together with partners involved, help with advertising materials and share information for the report.”


“Confirmed its status in the eyes of customers

We have a very flexible system of certification of partners: we do not give certificates for the sale of licenses and for the developed sites. So, for example, to obtain a certificate “Development of corporate websites’ to add to your personal account three implementation of the appropriate type.”

 
 

(2) Vulnerability Details:

NetCat web application has a computer security bug problem. It can be exploited by information leakage attacks – Full Path Disclosure (FPD). This may allow a remote attacker to disclose the software’s installation path. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.


Several other similar products 0-day vulnerabilities have been found by some other bug hunter researchers before. Netcat has patched some of them. FusionVM Vulnerability Management and Compliance provides sources for the latest info-sec news, tools, and advisories. It has published suggestions, advisories, solutions details related to important vulnerabilities.

 

(2.1) The first programming code flaw occurs at “&redirect_url” parameter in “netshop/post.php?” page.

 
 
 
 
 

References:

http://tetraph.com/security/full-path-disclosure-vulnerability/netcat-cms-full-path-disclosure-information-disclosure-security-vulnerabilities/

http://securityrelated.blogspot.com/2015/02/netcat-cms-full-path-disclosure.html

http://seclists.org/fulldisclosure/2015/Mar/8

https://www.mail-archive.com/fulldisclosure%40seclists.org/msg01740.html

http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1645

http://lists.openwall.net/full-disclosure/2015/03/02/6

http://static-173-79-223-25.washdc.fios.verizon.net/?l=full-disclosure&m=142527117510514&w=2

http://marc.info/?l=full-disclosure&m=142527117510514&w=4

https://itinfotechnology.wordpress.com/2015/02/25/netcat-cms-full-path-disclosure-information-disclosure-security-vulnerabilities/

http://www.tetraph.com/blog/information-leakage-vulnerability/cve-2015-2214-netcat-cms-full-path-disclosure-information-disclosure-web-security-vulnerabilities/

http://essayjeans.blog.163.com/blog/static/2371730742015411113047382/

http://www.weibo.com/1644370627/ChjMoA9hD?type=comment#_rnd1431315096193

http://homehut.lofter.com/post/1d226c81_6eae13a

 

CVE-2015-2066 – DLGuard SQL Injection Web Security Vulnerabilities

Web-Security-Choosing-The-Security

 

CVE-2015-2066 – DLGuard SQL Injection Web Security Vulnerabilities

Exploit Title: CVE-2015-2066 DLGuard /index.php c parameter SQL Injection Web Security Vulnerabilities

Product: DLGuard

Vendor: DLGuard

Vulnerable Versions: v4.5

Tested Version: v4.5

Advisory Publication: February 18, 2015

Latest Update: May 01, 2015

Vulnerability Type: Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) [CWE-89]

CVE Reference: CVE-2015-2066

CVSS Severity (version 2.0):

CVSS v2 Base Score: 7.5 (HIGH) (AV:N/AC:L/Au:N/C:P/I:P/A:P) (legend)

Impact Subscore: 6.4

Exploitability Subscore: 10.0

CVSS Version 2 Metrics:

Access Vector: Network exploitable

Access Complexity: Low

Authentication: Not required to exploit

Impact Type: Allows unauthorized disclosure of information; Allows unauthorized modification; Allows disruption of service

Writer and Reporter: Jing Wang [School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore] (@justqdjing)





Caution Details:

(1) Vendor & Product Description:

Vendor:

DLGuard

Product & Version:

DLGuard

v4.5

Vendor URL & Download:

DLGuard can be downloaded from here,

http://www.dlguard.com/dlginfo/index.php

Product Introduction Overview:

“DLGuard is a powerful, yet easy to use script that you simply upload to your website and then rest assured that your internet business is not only safe, but also much easier to manage, automating the tasks you just don’t have the time for.”

“DLGuard supports the three types, or methods, of sale on the internet:

<1>Single item sales (including bonus products!)

<2>Multiple item sales

<3>Membership websites”

“DLGuard is fully integrated with: PayPal, ClickBank, 2Checkout, Authorize.Net, WorldPay, AlertPay, Ebay, PayDotCom, E-Gold, 1ShoppingCart, Click2Sell, Mal’s E-Commerce, LinkPoint, PagSeguro, CCBill, CommerseGate, DigiResults, FastSpring, JVZoo, MultiSafePay, Paypal Digital Goods, Plimus, RevenueWire/SafeCart, SWReg, WSO Pro, and even tracks your free product downloads. The DLGuard built-in Shopping Cart offers Paypal, Authorize.net, and 2Checkout payment options. The Membership areas allow Paypal, Clickbank, 2Checkout, and LinkPoint recurring billing as well as linking to any PayPal, ClickBank, 2Checkout, Authorize.Net, WorldPay, AlertPay, Ebay, PayDotCom, E-Gold, 1ShoppingCart, E-Bullion, LinkPoint, PagSeguro, CCBill, CommerseGate, DigiResults, FastSpring, JVZoo, MultiSafePay, Paypal Digital Goods, Plimus, RevenueWire/SafeCart, SWReg, WSO Pro single sale and free products so that people who buy your products can access your members area. DLGuard is the perfect solution to secure your single sale item, such as a niche marketing website, software sales, ebook sales, and more! DLGuard not only protects your download page, but it makes setting up new products, or making changes to existing products so much quicker and easier than before.”


(2) Vulnerability Details:

DLGuard web application has a computer security bug problem. It can be exploited by SQL Injection attacks. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

Several similar products vulnerabilities have been found by some other bug hunter researchers before. DLguard has patched some of them. The MITRE Corporation is a not-for-profit company that operates multiple federally funded research and development centers (FFRDCs), which provide innovative, practical solutions for some of our nation’s most critical challenges in defense and intelligence, aviation, civil systems, homeland security, the judiciary, healthcare, and cybersecurity. It has phase, votes, comments and proposed details related to important vulnerabilities.

(2.1) The bug programming flaw vulnerability occurs at “&c” parameter in “index.php?” page.

 
 

References:

http://seclists.org/fulldisclosure/2015/Feb/69

https://www.mail-archive.com/fulldisclosure%40seclists.org/msg01703.html

https://progressive-comp.com/?a=139222176300014&r=1&w=1%E2%80%8B

http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1607

http://lists.openwall.net/full-disclosure/2015/02/18/6

http://marc.info/?a=139222176300014&r=1&w=4

http://www.tetraph.com/blog/sql-injection-vulnerability/cve-2015-2066-dlguard-sql-injection-web-security-vulnerabilities/

http://www.inzeed.com/kaleidoscope/sql-injection-vulnerability/cve-2015-2066-dlguard-sql-injection-web-security-vulnerabilities/

http://diebiyi.com/articles/%E5%AE%89%E5%85%A8/sql-injection-vulnerability/cve-2015-2066-dlguard-sql-injection-web-security-vulnerabilities/

https://plus.google.com/u/0/107140622279666498863/posts/44pDNaZao8v

https://biyiniao.wordpress.com/2015/05/11/cve-2015-2066-dlguard-sql-injection-web-security-vulnerabilities/

http://shellmantis.tumblr.com/post/118658089031/inzeed-cve-2015-2066-dlguard-sql-injection#notes

http://xingzhehong.lofter.com/post/1cfd0db2_6ea8323

http://russiapost.blogspot.ru/2015/05/cve-2015-2066-dlguard-sql-injection-web.html

https://www.facebook.com/computersecurities/posts/375386899314769

http://blog.163.com/greensun_2006/blog/static/11122112201541193421290/

https://twitter.com/tetraphibious/status/597577800023838720

http://www.weibo.com/3973471553/Chj5OFIPk?from=page_1005053973471553_profile&wvr=6&mod=weibotime&type=comment#_rnd1431308778074

 

CVE-2014-8490 TennisConnect COMPONENTS System XSS (Cross-Site Scripting) Security Vulnerability

CVE-2014-8490 TennisConnect COMPONENTS System XSS (Cross-Site Scripting) Security Vulnerability

 

Exploit Title: TennisConnect “TennisConnect COMPONENTS System” /index.cfm pid Parameter XSS

Product: TennisConnect COMPONENTS System

Vendor: TennisConnect

Vulnerable Versions: 9.927

Tested Version: 9.927

Advisory Publication: Nov 18, 2014

Latest Update: Nov 18, 2014

Vulnerability Type: Cross-Site Scripting [CWE-79]

CVE Reference: CVE-2014-8490

CVSS Severity (version 2.0):

CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)

Impact Subscore: 2.9

Exploitability Subscore: 8.6

Credit: Wang Jing [CCRG, Nanyang Technological University, Singapore]

 

 

Advisory Details:

 

(1) Vendor URL:

http://www.tennisconnect.com/products.cfm#Components

 

Product Description:

TennisConnect COMPONENTS

* Contact Manager (online player database)

* Interactive Calendar including online enrollment

* League & Ladder Management through Tencap Tennis

* Group Email (including distribution lists, player reports, unlimited sending volume and frequency)

* Multi-Administrator / security system with Page Groups

* Member Administration

* MobileBuilder

* Online Tennis Court Scheduler

* Player Matching (Find-a-Game)

* Web Site Builder (hosted web site and editing tools at www. your domain name .com)

 

 

(2) Vulnerability Details.

TennisConnect COMPONENTS System has a security problem. It is vulnerable to XSS attacks.

(2.1) The vulnerability occurs at “/index.cfm?” page, with “&pid” parameter.

 

 

 

 


References:

http://packetstormsecurity.com/files/129662/TennisConnect-9.927-Cross-Site-Scripting.html

http://tetraph.com/security/cves/cve-2014-8490-tennisconnect-components-system-xss-cross-site-scripting-security-vulnerability/

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8490

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8490

http://www.osvdb.org/show/osvdb/116149

http://cve.scap.org.cn/CVE-2014-8490.html

http://en.hackdig.com/?11701.htm

http://itsecurity.lofter.com/

http://seclists.org/fulldisclosure/2014/Dec/83

http://securitypost.tumblr.com/

http://computerobsess.blogspot.com/2015/02/cve-2014-8490-tennisconnect-components.html

http://diebiyi.com/articles/%E5%AE%89%E5%85%A8/xss-vulnerability/cve-2014-8490-tennisconnect-components-system-xss-cross-site-scripting-security-vulnerability/

http://whitehatpost.blog.163.com/blog/static/2422320542015110102316210/#

http://tetraph.blogspot.com/2015/02/cve-2014-8490-tennisconnect-components.html

http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1352
 

 



CVE-2014-8752 JCE-Tech “Video Niche Script” XSS (Cross-Site Scripting) Security Vulnerability

CVE-2014-8752 JCE-Tech “Video Niche Script” XSS (Cross-Site Scripting) Security Vulnerability
Exploit Title: JCE-Tech “Video Niche Script” /view.php Multiple Parameters XSS
Product: “Video Niche Script”
Vendor: JCE-Tech
Vulnerable Versions: 4.0
Tested Version: 4.0
Advisory Publication: Nov 18, 2014
Latest Update: Nov 18, 2014
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2014-8752
CVSS Severity (version 2.0):
CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)
Impact Subscore: 2.9
Exploitability Subscore: 8.6
Credit: Wang Jing [CCRG, Nanyang Technological University, Singapore]

 

 

Advisory Details:

 

(1) Vendor URL:
Product Description:
“The PHP Video Script instantly creates a niche video site based on keywords users control via the admin console. The videos are displayed on users’ site, but streamed from the YouTube servers.”

 

(2) Vulnerability Details.
JCE-Tech “Video Niche Script” has a security problem. It is vulnerable to XSS attacks.
(2.1) The vulnerability occurs at “view.php” page with “video”, “title” parameter.

 

 

 

 

References:

CVE-2014-7293 NYU OpenSSO Integration XSS (Cross-Site Scripting) Security Vulnerability

CVE-2014-7293  NYU OpenSSO Integration XSS (Cross-Site Scripting) Security Vulnerability

Exploit Title: NYU OpenSSO Integration Logon Page url Parameter XSS

Product: OpenSSO Integration

Vendor: NYU

Vulnerable Versions: 2.1 and probability prior

Tested Version: 2.1

Advisory Publication: DEC 29, 2014

Latest Update: DEC 29, 2014

Vulnerability Type: Cross-Site Scripting [CWE-79]

CVE Reference: CVE-2014-7293

Risk Level: Medium

CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)

Credit: Wang Jing [CCRG, Nanyang Technological University (NTU), Singapore]

 

 

Advisory Details:

(1)Vendor URL:

Product Description:

“NYU has integrated PDS with Sun’s OpenSSO Identity Management application. The PDS/OpenSSO integration uses PDS as the NYU Libraries’ single sign-on system and leverages NYU’s OpenSSO system to provide seamless interaction between library applications and university services. The integration merges patron information from OpenSSO (e.g. name, email, e-resources access) with patron information from Aleph (e.g. borrower status and type) to ensure access to the multitude of library services.”

“The NYU Libraries operate in a consortial environment in which not all users are in OpenSSO and not all OpenSSO users are in Aleph. PDS is hosted in an active/passive capacity on our Primo front-end servers. Due to the nature of PDS and Aleph, patrons are required to have an Aleph account in order to login to the library’s SSO environment. The exception to this rule is EZProxy.”

(2) Vulnerability Details:

NYU OpenSSO Integration has a security problem. It can be exploited by XSS Attacks.

(2.1) The vulnerability occurs at “PDS” service’s logon page, with “&url” parameter,

 

 

 

References:

CVE-2014-9561 Softbb.net SoftBB XSS (Cross-Site Scripting) Security Vulnerability

CVE-2014-9561  Softbb.net SoftBB XSS (Cross-Site Scripting) Security Vulnerability

Exploit Title: Softbb.net SoftBB /redir_last_post_list.php post Parameter XSS

Product: SoftBB (mods)

Vendor: Softbb.net

Vulnerable Versions: v0.1.3

Tested Version: v0.1.3

Advisory Publication: Jan 10, 2015

Latest Update: Jan 10, 2015

Vulnerability Type: Cross-Site Scripting [CWE-79]

CVE Reference: CVE-2014-9561

CVSS Severity (version 2.0):

CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)

Impact Subscore: 2.9

Exploitability Subscore: 8.6

Credit: Wang Jing [Mathematics, Nanyang Technological University (NTU), Singapore]

 

 

 

Advisory Details:

Vendor URL:

(2) Vulnerability Details:

Softbb.net SoftBB can be exploited by XSS Attacks.

(2.1) The vulnerability occurs at “/redir_last_post_list.php” page, with “&post” parameter.

 

 

 

References:

CVE-2014-9560 Softbb.net SoftBB SQL Injection Security Vulnerabilities

CVE-2014-9560 Softbb.net SoftBB SQL Injection Security Vulnerabilities

 

Exploit Title: Softbb.net SoftBB /redir_last_post_list.php post Parameter SQL Injection

Product: SoftBB (mods)

Vendor: Softbb.net

Vulnerable Versions: v0.1.3

Tested Version: v0.1.3

Advisory Publication: Jan 10, 2015

Latest Update: Jan 10, 2015

Vulnerability Type: Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) (CWE-89)

CVE Reference: CVE-2014-9560

CVSS Severity (version 2.0):

CVSS v2 Base Score: 7.5 (HIGH) (AV:N/AC:L/Au:N/C:P/I:P/A:P) (legend)

Impact Subscore: 6.4

Exploitability Subscore: 10.0

Credit: Wang Jing [Mathematics, Nanyang Technological University (NTU), Singapore]

 

 

Advisory Details:

Vendor URL:

(2) Vulnerability Details:

Softbb.net SoftBB can be exploited by SQL Injection attacks.

(2.1) The vulnerability occurs at “/redir_last_post_list.php” page, with “&post” parameter.

 

References: