OSVDB 119342, 119323 NetCat CMS Multiple HTTP Response Splitting (CRLF) Web Security Vulnerabilities

netcat_1

 

OSVDB 119342, 119323 NetCat CMS Multiple HTTP Response Splitting (CRLF) Web Security Vulnerabilities

 

Exploit Title: NetCat CMS Multiple CRLF Security Vulnerabilities

Product: NetCat CMS (Content Management System)

Vendor: NetCat

Vulnerable Versions: 5.01 3.12 3.0 2.4 2.3 2.2 2.1 2.0 1.1

Tested Version: 3.12

Advisory Publication: March 07, 2015

Latest Update: March 07, 2015

Vulnerability Type: Improper Neutralization of CRLF Sequences (‘CRLF Injection’) [CWE-93]

CVE Reference: *

OSVDB Reference: 119342, 119343

Impact CVSS Severity (version 2.0):

CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)

Impact Subscore: 2.9

Exploitability Subscore: 8.6

CVSS Version 2 Metrics:

Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism

Access Complexity: Medium

Authentication: Not required to exploit

Impact Type: Allows unauthorized modification

Discover and Author: Jing Wang, Division of Mathematical Sciences (MAS), School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore. (@justqdjing)

 

 

 

 

Advisory Details:



(1) Vendor & Product Description:



Vendor:

NetCat

 

Product & Version:

NetCat

5.01 3.12 3.0 2.4 2.3 2.2 2.1 2.0 1.1

 

Vendor URL & Download:

NetCat can be got from here,

http://netcat.ru/

 

Product Introduction:

NetCat.ru is russian local company. “NetCat designed to create an absolute majority of the types of sites: from simple “business card” with a minimum content to complex web-based systems, from corporate offices to online stores, libraries or media data – in other words, projects completely different directions and at any level of complexity. View examples of sites running on NetCat CMS can be in a special section.”

“Manage the site on the basis of NetCat can even inexperienced user, because it does not require knowledge of Internet technologies, programming and markup languages. NetCat constantly improving, adds new features. In the process of finalizing necessarily take into account the wishes of our partners and clients, as well as trends in Internet development. More than 2,000 studios and private web developers have chosen for their projects is NetCat, and in 2013 sites, successfully working on our CMS, created more than 18,000.”

 

 

 

(2) Vulnerability Details:

NetCat web application has a computer security bug problem. It can be exploited by HTTP Response Splitting (CRLF) attacks. This could allow a remote attacker to insert arbitrary HTTP headers, which are included in a response sent to the server. If an application does not properly filter such a request, it could be used to inject additional headers that manipulate cookies, authentication status, or more.

Several other similar products 0-day vulnerabilities have been found by some other bug hunter researchers before. NetCat has patched some of them. CXSECurity is a huge collection of information on data communications safety. Its main objective is to inform about errors in various applications. It also publishes suggestions, advisories, solutions details related to CRLF vulnerabilities and cyber intelligence recommendations.

(2.1) The first code flaw occurs at “/post.php” page with “redirect_url” parameter by adding “%0d%0a%20”.

(2.2) The second code flaw occurs at “redirect.php?” page with “url” parameter by adding “%0d%0a%20”.

 

 

 

 

Reference:
http://www.osvdb.org/show/osvdb/119342
http://www.osvdb.org/show/osvdb/119343
http://lists.openwall.net/full-disclosure/2015/03/07/3
http://seclists.org/fulldisclosure/2015/Mar/36
http://marc.info/?l=full-disclosure&m=142576233403004&w=4
https://www.mail-archive.com/fulldisclosure%40seclists.org/msg01768.html
http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1676
http://securityrelated.blogspot.com/2015/03/netcat-cms-multiple-http-response.html
http://essayjeans.blog.163.com/blog/static/23717307420155142423197/
http://computerobsess.blogspot.com/2015/06/osvdb-119342-netcat-crlf.html
http://diebiyi.com/articles/bugs/netcat-cms-crlf
http://tetraph.blog.163.com/blog/static/234603051201551423749286/
https://webtechwire.wordpress.com/2015/03/14/osvdb-119342-netcat-crlf/
https://itswift.wordpress.com/2015/03/07/netcat-cms-multiple
http://tetraph.com/security/http-response-splitting-vulnerability/netcat-cms-multiple
http://www.inzeed.com/kaleidoscope/computer-web-security/netcat-cms

CVE-2014-8753 Cit-e-Net Multiple XSS (Cross-Site Scripting) Web Security Vulnerabilities

18638880
 

CVE-2014-8753 Cit-e-Net Multiple XSS (Cross-Site Scripting) Web Security Vulnerabilities

Exploit Title: Cit-e-Net Multiple XSS (Cross-Site Scripting) Web Security Vulnerabilities

Product: Cit-e-Access

Vendor: Cit-e-Net

Vulnerable Versions: Version 6

Tested Version: Version 6

Advisory Publication: February 12, 2015

Latest Update: June 01, 2015

Vulnerability Type: Cross-Site Scripting [CWE-79]

CVE Reference: CVE-2014-8753

Impact CVSS Severity (version 2.0):

CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)

Impact Subscore: 2.9

Exploitability Subscore: 8.6

CVSS Version 2 Metrics:

Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism

Access Complexity: Medium

Authentication: Not required to exploit

Impact Type: Allows unauthorized modification

Discover and Author: Jing Wang [School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore] (@justqdjing)

 

 

Instruction Details:

(1) Vendor & Product Description:




Vendor:

Cit-e-Net

 

 

Product & Version:

Cit-e-Access

Version 6

 

 

Vendor URL & Download:

Cit-e-Net can be downloaded from here,

 

 

Product Introduction:

“We are a premier provider of Internet-based solutions encompassing web site development and modular interactive e-government applications which bring local government, residents and community businesses together.

Cit-e-Net provides a suite of on-line interactive services to counties, municipalities, and other government agencies, that they in turn can offer to their constituents. The municipal government achieves a greater degree of efficiency and timeliness in conducting the daily operations of government, while residents receive improved and easier access to city hall through the on-line access to government services.


Our web-based applications can help your municipality to acheive its e-government goals. Type & click website content-management empowers the municipality to manage the website quickly and easily. Web page styles & formats are customizable by the municipality, and because the foundation is a database application, user security can be set for individual personnel and module applications. Our application modules can either be integrated into your existing municipal web site or implemented as a complete web site solution. It’s your choice! Please contact us at info@cit-e.net to view a demonstration of our municipal web site solution if you are an elected official or member of municipal management and your municipality is looking for a cost efficient method for enhancing & improving municipal services.


Interactive Applications

Online Service Requests

Online Tax Payments by ACH electronic-check or credit card.

Online Utility Payments by ACH electronic-check or credit card.

Online General-Payments by ACH electronic-check or credit card.

Submit Volunteer Resume’s Online for the municipality to match your skills with available openings.”

 

 

 

(2) Vulnerability Details:

Cit-e-Access web application has a security bug problem. It can be exploited by XSS attacks. This may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user’s browser session within the trust relationship between their browser and the server.

Several similar products 0Day vulnerabilities have been found by some other bug hunter researchers before. Cit-i-Access has patched some of them. Open Sourced Vulnerability Database (OSVDB) is an independent and open-sourced database. The goal of the project is to provide accurate, detailed, current, and unbiased technical information on security vulnerabilities. The project promotes greater, open collaboration between companies and individuals. It has published suggestions, advisories, solutions details related to important vulnerabilities.

 

 

(2.1) The first programming code flaw occurs at “/eventscalendar/index.cfm?” page with “&DID” parameter in HTTP GET.

(2.2) The second programming code flaw occurs at “/search/index.cfm?” page with “&keyword” parameter in HTTP POST.

(2.3) The third programming code flaw occurs at “/news/index.cfm” page with “&jump2” “&DID” parameter in HTTP GET.

(2.4) The fourth programming code flaw occurs at “eventscalendar?” page with “&TPID” parameter in HTTP GET.

(2.5) The fifth programming code flaw occurs at “/meetings/index.cfm?” page with “&DID” parameter in HTTP GET.

 

 

 

 

(3) Solutions:

Leave message to vendor. No response.
http://www.cit-e.net/contact.cfm

 

 

 

 

 

References:
http://seclists.org/fulldisclosure/2015/Feb/48
http://lists.openwall.net/full-disclosure/2015/02/13/2
http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1587
https://www.mail-archive.com/fulldisclosure%40seclists.org/msg01683.html
https://computerpitch.wordpress.com/2015/06/07/cve-2014-8753/
http://webtechhut.blogspot.com/2015/06/cve-2014-8753.html
https://www.facebook.com/websecuritiesnews/posts/804176613035844
https://twitter.com/tetraphibious/status/607381197077946368
http://biboying.lofter.com/post/1cc9f4f5_7356826
http://shellmantis.tumblr.com/post/120903342496/securitypost-cve-2014-8753
http://itprompt.blogspot.com/2015/06/cve-2014-8753.html
http://whitehatpost.blog.163.com/blog/static/24223205420155710559404/
https://plus.google.com/u/0/113115469311022848114/posts/FomMK9BGGx2
https://www.facebook.com/pcwebsecurities/posts/702290949916825
http://securitypost.tumblr.com/post/120903225352/cve-2014-8753-cit-e-net
http://webtech.lofter.com/post/1cd3e0d3_7355910
http://www.inzeed.com/kaleidoscope/cves/cve-2014-8753/
http://diebiyi.com/articles/security/cve-2014-8753/

 

 

 

CVE-2014-8490 TennisConnect COMPONENTS System XSS (Cross-Site Scripting) Security Vulnerability

CVE-2014-8490 TennisConnect COMPONENTS System XSS (Cross-Site Scripting) Security Vulnerability

 

Exploit Title: TennisConnect “TennisConnect COMPONENTS System” /index.cfm pid Parameter XSS

Product: TennisConnect COMPONENTS System

Vendor: TennisConnect

Vulnerable Versions: 9.927

Tested Version: 9.927

Advisory Publication: Nov 18, 2014

Latest Update: Nov 18, 2014

Vulnerability Type: Cross-Site Scripting [CWE-79]

CVE Reference: CVE-2014-8490

CVSS Severity (version 2.0):

CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)

Impact Subscore: 2.9

Exploitability Subscore: 8.6

Credit: Wang Jing [CCRG, Nanyang Technological University, Singapore]

 

 

Advisory Details:

 

(1) Vendor URL:

http://www.tennisconnect.com/products.cfm#Components

 

Product Description:

TennisConnect COMPONENTS

* Contact Manager (online player database)

* Interactive Calendar including online enrollment

* League & Ladder Management through Tencap Tennis

* Group Email (including distribution lists, player reports, unlimited sending volume and frequency)

* Multi-Administrator / security system with Page Groups

* Member Administration

* MobileBuilder

* Online Tennis Court Scheduler

* Player Matching (Find-a-Game)

* Web Site Builder (hosted web site and editing tools at www. your domain name .com)

 

 

(2) Vulnerability Details.

TennisConnect COMPONENTS System has a security problem. It is vulnerable to XSS attacks.

(2.1) The vulnerability occurs at “/index.cfm?” page, with “&pid” parameter.

 

 

 

 


References:

http://packetstormsecurity.com/files/129662/TennisConnect-9.927-Cross-Site-Scripting.html

http://tetraph.com/security/cves/cve-2014-8490-tennisconnect-components-system-xss-cross-site-scripting-security-vulnerability/

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8490

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8490

http://www.osvdb.org/show/osvdb/116149

http://cve.scap.org.cn/CVE-2014-8490.html

http://en.hackdig.com/?11701.htm

http://itsecurity.lofter.com/

http://seclists.org/fulldisclosure/2014/Dec/83

http://securitypost.tumblr.com/

http://computerobsess.blogspot.com/2015/02/cve-2014-8490-tennisconnect-components.html

http://diebiyi.com/articles/%E5%AE%89%E5%85%A8/xss-vulnerability/cve-2014-8490-tennisconnect-components-system-xss-cross-site-scripting-security-vulnerability/

http://whitehatpost.blog.163.com/blog/static/2422320542015110102316210/#

http://tetraph.blogspot.com/2015/02/cve-2014-8490-tennisconnect-components.html

http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1352
 

 



CVE-2014-8752 JCE-Tech “Video Niche Script” XSS (Cross-Site Scripting) Security Vulnerability

CVE-2014-8752 JCE-Tech “Video Niche Script” XSS (Cross-Site Scripting) Security Vulnerability
Exploit Title: JCE-Tech “Video Niche Script” /view.php Multiple Parameters XSS
Product: “Video Niche Script”
Vendor: JCE-Tech
Vulnerable Versions: 4.0
Tested Version: 4.0
Advisory Publication: Nov 18, 2014
Latest Update: Nov 18, 2014
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2014-8752
CVSS Severity (version 2.0):
CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)
Impact Subscore: 2.9
Exploitability Subscore: 8.6
Credit: Wang Jing [CCRG, Nanyang Technological University, Singapore]

 

 

Advisory Details:

 

(1) Vendor URL:
Product Description:
“The PHP Video Script instantly creates a niche video site based on keywords users control via the admin console. The videos are displayed on users’ site, but streamed from the YouTube servers.”

 

(2) Vulnerability Details.
JCE-Tech “Video Niche Script” has a security problem. It is vulnerable to XSS attacks.
(2.1) The vulnerability occurs at “view.php” page with “video”, “title” parameter.

 

 

 

 

References:

CVE-2014-7293 NYU OpenSSO Integration XSS (Cross-Site Scripting) Security Vulnerability

CVE-2014-7293  NYU OpenSSO Integration XSS (Cross-Site Scripting) Security Vulnerability

Exploit Title: NYU OpenSSO Integration Logon Page url Parameter XSS

Product: OpenSSO Integration

Vendor: NYU

Vulnerable Versions: 2.1 and probability prior

Tested Version: 2.1

Advisory Publication: DEC 29, 2014

Latest Update: DEC 29, 2014

Vulnerability Type: Cross-Site Scripting [CWE-79]

CVE Reference: CVE-2014-7293

Risk Level: Medium

CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)

Credit: Wang Jing [CCRG, Nanyang Technological University (NTU), Singapore]

 

 

Advisory Details:

(1)Vendor URL:

Product Description:

“NYU has integrated PDS with Sun’s OpenSSO Identity Management application. The PDS/OpenSSO integration uses PDS as the NYU Libraries’ single sign-on system and leverages NYU’s OpenSSO system to provide seamless interaction between library applications and university services. The integration merges patron information from OpenSSO (e.g. name, email, e-resources access) with patron information from Aleph (e.g. borrower status and type) to ensure access to the multitude of library services.”

“The NYU Libraries operate in a consortial environment in which not all users are in OpenSSO and not all OpenSSO users are in Aleph. PDS is hosted in an active/passive capacity on our Primo front-end servers. Due to the nature of PDS and Aleph, patrons are required to have an Aleph account in order to login to the library’s SSO environment. The exception to this rule is EZProxy.”

(2) Vulnerability Details:

NYU OpenSSO Integration has a security problem. It can be exploited by XSS Attacks.

(2.1) The vulnerability occurs at “PDS” service’s logon page, with “&url” parameter,

 

 

 

References:

CVE-2014-9561 Softbb.net SoftBB XSS (Cross-Site Scripting) Security Vulnerability

CVE-2014-9561  Softbb.net SoftBB XSS (Cross-Site Scripting) Security Vulnerability

Exploit Title: Softbb.net SoftBB /redir_last_post_list.php post Parameter XSS

Product: SoftBB (mods)

Vendor: Softbb.net

Vulnerable Versions: v0.1.3

Tested Version: v0.1.3

Advisory Publication: Jan 10, 2015

Latest Update: Jan 10, 2015

Vulnerability Type: Cross-Site Scripting [CWE-79]

CVE Reference: CVE-2014-9561

CVSS Severity (version 2.0):

CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)

Impact Subscore: 2.9

Exploitability Subscore: 8.6

Credit: Wang Jing [Mathematics, Nanyang Technological University (NTU), Singapore]

 

 

 

Advisory Details:

Vendor URL:

(2) Vulnerability Details:

Softbb.net SoftBB can be exploited by XSS Attacks.

(2.1) The vulnerability occurs at “/redir_last_post_list.php” page, with “&post” parameter.

 

 

 

References:

CVE-2014-9560 Softbb.net SoftBB SQL Injection Security Vulnerabilities

CVE-2014-9560 Softbb.net SoftBB SQL Injection Security Vulnerabilities

 

Exploit Title: Softbb.net SoftBB /redir_last_post_list.php post Parameter SQL Injection

Product: SoftBB (mods)

Vendor: Softbb.net

Vulnerable Versions: v0.1.3

Tested Version: v0.1.3

Advisory Publication: Jan 10, 2015

Latest Update: Jan 10, 2015

Vulnerability Type: Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) (CWE-89)

CVE Reference: CVE-2014-9560

CVSS Severity (version 2.0):

CVSS v2 Base Score: 7.5 (HIGH) (AV:N/AC:L/Au:N/C:P/I:P/A:P) (legend)

Impact Subscore: 6.4

Exploitability Subscore: 10.0

Credit: Wang Jing [Mathematics, Nanyang Technological University (NTU), Singapore]

 

 

Advisory Details:

Vendor URL:

(2) Vulnerability Details:

Softbb.net SoftBB can be exploited by SQL Injection attacks.

(2.1) The vulnerability occurs at “/redir_last_post_list.php” page, with “&post” parameter.

 

References: