lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <3DE4CEE5.F54EEE@securityglobal.net>
From: smoore.fd at securityglobal.net (Stuart Moore)
Subject: Cross-site Scripting Vulnerability in ImageFolio Image Gallery Software

[Alert URL]

  http://www.securitytracker.com/alerts/2002/Nov/1005681.html


[Date]

  November 27, 2002


[Title]

  Cross-site Scripting Vulnerability in ImageFolio Image Gallery Software


[Vendor]

  BizDesign


[Product]

  ImageFolio


[URL]

  http://www.imagefolio.com/


[Description]

  An input validation vulnerability exists in ImageFolio version 3.0.1 and 
  prior versions.  A remote user can conduct cross-site scripting attacks.

  The flaw exists in various parameters of the 'nph-build.cgi' admin script 
  and the 'imageFolio.cgi' script (and possibly others).

  A demonstration exploit is provided:

  /cgi-bin/imageFolio.cgi?direct=<script>alert("SecurityHole")</script>

  /cgi-bin/if/admin/nph-build.cgi?step=<script>alert("SecurityHole")</script>

  This vulnerability can be exploited to steal a user's or administrator's 
  authentication cookies.


[Vendor Notification]

  Jun  9, 2002 - BizDesign (the vendor) was notified and responded that the pending 
                 version 3.0 will contain a fix.  
  Aug 23, 2002 - Version 3.0 was released without a fix.
  Sep 16, 2002 - Version 3.0.1 was released without a fix.
  Nov 13, 2002 - Vendor was reminded and responded that the bug will be fixed in
                 version 3.1, to be released in the beginning of the week of November 18.
  Nov 27, 2002 - At the time of this report, the fixed version had not been posted 
                 to the vendor's web site.


[CVE]

  CAN-2002-1334


[Credit]

  This flaw was discovered by SecurityTracker.com (http://securitytracker.com/) 
  after investigating a June 9, 2002 post by ET from LoWNOISE to the vuln-dev list:

  http://archives.neohapsis.com/archives/vuln-dev/2002-q2/0939.html

  For more information, contact SecurityTracker at info@...uritytracker.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ