| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 3 Feb 2014 21:02:19 +0000 From: Pedro Ribeiro <pedrib@...il.com> To: full-disclosure@...ts.grok.org.uk Subject: [CVE-2014-1836] Arbitrary file deletion in ImpressCMS < 1.3.6 and two XSS issues Hi, I have discovered two vulnerabilities in ImpressCMS. These have been fixed in the new 1.3.6 version, which you can get at https://sourceforge.net/projects/impresscms/files/ImpressCMS%20Official%20Releases/ImpressCMS%201.3%20Branch/ImpressCMS%201.3.6/. One is an arbitrary file deletion and the other is two cross site scripting issues. Note that I was unable to exploit the XSS issues due to the inbuilt protection module, but someone smarter / with more time might be able to do it. The tickets containing the information are available here https://www.assembla.com/spaces/dW4voyNP0r4ldbeJe5cbLr/tickets?report%5Bestimate_show%5D=true&report%5Bid%5D=0&report%5Bmilestone_id_cond%5D=1&report%5Bmilestone_id_val%5D=4129593&report%5Btitle%5D=All+Tickets+for+%27ImpressCMS+1.3.6%27&report%5Btotal_estimate_show%5D=true&report%5Btotal_invested_hours_show%5D=true&report%5Bworking_hours_show%5D=true. The full report can be seen at my repo https://github.com/pedrib/PoC/blob/master/impresscms-1.3.5.txt Thanks in advance, and thanks to the ImpressCMS team for being so responsive. Regards, Pedro Ribeiro Agile Information Security _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists