CVE-2005-2523
published 2005-08-19CVE-2005-2523: Multiple cross-site scripting (XSS) vulnerabilities in Weblog Server in Mac OS X 10.4 to 10.4.2 allow remote attackers to inject arbitrary web script or HTML…
PriorityP418medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
1.39%
68.8th percentile
Multiple cross-site scripting (XSS) vulnerabilities in Weblog Server in Mac OS X 10.4 to 10.4.2 allow remote attackers to inject arbitrary web script or HTML via unknown vectors.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | mac_os_x | — | — |
| apple | mac_os_x | — | — |
| apple | mac_os_x | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
CubeCart 3.0.6 - Remote Command Execution
exploitdb·2005-12-30
CVE-2006-0064 CubeCart 3.0.6 - Remote Command Execution
CubeCart 3.0.6 - Remote Command Execution
---
#!/usr/bin/perl
#
# cijfer-ccxpl - CubeCart
# All rights reserved.
#
## 1. example
#
# [cijfer@kalma:/research]$ perl ./cijfer-ccxpl.pl -h www.xxx.com -d
# [[email protected] /]$ id;uname -a
# uid=48(apache) gid=48(apache) groups=48(apache),2523(psaserv)
# Linux server.xxx.com 2.6.10-1.771_FC2 #1 Mon Mar 28 00:50:14 EST 2005 i686 i686 i386 GNU/Linux
#
# [[email protected] /]$
#
## 2. explanation
#
# a serious bug was discovered by me in CubeCart 3.0.6 and below which an attacker
# can remotely execute arbitrary commands via 'includes/orderSuccess.inc.php' where
# passing input to the 'glob' and 'cart_order_id' variable, we can attain access to
# passing input to the 'glob[rootDir]' variable, and include a remote execution script
# to execut
Exploit-DB
Apple Mac OSX 10.4 Weblog Server - Cross-Site Scripting
exploitdb·2005-08-15
CVE-2005-2523 Apple Mac OSX 10.4 Weblog Server - Cross-Site Scripting
Apple Mac OSX 10.4 Weblog Server - Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/14569/info
Apple Mac OS X Weblog Server is prone to cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
This issue was originally described in BID 14567 Apple Mac OS X Multiple Vulnerabilities. It is now being assigned its own BID.
input malicious script into author and comment sections in
the comment option on the weblog.
eg:alert(document.cookie); [cookie
No writeups or analysis indexed.
2005-08-19
Published