CVE-2009-3599
published 2009-10-08CVE-2009-3599: Cross-site scripting (XSS) vulnerability in single_winner1.php in HUBScript 1.0 allows remote attackers to inject arbitrary web script or HTML via the bid_id…
PriorityP418medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
1.50%
71.0th percentile
Cross-site scripting (XSS) vulnerability in single_winner1.php in HUBScript 1.0 allows remote attackers to inject arbitrary web script or HTML via the bid_id parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| freewebscriptz | hubscript | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Oracle Document Capture 10.1.3.5 - Insecure Method / Buffer Overflow
exploitdb·2011-01-26·CVSS 9.4
CVE-2010-3599 [CRITICAL] Oracle Document Capture 10.1.3.5 - Insecure Method / Buffer Overflow
Oracle Document Capture 10.1.3.5 - Insecure Method / Buffer Overflow
---
Source: http://packetstormsecurity.org/files/view/97871/DSECRG-11-006.txt
ActiveX components contain insecure methods.
Digital Security Research Group [DSecRG] Advisory DSECRG-11-006 (internal #DSECRG-09-066)
Application: Oracle Document Capture
Versions Affected: Oracle Document Capture 10.1.3.5
Vendor URL: http://oracle.com
Bugs: Insecure method. Buffer overflow.
Exploits: YES
Reported: 14.12.2009
Vendor response: 15.12.2009
Date of Public Advisory: 24.01.2011
CVE: CVE-2010-3599
Author: Alexandr Polyakov from DSecRG
Description
Insecure method was founded in NCSECWLib ActiveX control component which is a part of Oracle Document Capture .
One of the methods (WriteJPG) can be used to overwrite files on users s
Exploit-DB
Freewebscriptz HUBScript - 'single_winner1.php' Cross-Site Scripting
exploitdb·2009-07-20
CVE-2009-3599 Freewebscriptz HUBScript - 'single_winner1.php' Cross-Site Scripting
Freewebscriptz HUBScript - 'single_winner1.php' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/43474/info
HUBScript is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
FreeWebScriptz HUBScript V1 is vulnerable; other versions may also be affected.
http://www.example.com/hubscript/demo/single_winner1.php?bid_id= XSS TO ADD: 1alert(412798982398)
No writeups or analysis indexed.
http://osvdb.org/55961http://packetstormsecurity.org/0907-exploits/hubscript-xssphpinfo.txthttp://secunia.com/advisories/35895https://exchange.xforce.ibmcloud.com/vulnerabilities/51829http://osvdb.org/55961http://packetstormsecurity.org/0907-exploits/hubscript-xssphpinfo.txthttp://secunia.com/advisories/35895https://exchange.xforce.ibmcloud.com/vulnerabilities/51829
2009-10-08
Published