CVE-2010-3023
published 2010-08-16CVE-2010-3023: Multiple cross-site scripting (XSS) vulnerabilities in DiamondList 0.1.6, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML…
PriorityP420medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
2.57%
83.2th percentile
Multiple cross-site scripting (XSS) vulnerabilities in DiamondList 0.1.6, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) category[description] parameter to user/main/update_category, which is not properly handled by _app/views/categories/index.html.erb; and the (2) setting[site_title] parameter to user/main/update_settings, which is not properly handled by _app/views/settings/_list_settings.rhtml.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| hulihanapplications | diamondlist | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Suricata
ET ACTIVEX Novell iPrint ActiveX GetDriverSettings Remote Code Execution Attempt
suricata·2011-01-20
CVE-2010-4321 ET ACTIVEX Novell iPrint ActiveX GetDriverSettings Remote Code Execution Attempt
ET ACTIVEX Novell iPrint ActiveX GetDriverSettings Remote Code Execution Attempt
Rule: alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET ACTIVEX Novell iPrint ActiveX GetDriverSettings Remote Code Execution Attempt"; flow:established,to_client; content:"36723F97-7AA0-11D4-8919-FF2D71D0D32C"; nocase; content:"GetDriverSettings2"; nocase; distance:0; pcre:"/]*classid\s*=\s*[\x22\x27]?\s*clsid\s*\x3a\s*\x7B?\s*36723F97-7AA0-11D4-8919-FF2D71D0D32C/si"; reference:url,www.zerodayinitiative.com/advisories/ZDI-10-256/; reference:url,www.vupen.com/english/advisories/2010/3023; reference:bid,44966; reference:cve,2010-4321; classtype:attempted-user; sid:2012206; rev:2; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, created_at 2011_01_20
Exploit-DB
Microsoft IIS FTP Server - NLST Response Overflow (MS09-053) (Metasploit)
exploitdb·2010-11-12
CVE-2009-3023 Microsoft IIS FTP Server - NLST Response Overflow (MS09-053) (Metasploit)
Microsoft IIS FTP Server - NLST Response Overflow (MS09-053) (Metasploit)
---
##
# $Id: ms09_053_ftpd_nlst.rb 11003 2010-11-12 06:19:49Z hdm $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'Microsoft IIS FTP Server NLST Response Overflow',
'Description' => %q{
This module exploits a stack buffer overflow flaw in the Microsoft IIS FTP
service. The flaw is triggered when a special NLST argument is passed
while the session has changed into a long directory path. For this exploit
to work, the FTP server must be configured to allow write access
Exploit-DB
DiamondList - '/user/main/update_category?category[description]' Cross-Site Scripting
exploitdb·2010-08-05
CVE-2010-3023 DiamondList - '/user/main/update_category?category[description]' Cross-Site Scripting
DiamondList - '/user/main/update_category?category[description]' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/42252/info
DiamondList is prone to a cross-site scripting vulnerability and an HTML-injection vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content.
Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.
DiamondList 0.1.6 is vulnerable; prior versions may also be affected.
alert(document.cookie)' />
document.main.submit();
Exploit-DB
DiamondList - '/user/main/update_settings?setting[site_title]' Cross-Site Scripting
exploitdb·2010-08-05
CVE-2010-3023 DiamondList - '/user/main/update_settings?setting[site_title]' Cross-Site Scripting
DiamondList - '/user/main/update_settings?setting[site_title]' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/42252/info
DiamondList is prone to a cross-site scripting vulnerability and an HTML-injection vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content.
Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.
DiamondList 0.1.6 is vulnerable; prior versions may also be affected.
alert(document.cookie)' />
document.main.submit();
No writeups or analysis indexed.
http://dev.hulihanapplications.com/issues/show/211http://dev.hulihanapplications.com/issues/show/213http://packetstormsecurity.org/1008-exploits/diamondlist-xssxsrf.txthttp://secunia.com/advisories/40873http://www.htbridge.ch/advisory/xss_vulnerability_in_diamondlist.htmlhttp://www.htbridge.ch/advisory/xss_vulnerability_in_diamondlist_1.htmlhttp://www.securityfocus.com/archive/1/512892http://www.securityfocus.com/archive/1/512897/100/0/threadedhttp://www.securityfocus.com/bid/42252http://www.vupen.com/english/advisories/2010/2025http://dev.hulihanapplications.com/issues/show/211http://dev.hulihanapplications.com/issues/show/213http://packetstormsecurity.org/1008-exploits/diamondlist-xssxsrf.txthttp://secunia.com/advisories/40873http://www.htbridge.ch/advisory/xss_vulnerability_in_diamondlist.htmlhttp://www.htbridge.ch/advisory/xss_vulnerability_in_diamondlist_1.htmlhttp://www.securityfocus.com/archive/1/512892http://www.securityfocus.com/archive/1/512897/100/0/threadedhttp://www.securityfocus.com/bid/42252http://www.vupen.com/english/advisories/2010/2025
2010-08-16
Published