CVE-2010-4607
published 2010-12-29CVE-2010-4607: Multiple cross-site scripting (XSS) vulnerabilities in Habari 0.6.5, when register_globals is enabled, allow remote attackers to inject arbitrary web script or…
PriorityP411low2.6CVSS 2.0
AVNACHAuNCNIPAN
EXPLOIT
EPSS
1.58%
72.5th percentile
Multiple cross-site scripting (XSS) vulnerabilities in Habari 0.6.5, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) additem_form parameter to system/admin/dash_additem.php and the (2) status_data[] parameter to system/admin/dash_status.php. NOTE: some of these details are obtained from third party information.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| habariproject | habari | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Habari Blog - Multiple Vulnerabilities
exploitdb·2010-12-21
CVE-2010-4608 Habari Blog - Multiple Vulnerabilities
Habari Blog - Multiple Vulnerabilities
---
Vulnerability ID: HTB22732
Reference: http://www.htbridge.ch/advisory/path_disclosure_in_habari.html
Product: Habari
Vendor: Habari ( http://habariproject.org/en/ )
Vulnerable Version: 0.6.5
Vendor Notification: 02 December 2010
Vulnerability Type: Path disclosure
Status: Fixed by Vendor
Risk level: Low
Credit: High-Tech Bridge SA - Ethical Hacking & Penetration Testing (http://www.htbridge.ch/)
Vulnerability Details:
The vulnerability exists due to failure in the "/system/admin/header.php" & "/system/admin/comments_items.php" script, it's possible to generate an error that will reveal the full path of the script.
A remote user can determine the full path to the web root directory and other potentially sensitive information.
Attacker can use b
Exploit-DB
Oracle Document Capture 10g - ActiveX Control Buffer Overflow (Metasploit)
exploitdb·2010-05-09
CVE-2007-4607 Oracle Document Capture 10g - ActiveX Control Buffer Overflow (Metasploit)
Oracle Document Capture 10g - ActiveX Control Buffer Overflow (Metasploit)
---
##
# $Id: oracle_dc_submittoexpress.rb 9262 2010-05-09 17:45:00Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'Oracle Document Capture 10g ActiveX Control Buffer Overflow',
'Description' => %q{
This module exploits a stack buffer overflow in Oracle Document Capture 10g (10.1.3.5.0).
Oracle Document Capture 10g comes bundled with a third party ActiveX control
emsmtp.dll (6.0.1.0). When passing a overly long string to the method "SubmitToExpress"
an attac
No writeups or analysis indexed.
http://secunia.com/advisories/42688http://wiki.habariproject.org/en/Release_0.6.6http://www.exploit-db.com/exploits/15799http://www.htbridge.ch/advisory/xss_vulnerability_in_habari.htmlhttp://www.htbridge.ch/advisory/xss_vulnerability_in_habari_1.htmlhttp://secunia.com/advisories/42688http://wiki.habariproject.org/en/Release_0.6.6http://www.exploit-db.com/exploits/15799http://www.htbridge.ch/advisory/xss_vulnerability_in_habari.htmlhttp://www.htbridge.ch/advisory/xss_vulnerability_in_habari_1.html
2010-12-29
Published