CVE-2012-1021
published 2012-02-08CVE-2012-1021: Cross-site scripting (XSS) vulnerability in admin/categories.php in 4images 1.7.10 allows remote attackers to inject arbitrary web script or HTML via the…
PriorityP420medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
1.61%
73.0th percentile
Cross-site scripting (XSS) vulnerability in admin/categories.php in 4images 1.7.10 allows remote attackers to inject arbitrary web script or HTML via the cat_parent_id parameter in an addcat action.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| 4homepages | 4images | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Microsoft Windows - COM Session Moniker Privilege Escalation (MS17-012)
exploitdb·2017-03-15
CVE-2017-0100 Microsoft Windows - COM Session Moniker Privilege Escalation (MS17-012)
Microsoft Windows - COM Session Moniker Privilege Escalation (MS17-012)
---
/*
Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1021
Windows: COM Session Moniker EoP
Platform: Tested on Windows 10 14393, Server 2012 R2
Class: Elevation of Privilege
Summary:
When activating an object using the session moniker the DCOM activator doesn’t check if the current user has permission allowing a user to start an arbitrary process in another logged on user’s session.
Description:
The COM session moniker allows a user to specify the interactive session that’s to be used when a DCOM object is registered with an AppID with RunAs of “Interactive User”. As switching sessions is not something a normal user can do you’d assume that this would be only accessible to administrators (or a
Exploit-DB
Apache Struts - Multiple Persistent Cross-Site Scripting Vulnerabilities
exploitdb·2012-02-02
CVE-2012-1007 Apache Struts - Multiple Persistent Cross-Site Scripting Vulnerabilities
Apache Struts - Multiple Persistent Cross-Site Scripting Vulnerabilities
---
##############################################################################
#
# Title : Apache Struts Multiple Persistent Cross-Site Scripting Vulnerabilities
# Author : Antu Sanadi SecPod Technologies (www.secpod.com)
# Vendor : http://struts.apache.org/
# Advisory : http://secpod.org/blog/?p=450
# http://secpod.org/advisories/SecPod_Apache_Struts_Multiple_Parsistant_XSS_Vulns.txt
# Software : Apache struts 1.3.10, 2.0.14 and 2.2.3
# Date : 01/02/2012
#
##############################################################################
SecPod ID: 1021 21/07/2011 Issue Discovered
03/08/2011 Vendor Notified
No Response
01/02/2012 Advisory Released
Class: Cross-Site Scripting (Persistence) Severity: High
Overvie
Exploit-DB
4Images 1.7.10 - '/admin/categories.php?cat_parent_id' Cross-Site Scripting
exploitdb·2012-01-31
CVE-2012-1021 4Images 1.7.10 - '/admin/categories.php?cat_parent_id' Cross-Site Scripting
4Images 1.7.10 - '/admin/categories.php?cat_parent_id' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/51774/info
4images is prone to multiple input-validation vulnerabilities including:
1. A cross-site scripting vulnerability.
2. An open-redirection vulnerability.
3. An SQL-injection vulnerability.
An attacker may leverage these issues to perform spoofing and phishing attacks, to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database and execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site.
4images 1.7.10 is vulnerable; other versions may also be affected.
http://www.example.com/admin/categories.php?action=add
No writeups or analysis indexed.
http://osvdb.org/78711http://packetstormsecurity.org/files/109290/4images-xss.txthttp://secunia.com/advisories/47811http://www.securityfocus.com/bid/51774https://exchange.xforce.ibmcloud.com/vulnerabilities/72924http://osvdb.org/78711http://packetstormsecurity.org/files/109290/4images-xss.txthttp://secunia.com/advisories/47811http://www.securityfocus.com/bid/51774https://exchange.xforce.ibmcloud.com/vulnerabilities/72924
2012-02-08
Published