CVE-2014-9004
published 2014-11-20CVE-2014-9004: Cross-site scripting (XSS) vulnerability in vldPersonals before 2.7.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter in a…
PriorityP418medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
1.47%
70.4th percentile
Cross-site scripting (XSS) vulnerability in vldPersonals before 2.7.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter in a member_profile action to index.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| vld_interactive | vldpersonals | <= 2.7 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
vldPersonals 2.7 - Multiple Vulnerabilities
exploitdb·2014-11-10
CVE-2014-9005 vldPersonals 2.7 - Multiple Vulnerabilities
vldPersonals 2.7 - Multiple Vulnerabilities
---
# Exploit Title: VLD Personal – Multiple Vulnerabilities
# Date: 09/11/2014
# Exploit Author: Mr T
# Exploit Authors Website: http://www.securitypentester.ninja
# Vendor Homepage: http://www.vldpersonals.com/
# Software Link: http://www.vldpersonals.com/clients/downloads.php
# Vulnerable Version: 2.7
# Fixed Version 2.7.1
# Tested on: Windows / Linux
XSS Attack
Issue detail:
The value of the id request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9811c”>alert(1)b7ec317c816 was submitted in the id parameter.
Response :
GET /index.php?m=member_profile&p=profile&id=9811c”>alert(1)b7ec317c816 HTTP/1.1
SQL Injection:
Issue detail:
The country/gender1/gender2 paramet
Exploit-DB
Numara / BMC Track-It! FileStorageService - Arbitrary File Upload (Metasploit)
exploitdb·2014-10-21
CVE-2014-4872 Numara / BMC Track-It! FileStorageService - Arbitrary File Upload (Metasploit)
Numara / BMC Track-It! FileStorageService - Arbitrary File Upload (Metasploit)
---
##
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'
class Metasploit3 'Numara / BMC Track-It! FileStorageService Arbitrary File Upload',
'Description' => %q{
This module exploits an arbitrary file upload vulnerability in Numara / BMC Track-It!
v8 to v11.X.
The application exposes the FileStorageService .NET remoting service on port 9010
(9004 for version 8) which accepts unauthenticated uploads. This can be abused by
a malicious user to upload a ASP or ASPX file to the web root leading to arbitrary
code execution as NETWORK SERVICE or SYSTEM.
This module has been tested successfully on versions 11.3.0.3
No writeups or analysis indexed.
2014-11-20
Published