Zero Science Lab - Macedonian information security research and development laboratory http://www.zeroscience.mk en-us Fri, 11 Feb 2011 23:14:27 GMT 144400 http://www.zeroscience.mk http://www.zeroscience.mk/images/rss.gif http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5074.php Fri, 17 Feb 2012 03:00:55 GMT SQL Buddy suffers from a XSS vulnerability when parsing user input to the 'DATABASE', 'HOST' and 'USER' parameters via POST method in 'login.php', and the 'db' parameter in 'dboverview.php' via GET method. Attackers can exploit these weaknesses to execute arbitrary HTML and script code in a user's browser session. http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5073.php Fri, 17 Feb 2012 03:00:55 GMT webgrind suffers from a XSS vulnerability when parsing user input to the 'dataFile' parameter via GET method in the index.php script. Attackers can exploit this weakness to execute arbitrary HTML and script code in a user's browser session. http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5072.php Fri, 17 Feb 2012 03:00:55 GMT WampServer is vulnerable to cross-site scripting vulnerability. This issue is due to the application's failure to properly sanitize user-supplied input thru the 'lang' parameter (GET) in index.php script. An attacker may leverage any of the cross-site scripting issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials, phishing as well as other attacks. http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5071.php Wed, 08 Feb 2012 03:00:55 GMT The vulnerability is caused due to the application loading libraries (wintab32.dll) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into opening an Understand Project file (.UDB) located on a remote WebDAV or SMB share. http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5070.php Tue, 07 Feb 2012 03:00:55 GMT ADManager Plus suffers from multiple XSS vulnerabilities when parsing user input to the 'domainName' parameter in the '/jsp/AddDC.jsp' script via GET method and 'operation' parameter in the '/DomainConfig.do' script via POST method. Attackers can exploit these weaknesses to execute arbitrary HTML and script code in a user's browser session. http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5069.php Tue, 31 Jan 2012 03:00:55 GMT The ActiveX suffers from a buffer overflow vulnerability when parsing large amount of bytes to the FtpUploadFile member in FtpUploadFile() function, resulting memory corruption overwriting severeal registers including the SEH. An attacker can gain access to the system of the affected node and execute arbitrary code. http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5068.php Tue, 31 Jan 2012 03:00:55 GMT MindManager suffers from several vulnerabilities included into the whole package. Several OCX and DLL libraries from 3rd party software (glg.ocx, officeviewermme.ocx, pdfxctrl.dll, vsflex8n.ocx and ChartFX.ClientServer.Core.dll) are vulnerable to buffer overflow and denial of service (IE). Also the application is vulnerable to insecure library loading with every file extension thru ssgp.dll and dwmapi.dll. http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5067.php Sun, 29 Jan 2012 03:00:55 GMT The PDF Printer Preferences ActiveX suffers from a buffer overflow vulnerability. When a large buffer is sent to the sub_path item of the StoreInRegistry function, and the sub_key item of the InitFromRegistry function, in pdfxctrl.dll module, we get a SEH overwrite. An attacker can gain access to the system of the affected node and execute arbitrary code. http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5066.php Wed, 04 Jan 2012 03:00:55 GMT Limny suffers from a XSS issue in '/admin/login.php' that uses the 'PHP_SELF' variable. The vulnerability is present because there isn't any filtering to the mentioned variable in the affected script. Attackers can exploit this weakness to execute arbitrary HTML and script code in a user's browser session. http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-5065.php Wed, 21 Dec 2011 03:00:55 GMT The vulnerability is caused due to an error in the logon authentication script (login.php) and can be exploited to bypass the login procedure by defining the 'username' and 'password' POST parameters with an SQL Injection attack, gaining admin privileges. http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-5064.php Wed, 21 Dec 2011 03:00:55 GMT Input passed via the parameters 'filter' in 'widget.dokumenti_lista.php' and 'fin_nalog_id' in 'nalozi_naslov.php' script are not properly sanitised before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The param 'config' in 'nalozi_naslov.php' and 'widget.dokumenti_lista.php' is vulnerable to a XSS issue where the attacker can execute arbitrary HTML and script code in a user's browser session in context of an affected site. http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-5063.php Mon, 05 Dec 2011 03:00:55 GMT SopCast suffers from a stack-based buffer overflow vulnerability when parsing the user input using the SoP protocol in sopocx.ocx module allowing the attacker to gain system access and execute arbitrary code on the affected machine. The issue is triggered when adding 514 bytes of string to the sop:// protocol (GET), causing the app to open the link (channel) and crashing. The application will crash even with 'sop://[anything]' because it fails to properly sanitize and handle the uri segment, but with exactly 514 bytes the stack gets overflowed, poping out the Buffer Overrun error box. Unsuccessful atempts causes denial of service scenario. You can also edit the 'address' element in the favorites.xml file as the attack vector. http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-5062.php Mon, 05 Dec 2011 03:00:55 GMT SopCast is vulnerable to an elevation of privileges vulnerability which can be used by a simple user that can change the executable file with a binary of choice. The vulnerability exist due to the improper permissions, with the 'F' flag (full control) for the 'Everyone' group, for the 'Diagnose.exe' binary file which is bundled with the SopCast installation package. http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-5061.php Thu, 01 Dec 2011 03:00:55 GMT Hero suffers from a XSS vulnerability when parsing user input to the 'month' parameter via GET method. Attackers can exploit this weakness to execute arbitrary HTML and script code in a user's browser session. http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-5060.php Mon, 28 Nov 2011 03:00:55 GMT Input passed via the 'fileName' parameter thru the simplexml_load_file() function is not properly verified in '/admin/admin_blocks.php' and '/admin/admin_pages.php' (post-auth) before being used to load files. This can be exploited to disclose the contents of arbitrary files via directory traversal attacks.