The Address Book Multiple Remote Vulnerabilities
BID:21870
Info
The Address Book Multiple Remote Vulnerabilities
| Bugtraq ID: | 21870 |
| Class: | Unknown |
| CVE: |
CVE-2006-4575 CVE-2006-4576 CVE-2006-4577 CVE-2006-4578 CVE-2006-4579 CVE-2006-4580 CVE-2006-4581 |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 04 2007 12:00AM |
| Updated: | Jan 05 2007 04:31PM |
| Credit: | Secunia Research is credited with the discovery of these vulnerabilities. |
| Vulnerable: |
The Address Book The Address Book 1.04E |
| Not Vulnerable: | |
Discussion
The Address Book Multiple Remote Vulnerabilities
The Address Book is prone to multiple remote vulnerabilities. These issues include multiple SQL-injection vulnerabilities, multiple HTML-injections, an information-disclosure vulnerability, a local file-include vulnerability, multiple cross-site scripting vulnerabilities, an authentication-bypass vulnerability, and arbitrary file-upload vulnerability.
A successful exploit of these vulnerabilities could allow an attacker to compromise the application, access or modify data, steal cookie-based authentication credentials, exploit vulnerabilities in the underlying database implementation, and execute arbitrary code within the context of the browser. Other attacks are also possible.
Version 0.1 is vulnerable to this issue; other versions may also be affected.
The Address Book is prone to multiple remote vulnerabilities. These issues include multiple SQL-injection vulnerabilities, multiple HTML-injections, an information-disclosure vulnerability, a local file-include vulnerability, multiple cross-site scripting vulnerabilities, an authentication-bypass vulnerability, and arbitrary file-upload vulnerability.
A successful exploit of these vulnerabilities could allow an attacker to compromise the application, access or modify data, steal cookie-based authentication credentials, exploit vulnerabilities in the underlying database implementation, and execute arbitrary code within the context of the browser. Other attacks are also possible.
Version 0.1 is vulnerable to this issue; other versions may also be affected.
Exploit / POC
The Address Book Multiple Remote Vulnerabilities
An attacker can exploit these issues through a web client. For some of these issues, the attacker may need to entice an unsuspecting victim to follow a malicious URI.
An attacker can exploit these issues through a web client. For some of these issues, the attacker may need to entice an unsuspecting victim to follow a malicious URI.
Solution / Fix
The Address Book Multiple Remote Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].