Unica Affinium Campaign Multiple Remote Vulnerabilities
BID:30433
Info
Unica Affinium Campaign Multiple Remote Vulnerabilities
| Bugtraq ID: | 30433 |
| Class: | Unknown |
| CVE: |
CVE-2008-7093 CVE-2008-7094 CVE-2008-7092 |
| Remote: | Yes |
| Local: | No |
| Published: | Jul 30 2008 12:00AM |
| Updated: | Jul 05 2016 10:01PM |
| Credit: | Neil Kettle and Tim Brown |
| Vulnerable: |
Unica Affinium Campaign 7.2.1.0.55 |
| Not Vulnerable: | |
Discussion
Unica Affinium Campaign Multiple Remote Vulnerabilities
Affinium Campaign is prone to multiple vulnerabilities, including HTML-injection, denial-of-service, and directory-traversal issues.
Attackers can exploit these issues to:
- control how the site is rendered to users
- execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site
- steal cookie-based authentication credentials
- deny service to legitimate users
- view local files within the context of the webserver process
- overwrite arbitrary files in the context of the affected application
These issues affect Affinium Campaign 7.2.1.0.55; other versions may also be affected.
Affinium Campaign is prone to multiple vulnerabilities, including HTML-injection, denial-of-service, and directory-traversal issues.
Attackers can exploit these issues to:
- control how the site is rendered to users
- execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site
- steal cookie-based authentication credentials
- deny service to legitimate users
- view local files within the context of the webserver process
- overwrite arbitrary files in the context of the affected application
These issues affect Affinium Campaign 7.2.1.0.55; other versions may also be affected.
Exploit / POC
Unica Affinium Campaign Multiple Remote Vulnerabilities
An attacker can exploit these issues via a browser.
An attacker can exploit these issues via a browser.
Solution / Fix
Unica Affinium Campaign Multiple Remote Vulnerabilities
Solution:
The vendor has reportedly released an update. Please see the references for details.
Solution:
The vendor has reportedly released an update. Please see the references for details.
References
Unica Affinium Campaign Multiple Remote Vulnerabilities
References:
References:
- Portcullis Security Advisory 08-001 Affinium Campaign JavaScript injection (Portcullis)
- Portcullis Security Advisory 08-002 Affinium Campaign Directory Traversal (Portcullis)
- Portcullis Security Advisory 08-003 Affinium Campaign JavaScript injection (Portcullis)
- Portcullis Security Advisory 08-004 Affinium Campaign second order JavaScript in (Portcullis)
- Portcullis Security Advisory 08-005 Affinium Campaign reflected JavaScript injec (Portcullis)
- Portcullis Security Advisory 08-006 Affinium Campaign Directory Traversal (Portcullis)
- Portcullis Security Advisory 08-007 Affinium Campaign denial of service (Portcullis)
- Unica Affinium Campaign Management (Unica)