RETIRED: Zoph Multiple Remote Security Vulnerabilities
BID:53788
Info
RETIRED: Zoph Multiple Remote Security Vulnerabilities
| Bugtraq ID: | 53788 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jun 05 2012 12:00AM |
| Updated: | Jun 25 2012 09:30PM |
| Credit: | KedAns-Dz |
| Vulnerable: |
Zoph Zoph 0.9pre2 |
| Not Vulnerable: | |
Discussion
RETIRED: Zoph Multiple Remote Security Vulnerabilities
Zoph is prone to multiple remote security vulnerabilities, which include:
1. An arbitrary download vulnerability.
2. An SQL-injection vulnerability.
3. A cross-site request-forgery vulnerability.
Exploiting these issues may allow a remote attacker to perform certain administrative actions, gain unauthorized access, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database and gain access to sensitive information. Other attacks are also possible.
Zoph 0.9pre2 is vulnerable; other versions may also be affected.
Note: This BID is being retired. The issue can not be exploited as described.
Zoph is prone to multiple remote security vulnerabilities, which include:
1. An arbitrary download vulnerability.
2. An SQL-injection vulnerability.
3. A cross-site request-forgery vulnerability.
Exploiting these issues may allow a remote attacker to perform certain administrative actions, gain unauthorized access, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database and gain access to sensitive information. Other attacks are also possible.
Zoph 0.9pre2 is vulnerable; other versions may also be affected.
Note: This BID is being retired. The issue can not be exploited as described.
Exploit / POC
RETIRED: Zoph Multiple Remote Security Vulnerabilities
Attackers can use a browser to exploit these issues.
The following example inputs are available:
Attackers can use a browser to exploit these issues.
The following example inputs are available:
Solution / Fix
RETIRED: Zoph Multiple Remote Security Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].