Details of VAR-E-200809-0435

ID

VAR-E-200809-0435

CVE

cve_id:	CVE-2008-6764	Trust: 1.6
cve_id:	CVE-2008-3101	Trust: 1.1

sources: BID: 30951 // BID: 31055 // PACKETSTORM: 69548 // EXPLOIT-DB: 32337 // EDBNET: 53878

EDB ID

32337

TITLE

Silentum LoginSys 1.0 - Multiple Cross-Site Scripting Vulnerabilities - PHP webapps Exploit

Trust: 0.6

sources: EXPLOIT-DB: 32337

DESCRIPTION

Silentum LoginSys 1.0 - Multiple Cross-Site Scripting Vulnerabilities. CVE-2008-6764CVE-47940 . webapps exploit for PHP platform

Trust: 0.6

sources: EXPLOIT-DB: 32337

AFFECTED PRODUCTS

vendor:	silentum	model:	loginsys	scope:	eq	version:	1.0	Trust: 1.6
vendor:	vtiger	model:	crm	scope:	eq	version:	5.0.4	Trust: 0.3
vendor:	hypersilence	model:	silentum loginsys	scope:	eq	version:	1.0	Trust: 0.3

sources: BID: 30951 // BID: 31055 // EXPLOIT-DB: 32337 // EDBNET: 53878

EXPLOIT

source: https://www.securityfocus.com/bid/31055/info

Silentum LoginSys is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

Silentum LoginSys 1.0.0 is vulnerable; other versions may also be affected.

http://www.example.com/login.php?message=[XSS]

Trust: 1.0

sources: EXPLOIT-DB: 32337

EXPLOIT LANGUAGE

txt

Trust: 0.6

sources: EXPLOIT-DB: 32337

PRICE

free

Trust: 0.6

sources: EXPLOIT-DB: 32337

TYPE

Multiple Cross-Site Scripting Vulnerabilities

Trust: 1.6

sources: EXPLOIT-DB: 32337 // EDBNET: 53878

CREDITS

Maximiliano Soler

Trust: 0.6

sources: EXPLOIT-DB: 32337

EXTERNAL IDS

db:	BID	id:	31055	Trust: 1.9
db:	NVD	id:	CVE-2008-3101	Trust: 1.7
db:	NVD	id:	CVE-2008-6764	Trust: 1.6
db:	EXPLOIT-DB	id:	32337	Trust: 1.6
db:	EDBNET	id:	70477	Trust: 0.6
db:	EDBNET	id:	53878	Trust: 0.6
db:	PACKETSTORM	id:	69548	Trust: 0.5
db:	BID	id:	30951	Trust: 0.3

sources: BID: 30951 // BID: 31055 // PACKETSTORM: 69548 // EXPLOIT-DB: 32337 // EDBNET: 70477 // EDBNET: 53878

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2008-6764	Trust: 1.6
url:	https://www.securityfocus.com/bid/31055/info	Trust: 1.0
url:	https://www.intelligentexploit.com	Trust: 0.6
url:	https://www.exploit-db.com/exploits/32337/	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2008-3101	Trust: 0.5
url:	http://www.vtiger.de/vtiger-crm/downloads/patches.html?tx_abdownloads_pi1[action]=getviewdetailsfordownload&tx_abdownloads_pi1[uid]=128&tx_abdownloads_pi1[category_uid]=5&chash=e16be773a5	Trust: 0.3
url:	http://hypersilence.net/silentum_loginsys.php	Trust: 0.3

sources: BID: 30951 // BID: 31055 // PACKETSTORM: 69548 // EXPLOIT-DB: 32337 // EDBNET: 70477 // EDBNET: 53878

SOURCES

db:	BID	id:	30951
db:	BID	id:	31055
db:	PACKETSTORM	id:	69548
db:	EXPLOIT-DB	id:	32337
db:	EDBNET	id:	70477
db:	EDBNET	id:	53878

LAST UPDATE DATE

2022-07-27T09:50:41.888000+00:00

SOURCES UPDATE DATE

db:	BID	id:	30951	date:	2008-09-01T00:00:00
db:	BID	id:	31055	date:	2008-09-09T17:11:00

SOURCES RELEASE DATE

db:	BID	id:	30951	date:	2008-09-01T00:00:00
db:	BID	id:	31055	date:	2008-09-06T00:00:00
db:	PACKETSTORM	id:	69548	date:	2008-09-03T02:42:07
db:	EXPLOIT-DB	id:	32337	date:	2008-09-06T00:00:00
db:	EDBNET	id:	70477	date:	2008-09-02T00:00:00
db:	EDBNET	id:	53878	date:	2008-09-06T00:00:00

tag:	exploit	Trust: 0.5
tag:	vulnerability	Trust: 0.5
tag:	xss	Trust: 0.5

ID

CVE

EDB ID

TITLE

DESCRIPTION

AFFECTED PRODUCTS

EXPLOIT

EXPLOIT LANGUAGE

PRICE

TYPE

TAGS

CREDITS

EXTERNAL IDS

REFERENCES

SOURCES

LAST UPDATE DATE

SOURCES UPDATE DATE

SOURCES RELEASE DATE