ClipBucket Multiple Vulnerabilities Network Vulnerability

Summary

This host is installed with ClipBucket and is prone to multiple vulnerabilities.

Impact

Successful exploitation will allow attacker to execute arbitrary HTML or script code and manipulate SQL queries in the backend database allowing for the manipulation or disclosure of arbitrary data. Impact Level: Application

Solution

Apply the patch from the below link, For patch refer to http://sourceforge.net/projects/clipbucket/files/ClipBucket%20v2

Insight

Input passed via multiple parameters to multiple scripts is not properly sanitised before being returned to the user. For more information please check the Reference section

Affected

ClipBucket version 2.6, Other versions may also be affected.

Detection

Send a crafted HTTP GET request and check whether it is able to execute sql query or not.

References

http://packetstormsecurity.org/files/108489
http://secunia.com/advisories/47474
http://www.osvdb.com/78199

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-6642, CVE-2012-6643, CVE-2012-6644
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Arkeia Appliance Multiple Vulnerabilities
AWStats Totals 'sort' Parameter Remote Command Execution Vulnerabilities
AjaxPortal 'di.php' File Inclusion Vulnerability
AdPeeps 'index.php' Multiple Vulnerabilities.
Apache Struts2 Showcase Arbitrary Java Method Execution vulnerability

Take action and discover your vulnerabilities