0day.today - Biggest Exploit Database in the World.
Things you should know about 0day.today:
Administration of this site uses the official contacts. Beware of impostors!
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!
Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Epicor Enterprise 7.4 - Multiple Vulnerabilities
Author
Risk
[
Security Risk High
]0day-ID
Category
Date add
CVE
Platform
"Epicor Enterprise vulnerabilities" - Affected vendor: Epicor Software Corporation - Affected system: Epicor Enterprise - Version 7.4 - Vendor disclosure date: May 13th, 2014 - Public disclosure date: September 30th, 2014 - Status: Fixed - Associated CVEs: 1) CVE-2014-4311 Password values not masked appropriately: Even though the application appears to be masking the affected password values in the database connection and email settings page, it is possible to access their content by observing the HTML code. Affected password values: - “Database Connection” - “E-mail Connection” Associated CAPEC: CAPEC-167: Lifting Sensitive Data from the Client - https://capec.mitre.org/data/definitions/167.html Associated CWE: CWE-200: Information Exposure - http://cwe.mitre.org/data/definitions/200.html 2) CVE-2014-4312 Persistent and reflective cross-site scripting (XSS) attacks possible: The identified website is vulnerable to persistent and reflective cross-site scripting. Script injection is a weakness within an application, and is due to insufficient validation of the input data (i.e. input data being sent from the user/presentation layer) and output encoding allowing dynamic execution of scripts on the application front end resulting in anomalous/abnormal behaviour of the application. Example of affected functionalities for persistent XSS: - 1. While viewing Order details, and injecting a malicious payload on the "Notes" section. - 2. While modifying an “Order to consume” and injecting a malicious payload on the "Description" section. - 3. While observing the “Favorites” section and and injecting a malicious payload on the “Favorites name” section. Example of an injected payload: <script>alert("XSS")</script> Example of affected URLs for reflective XSS: - 1. https://XXXXX/Procurement/EKPHTML/search_item_bt.asp?RecordsRequested=Yes&FiltPartNo=&FiltSupplier=-1&FiltKeyword=<script>alert("XSS")</script> - 2. https://XXXXX/Procurement/EKPHTML/EnterpriseManager/Budget/ImportBudget_fr.asp?Act=dtt"><script>alert("XSS")</script> - 3. https://XXXXX /Procurement/EKPHTML/EnterpriseManager/UserSearchDlg.asp?hdnPageName=UserSearch&hdnOpenerFormName=PrefApp&hdnApproverFieldName=temp1&hdnApproverIDFieldName=temp2&hdnUserID=200&hdnOpener=Test"><script>alert("XSS")</script> - 4. https://XXXXX/Procurement/EKPHTML/EnterpriseManager/UserSearchDlg.asp?hdnOpenerFormName=PrefApp&hdnApproverFieldName="><script>alert("XSS")</script> - 5. https://XXXXX/Procurement/EKPHTML/EnterpriseManager/Codes.asp?INTEGRATED=XSS">--><script>alert("XSS")</script> Associated CAPEC: CAPEC-32: Embedding Scripts in HTTP Query Strings - https://capec.mitre.org/data/definitions/32.html Associated CWE: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') - http://cwe.mitre.org/data/definitions/79.html - Available fix: Epicor Enterprise Hotfix: FS74SP6_HotfixTL054181 - Credit: These vulnerabilities were discovered by Fara Rustein. If you have any questions, comments, concerns, updates or suggestions please contact Fara Rustein (TW: @fararustein). # 0day.today [2024-09-20] #