Winamp & Shoutcast Forums - View Single Post - shoutcast2 control panel fix for null nuke

dimajahiz · 8th November 2014, 14:41

i try to find NULL NUKE CMS v2.2 to download i got the info

=======================================================
=======================================================
=======================================================
Title: NULL NUKE CMS v2.2 Multiple Vulnerabilities
Advisory ID: ZSL-2014-5185
Type: Local/Remote
Impact: Spoofing, Exposure of System Information, Exposure of Sensitive Information, Manipulation of Data, Cross-Site Scripting, System Access
Risk: (4/5)
Release Date: 28.04.2014

Summary
NULL-8x3-NUKE is a fast, powerful and secure cross platform CMS for windows and Linux using base or full drive paths.

Description
NULL NUKE CMS suffers from multiple remote vulnerabilities including Stored/Reflected XSS, SQL Injection, Arbitrary File Upload, RCE, Arbitrary File Deletion, Arbitrary File Access using absolute path and/or traversal, Open Redirection, Parameter Traversal, and Cross-Site Request Forgery.

Vendor
nullwanton - http://sourceforge.net/projects/nullnuke/

Affected Version
2.2 and 2.1 rc3

Tested On
Apache/2.4.7 (Win32)
PHP/5.5.6
MySQL 5.6.14

Vendor Status
N/A

PoC
nullnuke_mv.txt
Credits

Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>
=======================================================
=======================================================
=======================================================

Please Update and fix the Multiple Vulnerabilities

Thanks.

8th November 2014, 14:41	#5
dimajahiz Junior Member Join Date: Nov 2014 Posts: 3	i try to find NULL NUKE CMS v2.2 to download i got the info ======================================================= ======================================================= ======================================================= Title: NULL NUKE CMS v2.2 Multiple Vulnerabilities Advisory ID: ZSL-2014-5185 Type: Local/Remote Impact: Spoofing, Exposure of System Information, Exposure of Sensitive Information, Manipulation of Data, Cross-Site Scripting, System Access Risk: (4/5) Release Date: 28.04.2014 Summary NULL-8x3-NUKE is a fast, powerful and secure cross platform CMS for windows and Linux using base or full drive paths. Description NULL NUKE CMS suffers from multiple remote vulnerabilities including Stored/Reflected XSS, SQL Injection, Arbitrary File Upload, RCE, Arbitrary File Deletion, Arbitrary File Access using absolute path and/or traversal, Open Redirection, Parameter Traversal, and Cross-Site Request Forgery. Vendor nullwanton - http://sourceforge.net/projects/nullnuke/ Affected Version 2.2 and 2.1 rc3 Tested On Apache/2.4.7 (Win32) PHP/5.5.6 MySQL 5.6.14 Vendor Status N/A PoC nullnuke_mv.txt Credits Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk> ======================================================= ======================================================= ======================================================= Please Update and fix the Multiple Vulnerabilities Thanks. Last edited by dimajahiz; 8th November 2014 at 14:53. Reason: Multiple Vulnerabilities