Infesting you with Virus News
 

News

Contributed by: Lauren Gerber
Date: July 9, 2009
Lauren Gerber
2
Vote
0

The Latest KerviNet Forum Vulnerabilities
 

Welcome to the latest and greatest security vulnerability news on the web. I am here to tell you about vulnerabilities that this time, have been reported in the KerviNet Forum. The risks of these vulnerabilities are extremely high due to the factor that they may be exploited by malicious people in order to perform the dreaded SQL injection attack.Comps.jpg

The KerviNet Forum is as you may have guessed, web based. Due to it being web based, it means that it can be used with any browser with the inclusion of Mozilla Firefox. Some of the files of Mozilla Firefox may include but are not limited to the following: nsUrlClassifierTable.js, nsURLFormatter.js, nsXmlRpcClient.js, reporter.js as well as WebContentConverter.js.

These KerviNet vulnerabilities are a result of two errors which involve the following:

  1. The input which is passed from the "topic"parameter is not adequately modified, prior to being used in the SQL queries. This runs the risk of being exploited in order to manipulate the SQL queries by injecting arbitrary SQL code.
  2. The input which is passed from the "enter_login" as well as the "enter_parol" cookies with regards to the index.php, is not adequately modified prior to being used in the SQL queries. This runs the risk of being exploited in order to manipulate the SQL queries by injecting arbitrary SQL code.

This vulnerability has been rated as moderately critical. If you are wondering who actually discovered this vulnerability in the KerviNet forum, you don't need to wonder anymore. This vulnerability was actually discovered by the popular eLwaux.8PC.jpg

Now for the next big question, what versions have these vulnerabilities been reported in? These vulnerabilities have been confirmed as well as reported in version 1.1. It is vital for all users to be aware of the factor that other versions may also be affected by this. If you are looking for a solution, then it is to apply the available patches as well as edit the source code, in order to make sure that the input is adequately modified. That's it for now folks, till next time, try and have a safe KerviNet forum experience.

Resources:
The original advisory.
The KerviNET Forum vulnerability.
The exact site.
Security advisories as well as exploits.

User Comments

Name:
Email:
Website:
Comment:
Please type 5-digit security code below:
Captcha image for spam protection

Featured Videos

Registry Tutorials
From: PC1News Videos
Added: June 13, 2009
more videos

Software Downloads

SpyHunter V.3
Free Spyhunter Scanner (Spyware/Trojan Detection). DETECT Spyware, Trojans, Worms, Viruses and malware on your PC absolutely FREE.
Download now
Registry Mechanic 8
Award Winning software, Fixes registry and improves computer performance. Created by a division of Symantec, this tool will scan your registry and find errors that can be later cleaned either individually or all together.
Download now
SpywareBlaster 4.1
The tool is used to prevent the installation of spyware and other potentially unwanted software. As soon as you download it, you will be able to protect your system.
Download now

Latest Comments

winlogon.exe.exe
March 12, 2010
how to remove winlogon.exe.exe more..
Dr. Guard Can Hit Your Computer Hard
March 12, 2010
Anyone would panic with bizarre behaviour of your computer with warnings, music flashing, etc. Don't... more..
Dr. Guard Can Hit Your Computer Hard
March 12, 2010
nicejerk - Microsoft no longer supports (ie cares about anything bad happening) with XP. They don't... more..
more comments..
rss
Home | Files | Programs | Latest Comments | About us | Privacy Policy | Contributors | Contact Us
© 2008 - 2010 pc1news.com - All rights reserved.
Home  Tips  Downloads Videos Virus List Vulnerabilities
Home > Computer Security > The Latest KerviNet Forum Vulnerabilities