• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Namazu Multiple Remote Vulnerabilities

Namazu is reported prone to multiple vulnerabilities. These issues result from insufficient sanitization of user-supplied data. The following issues were identified:

Namazu is reported prone to a cross-site scripting vulnerability. This issue could permit a remote attacker to create a malicious URI link that includes hostile HTML and script code. If this link were to be followed, the hostile code may be rendered in the web browser of the victim user. This would occur in the security context of the affected web site and may allow for theft of cookie-based authentication credentials or other attacks.

Namazu is also reported prone to a potential file upload vulnerability. This issue may allow remote attackers to upload malicious script files to a vulnerable server. If the attacker is able to execute the script, this may allow for remote compromise of the server.

In addition of the issues described above, the vendor has stated that users should upgrade from versions 1.2 and older to a newer version. It is believed that the older versions contain numerous unspecified vulnerabilities.

The cross-site scripting vulnerability affects Namazu versions 2.0.13 and prior. The file upload vulnerability is present in Namazu versions 1.3.0.10 and older.