<< Previous Next >>
RSS feed
Problem type : remote
Debian-specific: no
CVE Id : CVE-2009-4102
Debian Bug : 559267
It was discovered that firefox-sage, a lightweight RSS and Atom feed
reader for Firefox, does not sanitise the RSS feed information
correctly, which makes it prone to a cross-site scripting and a
cross-domain scripting attack.
Join us on IRC: irc.freenode.net #webappsec
Have a question? Search The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/archive/
Subscribe via RSS:
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA
netVigilance Security Advisory #55
SAXON version 5.4 SQL Injection Vulnerability
Description:
SAXON is a simple accessible online news publishing system for personal and small corporate site owners. Publish news, using configurable templates, on any .php page on your site. Publish news on a 'per author' basis. Edit and/or delete existing news items. Create multiple RSS news feeds automatically (RSS 0.9, RSS 2.0 and Atom). Post date news items for later public release. Multiple authors allowed. Ability to configure users as Standard or Administrators. Ability to add/delete users (Administrators only). Option to change any user password (Administrators only). Template creation/deletion/amendment interface. Online setup and configuration.
Successful exploitation requires PHP magic_quotes_gpc set to Off.
External References:
Mitre CVE: CVE-2007-4863
NVD NIST: CVE-2007-4863
http://www.flickr.com/photos/30017677@N05/
-Follow us on Twitter:
https://twitter.com/blackhatusa2008
-Subscribe to our main RSS feed to get timely announcements that won't be in
monthly newsletters:
https://www.blackhat.com/BlackHatRSS.xml
Thank you,
Jeff Moss
speakers, opportunities of networking with peers, hacking challenges
and workshops. BruCON is an open-minded gathering of people discussing
computer security, privacy, information technology and its cultural/
technical implications on society. The conference creates bridges
between the various actors active in computer security world, included
but not limited to hackers(*), security professionals, security
communities, non-profit organizations, CERTs, students, law
enforcement agencies, etc...
Call of Papers is officially open
https://www.defcon.org/
Forums and Blogs
https://forum.defcon.org/
Follow the RSS feed:
https://www.defcon.org/defconrss.xml
Follow the announcements before, during, and after with twitter:
http://www.twitter.com/defcon16
--------------------------------------------------------------------------------------------------------------------
~/xoops-1.3.10/class/phpsyndication.lib.php
// | required: - PHP |
// | - Snoopy (find it here: http://freshmeat.net/projects/snoopy) |
/* [BREAK 1] We can supply parameter from RSS file into sourceUrl firstly */
class RSStoHTML
{
var $sourceUrl; // location of the source RSS file
..
- Description:
####################
1024CMS is a PHP-based CMS which uses MySQL as its backend DBMS. It
support forums, downloads,
search capability, BB code capability, gallery, chat and RSS services.
####################
- Vulnerability:
####################
Advisory number: SN-2007-01
Advisory URL: http://www.securenetwork.it/advisories/, http://www.ikkisoft.com
*** SUMMARY ***
GCALDaemon is an OS-independent Java program that offers two-way synchronization between Google Calendar and various iCalendar compatible calendar applications. GCALDaemon is primarily designed as a calendar synchronizer but it can also be used as a Gmail notifier, Address Book importer, Gmail terminal and RSS feed converter.
Sunbird/Kontact/Firefox/ThunderBird/Mozilla Calendar all share calendars over HTTP, by uploading their file via an HTTP PUT and getting/refreshing their calendar with an HTTP GET. The GCALDaemon's built-in HTTP server keeps this HTTP messages in sync with a specified Google Calendar. An input validation flaw permits to craft an HTTP request with an abnormal content-length value; this malformed request could trigger a denial of service that arises from a Java out of memory fatal error.
*** VULNERABILITY DETAILS ***
To create or update a submission:
https://cfp.blackhat.com/
Download all the Black Hat USA 2007 content for free in an iPod friendly
format! For audio and video follow these links:
https://www.blackhat.com/podcast/bh-usa-07-video.rss
https://www.blackhat.com/podcast/bh-usa-07-audio.rss
Black Hat Japan News:
We're happy to announce that Black Hat is returning to Tokyo for another
comment on news http://www.linkedin.com/groups?gid=37658&trk=hb_side_g
- - Share your pictures of past events, or just check out ours:
http://www.flickr.com/photos/30017677@N05/
BLACK HAT NEWS AND UPDATES
If you want to get instant access to Black Hat news, you can get our RSS
feed:
https://www.blackhat.com/BlackHatRSS.xml
Follow us on Twitter:
https://www.twitter.com/BlackHatUSA2008
Smart Catalog is unique and convenient software. It is designed for
many purposes whether you want to create blog, product catalog,
classifieds, events, jobs or many others. This software gives you
opportunity to create general categories and unlimited number of
subcategories, create static pages, upload images, rate and comment
listings. The Smart Catalog has SEO optimized URLs, RSS feeds and fast
indexed with major search engines.
Description
This PHP based catalog is vulnerable to SQL Injection on search form.
Injecting a quote mark will break the SQL query and even provide
}
...
if(!empty($language_full)) {
if(file_exists("language/lang-".$language_full.".php")) {
if( !isset($_GET['x'])OR($_GET['x'] != "rss" & $_GET['x'] != "atom")) {
require("language/lang-".$language_full.".php");
}
}else{
...
D.C. 2008 Briefings CfP closes January 4
Europe 2008 Briefings CfP closes February 1
USA 2008 Briefings CfP will open February 1
Japan 2008 Briefings CfP will open May 1
RSS Announcements and Updates, News and more:
http://www.blackhat.com/BlackHatRSS.xml
TO REGISTER:
https://www.blackhat.com/html/bh-registration/bh-registration.html
To register for trainings or briefings please visit our registration site.
Please bear in mind that on-line registration closes October 15, and it is a good idea to sign up now to avoid waiting in the long on site registration lines.
The Briefings will once again be held in the Keio Plaza Hotel in Tokyo, on Thursday, October 25 and Friday, October 26. On site registration begins at 09:00 both days.
In other news:
Presentations and white papers from Black Hat USA 2007 are on line, with audio and video coming soon. To know as soon as new content comes on-line, subscribe to our RSS feed at
http://www.blackhat.com/BlackHatRSS.xml
The Black Hat D.C. and Black Hat Amsterdam Call for Papers is now open.
The focus this year for Black Hat D.C. will be both on Offensive tools, techniques, and related technology as well as wireless and near field security. A more detailed CfP will be released next week.
Please bear in mind that on-line registration closes October 15, and it is a good idea to sign up now to avoid waiting in the long on site registration lines.
The Briefings will once again be held in the Keio Plaza Hotel in Tokyo, on Thursday, October 25 and Friday, October 26. On site registration begins at 09:00 both days.
In other news:
Presentations and white papers from Black Hat USA 2007 are on line, with audio and video coming soon. To know as soon as new content comes on-line, subscribe to our RSS feed at
http://www.blackhat.com/BlackHatRSS.xml
The Black Hat D.C. and Black Hat Amsterdam Call for Papers is now open.
The focus this year for Black Hat D.C. will be both on Offensive tools, techniques, and related technology as well as wireless and near field security. A more detailed CfP will be released next week.
https://www.defcon.org/html/defcon-16/dc-16-cfp-form.html
Forums - Discuss and follow all the pre-conference planning
https://forum.defcon.org/
Future Announcements in RSS format
https://www.defcon.org/defconrss.xml
The Jackal, holding the radio right behind Aleph One
https://www.defcon.org/images/graphics/PICTURES/defcar1.jpg
/-----------
# ps
ps
USER PID PPID VSIZE RSS WCHAN PC NAME
root 1 0 248 64 c0084edc 0000ae2c S /init
root 2 0 0 0 c0049168 00000000 S kthreadd
...
root 1206 1165 16892 14564 c0084edc 00274af8 S ./gdb
app_0 1574 535 83564 12832 ffffffff afe0c79c S
------------------------
eggblog is a free PHP & MySQL blogging package. Features include an internal search engine,
photo albums, forums, plug-ins, guest comments to blog articles, automatic monthly archiving
of blog articles and RSS XML feeds for both the blog and forums.
I discovered the security holes when I was testing it for my personel web blog.
Vulnerability Overview
------------------------
The script is vulnerable to XSS attacks.
D.C. 2008 Briefings CfP closes January 4
Europe 2008 Briefings CfP closes February 1
USA 2008 Briefings CfP will open February 1
Japan 2008 Briefings CfP will open May 1
RSS Announcements and Updates, News and more:
http://www.blackhat.com/BlackHatRSS.xml
TO REGISTER:
https://www.blackhat.com/html/bh-registration/bh-registration.html
To register for trainings or briefings please visit our registration site.
D.C. 2008 Briefings CfP closes January 4 Europe 2008 Briefings CfP closes
February 1 USA 2008 Briefings CfP will open February 1 Japan 2008 Briefings
CfP will open May 1
RSS Announcements and Updates, News and more:
http://www.blackhat.com/BlackHatRSS.xml
TO REGISTER:
https://www.blackhat.com/html/bh-registration/bh-registration.html
To register for trainings or briefings please visit our registration site.
publishing content on the World Wide Web and intranets. It comprises a
model–view–controller (MVC) Web application framework that can also be
used independently.
Joomla is written in PHP, uses object-oriented programming (OOP)
techniques and software design patterns, stores data in a MySQL
database, and includes features such as page caching, RSS feeds,
printable versions of pages, news flashes, blogs, polls, search, and
support for language internationalization.
3. VULNERABILITY DESCRIPTION
Description :
Comdev Web Blogger is your voice and also allows others to give you feedback on a post-by-post basis.
Site members can now create, manage, upload photos to their own blogs.FEATURES: Non Template-Based Gives You Flexibility to Fit
the Web Blogger to Your Web Design Page • Multiple user accounts to create & invite friends to their own blogs • Hot Blogs,
Latest Blogs • RSS News Feeds • Blogs Categorisation • Hot Blogs & Latest Blogs • Search Blogs • Mini Calendar • Monthly Archive•
Links to Friends' Blog • Public or Friends View Only Blogs • Set Post Comments Permission • Friends Login • Forms Submission with
CAPTCHA Image Verification • WYSIWYG Editor for Blog & Comment • Notify Friends of New Blog • Set View & Post Comment Permissions •
sSet Date & Time Format • Local Time Zone • Pre-defined Front-end CSS • Personalized Emails & Auto-Responders •
Installation Support available
available for FRHACK 2009.
# Selected speakers #
Social Engineering, Hacking brains
- Bruno Kerouanton (Switzerland)
Reverse engineering and cryptographic errors
- Philippe Oechslin (Switzerland)
for advanced mobile devices. Features include:
* Fast access to your mobile content via Homebase start page
* Best support for modern web standards (Javascript and AJAX).
* Social Bookmarking
* Tab browsing
* RSS Support
* Proven security (TLS, SSL3)
* International support
* Cross platform capability
* Widget and Extension support
Cross Context Scripting (XCS) is a term coined
for a browser based content injection in the
Firefox chrome zone. This term was originally
used by researcher Petro D. Petkov (pdp), when
David Kierznowski found a vulnerability in the
Sage RSS Reader Firefox extension .
XCS injection occurs between different
security zones, an untrusted and a trusted
zone.
This paper details several XCS cases. XCS
3. $p = $_GET[p];
4. $s = str_replace("../", "", $s); <---------- {1}
5. $p = str_replace("../", "", $p);
...
54. $cachefile = "cache/${s}_${p}_$_GET[m]_$_GET[c]_$_GET[t]_$_GET[u]_$_GET[print].cache.htm"; <---- {2}
100. if($usecache == "1" && $passprot != "1" && $s != "rss" && empty($_GET[msg]) && empty($_GET[tn])) { <--- {3}
101. if($handle = fopen($cachefile, 'w')) { // Create the cache file <-------- {4}
102. $output = ob_get_contents();
103. fputs($handle, $output);
104.
105. fclose($handle);
== DoS attacks on MIME-capable software via complex MIME emails ==
== Preface ==
On the phneutral 0x7d8 and RSS 08, I gave short talks on a widely unregarded
problem with MIME software. Due to popular demand, I decided to publish a
short writeup of the talk.
== What is MIME? ==
MIME is the standard format for email-messages. One could say, MIME is for
email, what html is for the web. The first RFC for MIME was published in
XSS, CSRF XSS in package manager / options SMF2 cicatriz.r00t
CSRF CSRF permite darle permisos a los usuarios normales para modificar permisos del foro SMF2 ysk.sft
CSRF CSRF join 2 topics . SMF2 ysk.sft
CSRF CSRF permite borrar una encuesta SMF2 ysk.sft
CSRF CSRF permite elevar privilegios de usuarios normales para modificar los smileys SMF2 ysk.sft
DoS RSS DoS SMF2, SMF1 www.kernel32
CSRF Session token stealling SMF2, SMF1 www.kernel32
---- ReDoS en htmltrim SMF2 sirdarckcat
DoS Forum access DoS SMF2 sirdarckcat
XSS XSS en la subida de archivos. SMF2 ysk.sft
CSRF Message rule CSRF SMF2 brlvldvlsmrtnz
Please bear in mind that on-line registration closes October 15, and it is a good idea to sign up now to avoid waiting in the long on site registration lines.
The Briefings will once again be held in the Keio Plaza Hotel in Tokyo, on Thursday, October 25 and Friday, October 26. On site registration begins at 09:00 both days.
In other news:
Presentations and white papers from Black Hat USA 2007 are on line, with audio and video coming soon. To know as soon as new content comes on-line, subscribe to our RSS feed at
http://www.blackhat.com/BlackHatRSS.xml
The Black Hat D.C. and Black Hat Amsterdam Call for Papers is now open.
The focus this year for Black Hat D.C. will be both on Offensive tools, techniques, and related technology as well as wireless and near field security. A more detailed CfP will be released next week.
<<Previous Next>>
|
