<< Previous Next >>
sites
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory: Cisco Global Site Selector Appliances DNS
Vulnerability
Advisory ID: cisco-sa-20090107-gss
http://www.cisco.com/warp/public/707/cisco-sa-20090107-gss.shtml
vulnerabilities could allow a remote attacker to execute arbitrary
code on the system with the privileges of a targeted user.
The Cisco WebEx Players are applications that are used to play back
WebEx meeting recordings that have been recorded on a WebEx meeting
site or on the computer of an online meeting attendee. The players
can be automatically installed when the user accesses a recording
file that is hosted on a WebEx meeting site. The players can also be
manually installed for offline playback after downloading the
application from www.webex.com
Title:
======
Barracuda WAF 660 v7.6.0.028 - Cross Site Vulnerability
Date:
=====
2012-03-07
some cases, lead to remote code execution.
To exploit a vulnerability, a malicious WRF file would need to be opened
by the WRF Player application. An attacker may be able to accomplish
this by providing the malicious WRF file directly to users (for example,
via e-mail), or by convincing users to visit a malicious website. The
vulnerability cannot be triggered by users attending a WebEx meeting.
These vulnerabilities have been assigned the following Common
Vulnerabilities and Exposures (CVE) identifiers:
Hello Bugtraq!
I want to warn you about Cross-Site Scripting vulnerability in Mozilla
Firefox, Opera and other browsers. It allows to bypass protection from
executing of JavaScript code in location-header redirectors (by redirecting
to javascript: URI).
Recently, 04.08.2010, I wrote about vulnerability in Mozilla and Mozilla
Firefox at my site. I made full disclosure because Mozilla completely
ignored similar vulnerability, which I informed them in August 2009, like
include many international incidents. Enjoy. And if you still haven't had a
chance to read our 2007 annual report, it is quite fascinating. you can find
it at http://www.webappsec.org/projects/whid/statistics.shtml.
* In Korea, a Chinese hacker stole 18 Million(!) customers' records from an
auction site: http://www.webappsec.org/projects/whid/byid_id_2008-10.shtml.
* In Greece and Ecuador government web sites where defaced
(http://www.webappsec.org/projects/whid/byid_id_2008-12.shtml,
http://www.webappsec.org/projects/whid/byid_id_2008-11.shtml).
USN-930-1 fixed vulnerabilities in Firefox and Xulrunner. This update
provides the corresponding updates for Ubuntu 9.04 and 9.10, along with
additional updates affecting Firefox 3.6.6.
Several flaws were discovered in the browser engine of Firefox. If a user
were tricked into viewing a malicious site, a remote attacker could use
this to crash the browser or possibly run arbitrary code as the user
invoking the program. (CVE-2010-1208, CVE-2010-1209, CVE-2010-1211,
CVE-2010-1212)
An integer overflow was discovered in how Firefox processed plugin
Xulrunner 1.9.2.
Original advisory details:
If was discovered that Firefox could be made to access freed memory. If a
user were tricked into viewing a malicious site, a remote attacker could
cause a denial of service or possibly execute arbitrary code with the
privileges of the user invoking the program. This issue only affected
Ubuntu 8.04 LTS. (CVE-2010-1121)
Several flaws were discovered in the browser engine of Firefox. If a
----------
Details:
----------
In details about such vulnerabilities, about sending of spam via web sites
and creating of spam-botnets it's possible to read in my article Sending
spam via sites and creating spam-botnets
(http://www.webappsec.org/lists/websecurity/archive/2010-07/msg00099.html).
Insufficient Anti-automation (WASC-21):
A service policy bypass vulnerability exists in the Cisco Content
Services Gateway - Second Generation (CSG2), which runs on the
Cisco Service and Application Module for IP (SAMI). Under certain
configurations this vulnerability could allow:
* Customers to access sites that would normally match a billing
policy to be accessed without being charged to the end customer
* Customers to access sites that would normally be denied based on
configured restriction policies
Additionally, Cisco IOS Software Release 12.4(24)MD1 on the Cisco
2. *Vulnerability Information*
Class: Protection Mechanism Failure [CWE-693], Authentication Issues
[CWE-287], Cross-Site Scripting (XSS) [CWE-79]
Impact: Code execution, Security bypass
Remotely Exploitable: Yes
Locally Exploitable: No
CVE Name: CVE-2010-3272, CVE-2010-3273, CVE-2010-3274
Advisory # 1:
TITLE
Cross Site Scripting vulnerability in ArubaOS and AirWave
Administration Web Interfaces.
SUMMARY
A persistent Cross Site Scripting vulnerability (XSS) was discovered
1. OVERVIEW
Etano 1.x versions are vulnerable to Cross Site Scripting.
2. BACKGROUND
The community builder script we provide - Etano - was built entirely
based on requests from customers of our previous dating package
(Dating Site Builder). Almost every feature ever requested was built
http://netifera.com/research/flickr_api_signature_forgery.pdf
September 29, 2009
--Affected Web Sites
A lot of web sites provide API service whose architecture is the same
as Flickr's API. They are potentially vulnerable.
We don't have a complete list, but here are some notable web sites:
XSS vulnerabilities in 34 millions flash files
(http://www.webappsec.org/lists/websecurity/archive/2010-01/msg00035.html).
And before this article, I made another research and wrote another article
about holes in millions of flash banners - XSS vulnerabilities in 8 millions
flash files (http://websecurity.com.ua/3789/). Among millions of vulnerable
web sites, there are also sites which are using banner systems,
particularly phpAdsNew, OpenAds and OpenX.
-----------------------------
Advisory: Vulnerability in phpAdsNew, OpenAds and OpenX
-----------------------------
===========
I. Overview
===========
During a penetration test performed by Hacktics' experts, a persistent
cross-site scripting vulnerability was identified in the SharePoint document
handling module. This vulnerability allows attackers to gain control over
valid user accounts, perform operations on their behalf, redirect them to
malicious sites, steal their credentials, and more.
A friendly formatted version of this advisory, including a video
Hello Bugtraq!
I want to warn you about multiple vulnerabilities in XAMPP. I disclosed at
my site multiple vulnerabilities in XAMPP in 2009 (in total 7 advisories).
And informed developers about them.
Also I published these vulnerabilities at securityvulns.ru
(securityvulns.com). And now I'm informing you about them. I will combine 7
advisories in 4 letters to mailing list.
C) "JSP Dump" reflected XSS
(Affected versions: Any)
It has been found that the demo "JSP Dump" feature is vulnerable to
reflected Cross Site Scripting attacks. This can be replicated by
issuing a GET request to the "/test/jsp/dump.jsp" page:
"/test/jsp/dump.jsp?%3Cscript%3Ealert(%22hello%20world%22)%3C/script%3E"
Any GET key and value that reach the remote is reflected unencoded.
Hello Sebastien!
You can confirm it by yourself. Just find a site on XAMPP (Google can help
you with it) and check the holes using PoCs which I provided.
> and what target of xampp is it ? win32 ? linux ?
As far as I remember last year when I found all these vulnerabilities in
XAMPP, it was XAMPP on Windows servers on all those sites where I found
these holes.
description:Lotus Quickr, announced at Lotusphere 2007, is an evolution of Lotus QuickPlace ,The software use a weak xss filter that an attacker can bypass this xss filter. A remote user can create a specially crafted URL that, when loaded by a target user, will cause arbitrary scripting code to be executed by the target user's browser. The code will originate from the site running the IBM Lotus Quickr 8.0 software and will run in the security context of that site. As a result, the code will be able to access the target user's cookies (including authentication cookies), if any, associated with the site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
IBM Quickr 8.0 Server Calender XSS Injection:
its seems that IBM Lotus Quickvr use a filter xss,an attacker can avoid this filter .
example of IBM Quickr 8.0 XSS filter:
http://victim.com/QuickPlace/main.nsf/h_Toc/2a922d48c75dd00b052567080016723a/?OpenDocument&Count='20"><script>alert('g')</script>
and then you will get a error message from Quickr:
Due to the presence of characters known to be used in Cross Site Scripting attacks, access is forbidden. This web site does not allow Urls which might include embedded HTML tags.
link:
http://www.security-assessment.com/files/advisories/java_net_urlconnection_sop_bypass_demo.swf
Proof of Concept (PoC) in demo demonstrates that a
Cross Site Request Forgery (XSRF) attack can be leveraged
by using a Java Applet which implements the
java.net.URLConnection class. Traditionally, XSRF is used
to force a user to perform an unwanted action on a target
web site. In this case, the PoC shows that XSRF can be
used to capture sensitive information such as cookie
> link:
>
> http://www.security-assessment.com/files/advisories/java_net_urlconnection_sop_bypass_demo.swf
>
> Proof of Concept (PoC) in demo demonstrates that a
> Cross Site Request Forgery (XSRF) attack can be leveraged
> by using a Java Applet which implements the
> java.net.URLConnection class. Traditionally, XSRF is used
> to force a user to perform an unwanted action on a target
> web site. In this case, the PoC shows that XSRF can be
> used to capture sensitive information such as cookie
code as the user invoking the program. (CVE-2010-2760, CVE-2010-2767,
CVE-2010-3167)
Blake Kaplan and Michal Zalewski discovered several weaknesses in the
XPCSafeJSObjectWrapper (SJOW) security wrapper. If a user were tricked into
viewing a malicious site, a remote attacker could use this to run arbitrary
JavaScript with chrome privileges. (CVE-2010-2762)
Matt Haggard discovered that Firefox did not honor same-origin policy when
processing the statusText property of an XMLHttpRequest object. If a user
were tricked into viewing a malicious site, a remote attacker could use
code as the user invoking the program. (CVE-2010-2760, CVE-2010-2767,
CVE-2010-3167)
Blake Kaplan and Michal Zalewski discovered several weaknesses in the
XPCSafeJSObjectWrapper (SJOW) security wrapper. If a user were tricked into
viewing a malicious site, a remote attacker could use this to run arbitrary
JavaScript with chrome privileges. (CVE-2010-2762)
Matt Haggard discovered that Firefox did not honor same-origin policy when
processing the statusText property of an XMLHttpRequest object. If a user
were tricked into viewing a malicious site, a remote attacker could use
Hello Bugtraq!
I want to warn you about Cross-Site Scripting and Insufficient
Anti-automation vulnerabilities in IB Promotion Advanced Business Web Suite.
It's Ukrainian commercial CMS.
XSS (WASC-08):
http://site/search/?qs=’;alert(document.cookie);//
------------------------------
1. Information Leakage.
------------------------------
Access to backups of DB of site on WordPress is possible in plugin WordPress
Database Backup (WP-DB-Backup) via guessing of full path to them. The
backups can be created by admin or automatically. For the attack it's
needed that backups were saving at the site (at least for some time).
WP-DB-Backup - it's popular plugin (which shipped with WordPress 2.0.x),
which only from the site wordpress.org was downloaded 546218 times (at the
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c02711131
Version: 3
HPSBMA02629 SSRT100381 rev.3 - HP Power Manager (HPPM) Running on Linux and Windows, Cross Site Request Forgery (CSRF), Cross Site Scripting (XSS)
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2011-02-07
Last Updated: 2011-03-10
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c02027185
Version: 1
HPSBMA02525 SSRT100083 rev.1 - HP System Insight Manager Running on HP-UX, Linux, and Windows , Remote Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), Privilege Elevation
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2010-04-27
Last Updated: 2010-04-27
(the higher, the better):
1. Developers of Internet related software (such as web servers, ad
blockers, etc.).
2. Developers of web applications.
3. Admins of web sites.
4. Developers of the browsers.
Which must give you a ground for thoughts.
Best wishes & regards,
all captcha-programs which are using sessions.
The algorithm of fixing this issue in CaptchaSecurityImages.php (and it's
concerns to CB Captcha and to all those webapps with this captcha in my last
advisories, where I mentioned that) was described by developers of
CaptchaSecurityImages.php already at 27.03.2007 at their site
(http://www.white-hat-web-design.co.uk/articles/php-captcha.php). For that
you need to clear session variable "security_code" (or other name which is
used in the code of specific webapp). Use unset($_SESSION['security_code']);
in the code when you are processing the form.
<<Previous Next>>
|
