Next Page >>
High Impact
Collabtive 0.4.8 Multiple Vulnerabilities
Name Multiple Vulnerabilities in Collabtive
Systems Affected Collabtive 0.4.8 and possibly earlier versions
Severity High
Impact (CVSSv2) High 8/10, vector: (AV:N/AC:L/Au:S/C:P/I:C/A:P)
Vendor http://collabtive.o-dyn.de/
Advisory http://www.ush.it/team/ush/hack-collabtive048/adv.txt
Authors Antonio "s4tan" Parata (s4tan AT ush DOT it)
Francesco "ascii" Ongaro (ascii AT ush DOT it)
Giovanni "evilaliv3" Pellerano (evilaliv3 AT
---[ Severity Rating ]
Severity: High
Impact: SQL Injection
Attack Vector: Remote
CVSS v2:
Base Score: 7.5
Temporal Score: 5.9
Release Date: 12/05/2011
Update Date: 12/05/2011
Discovered by: Cao Xuan Sang - Bkis
Attack Type: XSS
Security Rating: High
Impact: Code Execution
Affected Software: sNews 1.7.1 ( possibly in some earlier versions )
2. Technical Descriptions
XSS vulnerability exists in “reorder” functions of administrator: Categories reorder, Articles reorder and Pages reorder. Here, input variables are not adequately checked and filtered before querying the database. Then if a special character is added to the value, the SQL query will have wrong syntax, and the erroneous notification is displayed in the browser accompanied with the value of the erroneous variable and the erroneous query, causing XSS vulnerability.
Release Date: 06/21/2010
Update Date: 06/21/2010
Discovered by: Truong Thao Nguyen, Do Hoang Bach, Cao Xuan Sang
Attack Type: XSS, CSRF
Security Rating: High
Impact: Code Execution
Affected Software: CMS Made Simple (version <= 1.7.1)
2. Technical details
The XSS vulnerability is found in the following modules:
Release Date : 03/16/2009
Update Date : 03/16/2009
Discovered by : Mai Xuan Cuong, Bkis
Attack Type : Buffer Overflow
Security Rating : High
Impact : Code Execution
Affected Software : GOM Encoder Demo <= 1.0.0.11
2. Technical Description
The vulnerability is related to the processing of subtitle files in "srt"
Mantis Bug Tracker 1.1.1 Multiple Vulnerabilities
Name Multiple Vulnerabilities in Mantis
Systems Affected Mantis 1.1.1 and possibly earlier versions
Severity High
Impact (CVSSv2) High 9/10, vector: (AV:N/AC:L/Au:N/C:C/I:P/A:P)
Vendor http://www.mantisbt.org/
Advisory http://www.ush.it/team/ush/hack-mantis111/adv.txt
Authors Antonio "s4tan" Parata (s4tan AT ush DOT it)
Francesco "ascii" Ongaro (ascii AT ush DOT it)
Date 20080520
Author : K-159
Date : March, 11 th 2009
Location : Jakarta, Indonesia
Web : http://e-rdc.org/v1/news.php?readmore=127
Critical Lvl : High
Impact : System Access
Where : From Remote
---------------------------------------------------------------------------
Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Product. Iciniti Store
Platform. Windows
Affected versions. 4.3.3683.31484 verified, and possibly
others
Severity Rating. High
Impact. Manipulation of data
Attack Vector. Remote without authentication
Solution Status. Update is available by contacting
Iciniti
CVE reference. CVE - not yet assigned
Release Date : 06/07/2009
Update Date : 06/07/2009
Discovered by : Le Duc Anh - Bkis
Attack Type : Buffer Overflow
Security Rating : High
Impact : Code Execution
Affected Software : Photo DVD Maker Professional version <= 8.02 (Prior
versions may also be affected).
PoC : http://blog.bkis.com/wp-content/uploads/2009/07/photodvdmaker_poc.pdm
2. Technical Description
- Mobile computing and communications
- IPv6 (yes, again!)
- Security management and IT governance
- Cloud computing and virtualisation
- Security intelligence
- Topics that have a high impact on IT security
- Design flaws ("defective by design")
Talks should not:
- Endorse products, vendors or specific solutions
- Discredit anyone or anything, let's be fair
========================================================
2) Severity
Rating: High
Impact: Denial of Service
Manipulation of Data
Where: Local
========================================================
3) Vendor's Description of Software
We are interested in bleeding edge security research directly from leading
researchers, professionals, academics, industry, government and the
underground security community. Please do not submit specific single
expoits (which might be fixed by the time of the conference) and
"yet-another-PHP-hack" or the like. Exploit frameworks, general approaches,
"defective by design" resp. "defective by implementation" and high impact
exploits have a much higher chance ;)
Topics of special interest include:
* OS Security (XP, Vista, GNU/Linux, OS X, ...)
system) [1].
Consequently, software bugs that could allow potential attackers to
invalidate the premise of effective isolation between Host and Guest
systems are considered security vulnerabilities with a potentially high
impact. Attacks to exploit these type of vulnerabilities has been
discussed on several public forums [2][3]. To maintain and improve user
inter-operation with virtualized and non-virtualized systems VMware's
software implements a number of inter-system communication features. The
Shared Folder mechanism is one of such features and is enabled by default
in all VMware's products that provide it.
Release Date : 08/20/2009
Update Date : 08/20/2009
Discovered by : Le Duc Anh, Bkis
Attack Type : Buffer Overflow
Security Rating : High
Impact : Code Execution
Affected Software : ProShow Gold version 4.0.2549 (Prior versions may
also be affected).
PoC : proshow gold poc
2. Technical Description
======================================================================
3) Vendor's Description of Software
"Microsoft Office PowerPoint ... enables users to quickly create
high-impact, dynamic presentations, while integrating workflow and
ways to easily share information."
Product Link:
http://office.microsoft.com/powerpoint
Pentaho 1.7.0.1062 Multiple Vulnerabilities
Name Multiple Vulnerabilities in Pentaho
Systems Affected Pentaho <= 1.7.0.1062
Severity High
Impact (CVSSv2) High 7/10, vector: (AV:N/AC:L/Au:S/C:P/I:C/A:P)
Vendor http://www.pentaho.com
Advisory http://antisnatchor.com/2009/06/20/pentaho-1701062-multiple-vulnerabilities/
Authors Michele "euronymous" Orr (euronymous AT antisnatchor DOT com)
Date 20081224
Affected versions. 10.8.5 (Build 2), 10.3.5 (Build 6)
verified and possibly others.
Other vendors which have OEM'd the
client.
Severity Rating. High
Impact. System access
Attack Vector. Local
Solution Status. Fixed in 10.8.9 (unverified)
CVE reference. Not currently assigned
Details.
Vendor Notification Date. 16-Jun-2009
Product. Plume CMS
Platform. Independent
Affected versions. 1.2.3 (verified), possibly others
Severity Rating. High
Impact. Manipulation of data
Attack Vector. Remote with authentication
Solution Status. Unpatched
CVE reference. Not yet allocated
Details.
Release Date: 11/23/09
Update Date: 11/23/09
Discovered by: Do Hoang Bach, Bkis
Attack Type: XSS, SQL Injection
Security Rating: High
Impact: Code Execution
Affected Software: E107 (ver <= 0.7.16)
2. Technical details
The found XSS holes reside in the following modules:
---[ Severity level ]
Severity level: High
Impact: Multiple
Access vector: Network exploitable
CVSS v2:
Base score: 9.7
Vector: (AV:N/AC:L/Au:N/C:P/I:C/A:C)
Release Date: 08/23/2010
Update Date: 08/23/2010
Discovered by: Duong Manh Linh, Truong Tu Hai, Nguyen Hoang Vinh - Bkis
Attack Type: Bypass Authentication, XSS, CSRF
Security Rating: High
Impact: Code Execution
Affected Software: Openblog< v1.2.1
2. Technical Details
The most dangerous vulnerability resides on session module of OpenBlog.
---[ Severity level ]
Severity level: High
Impact: SQL injection
Access Vector: Network exploitable
CVSS v2:
Base Score: 6.5
Release Date: 05/22/2010
Update Date: 05/22/2010
Discovered by: Truong Thao Nguyen
Attack Type: XSS, CSRF
Security Rating: High
Impact: Code Execution
Affected Software: BigAce (version <= 2.7.1)
2. Technical Description
The XSS vulnerability of the software was found in the following modules:
======================================================================
3) Vendor's Description of Software
"Microsoft Office PowerPoint 2007 enables users to quickly create
high-impact, dynamic presentations, while integrating workflow and
ways to easily share information. From the Microsoft Office Fluent
user interface to the new graphics and formatting capabilities, Office
PowerPoint 2007 puts the control in your hands to create great-looking
presentations.".
Router management system for D-Link DIR-300
---[Severity level]
Severity level: High
Impact: Random file reading, random code execution
Access Vector: Remote
CVSS v2:
Base Score: 10
Vector: (AV:N/AC:L/Au:N/C:С/I:С/A:C)
Please do not submit specific single exploits (which might be fixed by
the time of the conference) and "yet-another-XYZ-hack", script kiddy
content or similar "breakthroughs". Save your effort for the Nobel
prize. Exploit frameworks, general approaches, "defective by design" or
"defective by implementation" and high impact exploits have a much
higher chance to get accepted. ;-)
- AJAX/Web2.0/JavaScript Security
- Cloud Computing
- Code Analysis
- Mobile computing and communications
- IPv6 (yes, again!)
- Cloud computing and virtualisation
- Security intelligence
- Security management and IT governance (a.k.a. "The Big Picture")
- Topics that have a high impact on IT security
- Design flaws ("defective by design")
Talks should not:
- Endorse products, vendors or specific solutions
- Discredit anyone or anything, let's be fair
SugarCRM 5.2.0e Remote Code Execution
Name Remote Code Execution in SugarCRM
Systems Affected Sugar CRM 5.2.0e and possibly earlier versions
Severity High
Impact (CVSSv2) High 8/10, vector: (AV:N/AC:L/Au:S/C:P/I:C/A:P)
Vendor http://www.sugarcrm.com
Advisory http://www.ush.it/team/ush/hack-sugarcrm_520e/adv.txt
Authors Antonio "s4tan" Parata (s4tan AT ush DOT it)
Francesco "ascii" Ongaro (ascii AT ush DOT it)
Giovanni "evilaliv3" Pellerano (evilaliv3 AT ush DOT it)
============
Observations
============
Despite the common perception in the open-source community that "given enough
eyeballs, all bugs are shallow,"[4] open-source software is still plagued by
high-impact security vulnerabilities. For this mantra to hold, not only are
"enough eyeballs" required, but the eyeballs should be those of well-trained
security professionals.
Security best-practices such as adherence to the Security Development
Lifecycle[5] are also critical when designing and developing software. It is
http://www.kayako.com/
---[ Severity level ]
Severity level: High
Impact: Arbitrary PHP code execution
Access Vector: Network exploitable
CVSS v2:
Base Score: 6.5
Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:P)
Next Page>>
|
