Next Page >>
Information Disclosure
advisory. This advisory addresses Cisco TelePresence endpoint devices
and details the following vulnerabilities:
* Unauthenticated Common Gateway Interface (CGI) Access
* CGI Command Injection
* TFTP Information Disclosure
* Malicious IP Address Injection
* XML-Remote Procedure Call (RPC) Command Injection
* Cisco Discovery Protocol Remote Code Execution
Duplicate Issue Identification in Other Cisco TelePresence Advisories
[+] Application: CelerBB
[+] Version: 0.0.2
[+] Website: http://celerbb.sourceforge.net/
[+] Bugs: [A] Multiple SQL Injection
[B] Information Disclosure
[C] Authenticaion Bypass
[+] Exploitation: Remote
[+] Date: 05 Mar 2009
A) Multiple Arbitrary File Upload
B) Multiple SQL Injection
C) Multiple Blind SQL Injection
D) Multiple Reflected and Stored XSS
E) Information Disclosure
A) Multiple Arbitrary File Upload
The file's extension of the file sent to jobs.php?step=4
[+] Application: Dynamic Flash Forum
[+] Version: 1.0 Beta
[+] Website: http://df2.sourceforge.net/
[+] Bugs: [A] Information Disclosure
[B] Authentication Bypass
[C] Multiple SQL Injection
[+] Exploitation: Remote
[+] Date: 09 Apr 2009
Advisory Title: mChek 3.4 Information Disclosure
Advisory ID: FSSA-2009-0401
Author: Gursev Kalra (gursev.kalra@foundstone.com)
Vendor Contact Date: 4/21/2009 (Vendor notified by email)
Release Date: 07/21/2009
Platform: Symbian OS 9.1, Series 60 v3.0. Other mobile platforms might behave in same way.
Severity: Low (Information Disclosure)
Vendor Status: Version 3.8 fixes this problem
Overview: mChek application stores Credit/Debit Card numbers and bank name without protection
A remote user is able to identify the full path of the document
root folder.
===============================================================
===============================================================
!risk 2 - Information Disclosure
Medium
The table names can be further leveraged for a SQL injection if
one exists.
===============================================================
Advisory Title: Microsoft ActiveSync 4.x Weak Password Obfuscation
Author: Ollie Whitehouse / ollie_whitehouse@symantec.com
Release Date: 15-10-2006
Application: ActiveSync 4.x
Platform: Microsoft Windows
Severity: Information Disclosure
Vendor status: Update available
CVE Number: CVE-2007-5460
Reference: http://www.securityfocus.com/bid/25976
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Onapsis Security Advisory: Oracle JD Edwards SawKernel GET_INI Information Disclosure
This advisory can be downloaded in PDF format from http://www.onapsis.com/.
By downloading this advisory from the Onapsis Resource Center, you will gain access to beforehand information on upcoming advisories, presentations
and new research projects from the Onapsis Research Labs, as well as exclusive access to special promotions for upcoming trainings and conferences.
that the port under which ELBA listens for serialized communication
changes every time the application starts, but it can be easily found
remotely by port scanning.
1.b) Information Disclosure:
A python script has been developed in order to exploit this issue. This
proof-of-concept code will not be published.
The currently logged on username "SYSADMIN" is visible in the received
Security Advisory
Advisory: IBM BladeCenter Advanced Management Module
Multiple vulnerabilities
(XSS type 2 & 1, CSRF, Information Disclosure)
Release Date: 2009-04-09
Last Modified: 2009-04-09
Authors: Henri Lindberg [henri.lindberg@louhi.fi], CISA
Device: IBM BladeCenter H AMM
Syhunt: HFS (HTTP File Server) Template Cross-Site Scripting and
Information Disclosure Vulnerabilities
Advisory-ID: 200801161
Discovery Date: 1.16.2008
Release Date: 1.23.2008
Affected Applications: HFS 2.0 to and including 2.3(Beta Build
#174)
Non-Affected Applications: HFS 1.6a and earlier versions
Class: Cross-Site Scripting (XSS), Information Disclosure
Advisory: Owl Intranet Engine: Information Disclosure and Unsalted Password Hashes
The Owl Intranet Engine uses no salting in the password hashing
procedure. Furthermore, users in the "Administrators" group are able to
see the MD5 password hashes of every user using the web interface.
Details
=======
POC:
/index.php?a=search&q=psstt+security”><a+href%3Dhttp%3A%2F%2Fwebsec.id3as.com>Web-Application-Security
Information Disclosure 1 (up to 5.2.1)
--------------------------
Disclosure of full path of the application sources when you put a
negative number at the ’start’ parameter.
[+] Application: Multi-lingual E-Commerce System
[+] Version: 0.2
[+] Website: http://sourceforge.net/projects/mlecsphp/
[+] Bugs: [A] Local File Inclusion
[B] Information Disclosure
[C] Arbitrary File Upload
[+] Exploitation: Remote
[+] Date: 19 Apr 2009
Vulnerability ID: HTB22659
Reference: http://www.htbridge.ch/advisory/information_disclosure_in_bloofoxcms.html
Product: BloofoxCMS
Vendor: bloofox.com ( http://bloofox.com/ )
Vulnerable Version: 0.3.5 and probably prior versions
Vendor Notification: 13 October 2010
Vulnerability Type: Information Disclosure
Status: Not Fixed, Vendor Alerted, Awaiting Vendor Response
Risk level: Low
Credit: High-Tech Bridge SA - Ethical Hacking & Penetration Testing (http://www.htbridge.ch/)
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c02794777
Version: 1
HPSBMA02658 SSRT100413 rev.1 - Insight Control for Linux (IC-Linux), Remote Unauthorized Elevation of Privilege, Execution of Arbitrary Code, Encryption Downgrade, Information Disclosure, Denial of Service (DoS)
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2011-04-19
Last Updated: 2011-04-19
Reference: http://secureappdev.blogspot.com/2011/11/ellislab-xssclean-filter-bypass.html
1. Description
EllisLab ExpressionEngine 2.2.2 and CodeIgniter 2.0.3 were found vulnerable to various XSS attacks when relying on XSS protection provided by xss_clean filter. When exploited by an external/internal attacker, such identified vulnerabilities could lead to Session Hijack, Information Disclosure, force installation of malicious file or Trojan on users' PCs, etc.
Due to implementation flaws affecting functions _remove_evil_attributes function flaw and xss_clean of CI_Security class, the internal XSS filter can be bypassed, thus allowing successful XSS attacks on products using either ExpressionEngine 2.2.2 or CodeIgniter 2.0.3.
_remove_evil_attributes function of CI_Security class allows detection and removal of 'evil' on* event attributes (e.g. onmouseover, onfocus, etc) from any HTML tag submitted as a parameter of GET or POST requests. By exploiting an implementation flaw identified in _remove_evil_attributes function, an attacker can inject XSS payloads relying on the use of 'evil' on* attributes, as shown below:
3. the severity rating Microsoft has assigned to the bug.
. 2008-11-05:
MSRC responds that patches to IE ship every two months and the next
available ship date will be February 10th. The case is currently rated
as an Important class Information Disclosure vulnerability. Vendor
provides a list of affected components and platforms. The MSRC was able
to reproduce this issue on all IE versions with the following
exceptions: IE7 and IE8 in Windows Vista when Protected Mode is ON. In
spite of that MSRC does not include IE8 in list of affected components
because it is still a beta product.
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c02735590
Version: 1
HPSBMA02661 SSRT100408 rev.1 - HP Proliant Support Pack (PSP) Running on Linux and Windows, Remote Cross Site Scripting (XSS), URL Redirection, Information Disclosure
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2011-04-19
Last Updated: 2011-04-19
- -- Affected Components:
JD Edwards 9.0 EnterpriseOne Server + EnterpriseOne Tools 8.98 ( older versions might be also affected)
- --Vulnerability Class: Information Disclosure.
- --Remotely Exploitable: Yes
- --Locally Exploitable: No
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c02735590
Version: 2
HPSBMA02661 SSRT100408 rev.2 - HP Proliant Support Pack (PSP) Running on Linux and Windows, Remote Cross Site Scripting (XSS), URL Redirection, Information Disclosure
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2011-04-19
Last Updated: 2011-05-02
http://secureappdev.blogspot.com/2010/09/testing-google-message-security-saas.html
Description
Message Center II service (build 6_24) was found vulnerable to SQL Injection attacks. When exploited by an attacker, the identified vulnerability could lead to Information Disclosure (map database structure, extract data from available tables), Denial of Service (consume server resources by injecting SQL heavy queries), etc.
An authenticated attacker without administrative privileges can inject arbitrary code into the SQL query built to generate the list of quarantined/deleted e-mails. This can be achieved by manipulating the sort_direction parameter of /junk_quarantine/process and /trash/process resources.
Test case: sort_direction='
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Onapsis Security Advisory 2011-002: SAP Management Console Information Disclosure
This advisory can be downloaded in PDF format from http://www.onapsis.com/.
By downloading this advisory from the Onapsis Resource Center, you will gain access to beforehand information on upcoming advisories, presentations
and new research projects from the Onapsis Research Labs, as well as exclusive access to special promotions for upcoming trainings and conferences.
--Affected Components:
JD Edwards 9.0 EnterpriseOne Server + EnterpriseOne Tools 8.98 ( older versions might be also affected)
--Vulnerability Class: Information Disclosure.
--Remotely Exploitable: Yes
--Locally Exploitable: No
Application: osCommerce 2.2rc2a
Authors Site: http://www.oscommerce.com/
+--------------------------------------------------------------+
Information Disclosure:
Manipulation of the 'DOB' Variable on create_account.php can cause
information disclosure:
http://www.symantec.com/research
Security Advisory
Advisory ID: SYMSA-2007-009
Advisory Title: RemoteDocs R-Viewer Code Execution and Sensitive
Information Disclosure
Author: Adam Baldiwn / adam_baldwin@symantec.com
Release Date: 17-09-2007
Application: RemoteDocs R-Viewer 1.6.2836
Platform: Windows
Severity: Remotely exploitable / User access
########################## WwW.BugReport.ir
###########################################
#
# AmnPardaz Security Research & Penetration Testing Group
#
# Title: CMME Multiple Information disclosure vulnerabilities
# Vendor: http://cmme.oesterholt.net
# Bug: Information Disclosure
# Vulnerable Version: 1.19 (prior versions also may be affected)
# Exploitation: Remote with browser
# Exploit: Available
Vulnerability ID: HTB22687
Reference: http://www.htbridge.ch/advisory/information_disclosure_in_icebb_1.html
Product: IceBB
Vendor: XAOS Interactive ( http://icebb.net/ )
Vulnerable Version: 1.0-rc10
Vendor Notification: 02 November 2010
Vulnerability Type: Information Disclosure
Status: Not Fixed, Vendor Alerted, Awaiting Vendor Response
Risk level: Low
Credit: High-Tech Bridge SA - Ethical Hacking & Penetration Testing (http://www.htbridge.ch/)
Robert Brown / robert_brown@symantec.com
Release Date: 28-11-2007
Application: Beehive Forum 0.7.1 (earlier versions also
vulnerable)
Platform: All supported
Severity: Remotely exploitable / Information Disclosure
Vendor status: Updated Application Versions Available
CVE Number: CVE-2007-6014
Reference: http://www.securityfocus.com/bid/26492
Messages Hiding Source
Author: Ollie Whitehouse / ollie_whitehouse@symantec.com
Release Date: 17-10-2007
Application: Microsoft Windows Mobile 5 PocketPC
Platform: Windows
Severity: Information Disclosure
Vendor status: Vendor Reviewed
CVE Number: CVE-2007-5493
Reference: http://www.securityfocus.com/bid/26019
Next Page>>
|
