Juan Galiana Lara
=============================================
INTERNET SECURITY AUDITORS ALERT 2009-010
- Original release date: September 28th, 2009
- Last revised: December 15th, 2009
- Discovered by: Juan Galiana Lara
- CVE ID: CVE-2009-3703
- Severity: 8.5/10 (CVSS Base Score)
=============================================
I. VULNERABILITY
Exploit:
# Pandora Flexible Monitoring System SQL Injection PoC
# Juan Galiana Lara
# Gets the list of users and password from the database
#
#configure cookie&host before use it
#usage
#python sqlinj_users.py
=============================================
INTERNET SECURITY AUDITORS ALERT 2009-007
- Original release date: June 30th, 2009
- Last revised: July 2nd, 2009
- Discovered by: Juan Galiana Lara
- Severity: 6.8/10 (CVSS Base Score)
=============================================
I. VULNERABILITY
-------------------------
=============================================
INTERNET SECURITY AUDITORS ALERT 2009-005
- Original release date: March 2nd, 2009
- Last revised: December 18th, 2009
- Discovered by: Juan Galiana Lara
- Severity: 6.8/10 (CVSS scored)
=============================================
I. VULNERABILITY
-------------------------
=============================================
INTERNET SECURITY AUDITORS ALERT 2009-006
- Original release date: April 5th, 2009
- Last revised: June 5th, 2009
- Discovered by: Juan Galiana Lara
- Severity: 6.4/10 (CVSS Base Score)
=============================================
I. VULNERABILITY
-------------------------
=============================================
INTERNET SECURITY AUDITORS ALERT 2009-003
- Original release date: March 2nd, 2009
- Last revised: December 17th, 2009
- Discovered by: Juan Galiana Lara
- Severity: 9/10 (CVSS scored)
=============================================
I. VULNERABILITY
-------------------------
=============================================
INTERNET SECURITY AUDITORS ALERT 2009-004
- Original release date: December 3rd, 2008
- Last revised: March 10th, 2009
- Discovered by: Juan Galiana Lara
- Severity: 6.3/10 (CVSS scored)
=============================================
I. VULNERABILITY
-------------------------
=============================================
INTERNET SECURITY AUDITORS ALERT 2009-001
- Original release date: February 25th, 2009
- Last revised: March 19th, 2009
- Discovered by: Juan Galiana Lara
- Severity: 7.8/10 (CVSS Base Scored)
=============================================
I. VULNERABILITY
-------------------------
=============================================
INTERNET SECURITY AUDITORS ALERT 2009-002
- Original release date: January 7th, 2009
- Last revised: March 2nd, 2009
- Discovered by: Juan Galiana Lara
- Severity: 9/10 (CVSS scored)
=============================================
I. VULNERABILITY
-------------------------
=============================================
INTERNET SECURITY AUDITORS ALERT 2009-009
- Original release date: July 21st, 2009
- Last revised: July 23rd, 2009
- Discovered by: Juan Galiana Lara
- Severity: 5/10 (CVSS Base Score)
=============================================
I. VULNERABILITY
-------------------------
=============================================
INTERNET SECURITY AUDITORS ALERT 2009-012
- Original release date: October 13th, 2009
- Last revised: December 16th, 2009
- Discovered by: Juan Galiana Lara
- CVE ID: CVE-2009-3701
- Severity: 6.3/10 (CVSS Base Score)
=============================================
I. VULNERABILITY
=============================================
INTERNET SECURITY AUDITORS ALERT 2009-011
- Original release date: October 13th, 2009
- Last revised: December 18th, 2009
- Discovered by: Juan Galiana Lara
- CVE ID: CVE-2009-3702
- Severity: 8.5/10 (CVSS Base Score)
=============================================
I. VULNERABILITY
IX. CREDITS
-------------------------
This vulnerability has been discovered by
David Eduardo Acosta Rodrguez (deacosta (at) isecauditors (dot) com,
dacosta (at) computer (dot) org).
Thanks to Juan Galiana Lara (jgaliana (at) isecauditors (dot) com))
for additional research.
X. REVISION HISTORY
-------------------------
December 7, 2009: Initial release.
downloaded from http://mu.wordpress.org
V. Credits
Juan Galiana Lara
<jgaliana gmail com>
http://blogs.ua.es/jgaliana
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
Description
===========
Multiple vulnerabilities were discovered in ModSecurity:
* Juan Galiana Lara of ISecAuditors discovered a NULL pointer
dereference when processing multipart requests without a part header
name (CVE-2009-1902).
* Steve Grubb of Red Hat reported that the "PDF XSS protection"
feature does not properly handle HTTP requests to a PDF file that do
|
