Next Page >>
Previous versions
refresh: 0; URL=javascript:alert(document.cookie)
The code will work in context of this site.
Vulnerable version is Mozilla 1.7.x and previous versions.
Vulnerable version is Mozilla Firefox 3.0.8 and previous versions.
Vulnerable version is Internet Explorer 6 (6.0.2900.2180) and previous
versions. And potentially next versions (IE7 and IE8).
consuming of CPU resources (and some consuming of RAM resources, besides in
those browsers, where there is no freeze, after closing of tab with exploit
the memory is not released, so large amount of memory stays in use until
closing of the browser).
In Mozilla Firefox 3.0.5 and previous versions there is CPU Overload with
freezing, at this in Firefox 3.0.13 there is only CPU Overload. In IE6 the
exploit leads to CPU Overload with freezing. In Chrome 1.0.154.48 and
previous versions the exploit leads to CPU Overload. But if to open empty
tab and to close tab with the exploit, then on empty tab the browser can
take 100% of CPU and freezes.
As I checked this DoS vulnerability today, it also works in IE7, besides
IE6.
Vulnerable version is Internet Explorer 7 (7.0.6000.16473) and previous
versions (and potentially next versions).
P.S.
Also I wrote to Ruben Reguero two days ago, and told him that it was strange
that in Firefox 3.5 he had no problems (with this exploit). And maybe he has
http://websecurity.com.ua/uploads/2009/Firefox,%20IE%20&%20Opera%20DoS%20Exploit2.html
With this exploit Firefox crashes, IE6 consumes resources of CPU and RAM,
Opera freezes at that consumes resources of CPU and RAM, and Chrome crashes.
Vulnerable version is Mozilla Firefox 3.0.11 and previous versions (and also
Firefox 3.5).
Vulnerable version is Internet Explorer 6 (6.0.2900.2180) and previous
versions. And potentially next versions (IE7 and IE8).
http://websecurity.com.ua/uploads/2009/Firefox,%20IE%20&%20Opera%20DoS%20Exploit2.html
With this exploit Firefox crashes, IE6 consumes resources of CPU and RAM,
Opera freezes at that consumes resources of CPU and RAM, and Chrome crashes.
Vulnerable version is Mozilla Firefox 3.0.11 and previous versions (and also
Firefox 3.5).
Vulnerable version is Internet Explorer 6 (6.0.2900.2180) and previous
versions. And potentially next versions (IE7 and IE8).
needed that backups were saving at the site (at least for some time).
WP-DB-Backup - it's popular plugin (which shipped with WordPress 2.0.x),
which only from the site wordpress.org was downloaded 546218 times (at the
state of 30.07.2010).
Affected products: WordPress 2.0.11 and previous versions, with which plugin
WordPress Database Backup was shipped, and also all versions of WordPress
(2.9.2 and previous versions) at using of this plugin (officially it
compatible with WP 2.9.2 and previous versions and potentially can work with
WP 3.0 and 3.0.1).
vulnerability in WordPress (http://securityvulns.ru/Sdocument460.html). And
from version 2.5 in WP new authorization method via cookies is using, but
even in new versions of engine the leakage of backups is still dangerous and
it's better not to allow it.
Affected products: WordPress 2.0.11 and previous versions, with which plugin
WordPress Database Backup was shipped. Also vulnerable are plugin
WP-DB-Backup 2.0 and previous versions in any versions of WordPress (WP
2.9.2 and previous versions and potentially WP 3.0 and 3.0.1).
------------------------------
3.0.11) prohibition on JavaScript code execution in refresh header. But in
Firefox 3.0.11 and Google Chrome you can't get to cookies this way, but it's
possible in old Mozilla (and in those versions of Firefox where there is
relation between data: page and original page).
Vulnerable version is Mozilla 1.7.x and previous versions.
Vulnerable version is Mozilla Firefox 3.0.11 and previous versions (and 3.5
should be also vulnerable).
Vulnerable version is Google Chrome 1.0.154.48 and previous versions (and
>
> With this exploit Firefox crashes, IE6 consumes resources of CPU and RAM,
> Opera freezes at that consumes resources of CPU and RAM, and Chrome
> crashes..
>
> Vulnerable version is Mozilla Firefox 3.0.11 and previous versions (and
> also
> Firefox 3.5).
>
> Vulnerable version is Internet Explorer 6 (6.0.2900.2180) and previous
> versions. And potentially next versions (IE7 and IE8).
-------------------------
Checked in WordPress 2.0.11, 2.6.2, 2.7, 2.8, 2.9.2, 3.0.1. Versions 2.0.
are not vulnerable, because they have not such functionality. Vulnerable to
different vulnerabilities are WordPress 2.6 - 3.0.1 and potentially previous
versions.
----------
Details:
----------
>> -----------------------------
>> Advisory: Vulnerability in CB Captcha for Joomla and Mambo
>> -----------------------------
>> URL: http://websecurity.com.ua/4087/
>> -----------------------------
>> Affected products: CB Captcha 1.0.2 and previous versions (developed by
>> Kotofeich), CB Captcha 2.2 and previous versions (developed by Beat).
>> -----------------------------
>> Timeline:
>> 17.03.2010 - found vulnerability.
>> 31.03.2010 - disclosed at my site.
During access to admin panel and if SMTP Service (Mercury Mail) is turned on
it's possible to send spam due to lack of protection from automated
requests.
Vulnerable are XAMPP 1.6.8 and previous versions. And potentially next
versions (including last version XAMPP 1.7.1).
-----------------------------
Advisory #6
-----------------------------
>>> -----------------------------
>>> Advisory: Vulnerability in CB Captcha for Joomla and Mambo
>>> -----------------------------
>>> URL: http://websecurity.com.ua/4087/
>>> -----------------------------
>>> Affected products: CB Captcha 1.0.2 and previous versions (developed by
>>> Kotofeich), CB Captcha 2.2 and previous versions (developed by Beat).
>>> -----------------------------
>>> Timeline:
>>> 17.03.2010 - found vulnerability.
>>> 31.03.2010 - disclosed at my site.
>>>
>>> http://websecurity.com.ua/uploads/2010/Firefox,%20IE,%20Chrome%20&%20Opera%20DoS%20Exploit2.html
>>>
>>> This exploit for news protocol works in Mozilla Firefox 3.0.19 (and
>>> besides
>>> previous versions, it must work in 3.5.x and 3.6.x), Internet Explorer 6
>>> (6.0.2900.2180), Internet Explorer 8 (8.0.7600.16385), Google Chrome
>>> 1.0.154.48 and Opera 9.52.
>>>
>>> In all mentioned browsers occurs blocking and overloading of the system
>>> from
Vulnerability in xamppsecurity.php.
http://websecurity.com.ua/uploads/2009/XAMPP%20XSS.html
Vulnerable are XAMPP 1.6.8 and previous versions. And potentially next
versions (including last version XAMPP 1.7.1).
-----------------------------
Advisory #2
-----------------------------
consumption (CPU and memory).
http://websecurity.com.ua/uploads/2010/Firefox,%20IE,%20Chrome%20&%20Opera%20DoS%20Exploit4.html
This exploit for wmk protocol works in Mozilla Firefox 3.0.19 (and besides
previous versions, it must work in 3.5.x and 3.6.x), Internet Explorer 6
(6.0.2900.2180), Google Chrome 1.0.154.48 and Opera 9.52.
For work of exploit the WebMoney Keeper Classic must be installed. In
browsers Firefox and IE occurs blocking and overloading of the system from
starting of WebMoney Keeper (also must work in IE8, but there was no
Location: javascript:alert%28document.cookie%29
The browser will show “Object Moved” page. At click on the link “here” the
code will execute in context of this site.
Vulnerable versions are Mozilla 1.7.x and previous versions.
Vulnerable versions are Firefox 3.0.13 and previous versions (and 3.5.x
should be also vulnerable).
As I wrote in my article Cross-Site Scripting attacks via redirectors
> -----------------------------
> Advisory: Vulnerability in CB Captcha for Joomla and Mambo
> -----------------------------
> URL: http://websecurity.com.ua/4087/
> -----------------------------
> Affected products: CB Captcha 1.0.2 and previous versions (developed by
> Kotofeich), CB Captcha 2.2 and previous versions (developed by Beat).
> -----------------------------
> Timeline:
> 17.03.2010 - found vulnerability.
> 31.03.2010 - disclosed at my site.
>>
>> http://websecurity.com.ua/uploads/2010/Firefox,%20IE,%20Chrome%20&%20Opera%20DoS%20Exploit2.html
>>
>> This exploit for news protocol works in Mozilla Firefox 3.0.19 (and
>> besides
>> previous versions, it must work in 3.5.x and 3.6.x), Internet Explorer 6
>> (6.0.2900.2180), Internet Explorer 8 (8.0.7600.16385), Google Chrome
>> 1.0.154.48 and Opera 9.52.
>>
>> In all mentioned browsers occurs blocking and overloading of the system
>> from
>> -----------------------------
>> Advisory: Vulnerability in CB Captcha for Joomla and Mambo
>> -----------------------------
>> URL: http://websecurity.com.ua/4087/
>> -----------------------------
>> Affected products: CB Captcha 1.0.2 and previous versions (developed by
>> Kotofeich), CB Captcha 2.2 and previous versions (developed by Beat).
>> -----------------------------
>> Timeline:
>> 17.03.2010 - found vulnerability.
>> 31.03.2010 - disclosed at my site.
At page http://site/xampp/adodb.php
cds where 1=0 union select version(),0,0,0
In field Selected table.
Vulnerable are XAMPP 1.6.8 and previous versions. And potentially next
versions (including last version XAMPP 1.7.1).
-----------------------------
Advisory #4
-----------------------------
Vulnerable are Firefox 3.0.12 and Opera, but without access to cookies (the
same as in case of refresh-header redirectors), because code executed not in
context of original site. It can be used for fishing and executing of
JavaScript code (for malware spreading).
Vulnerable version is Mozilla Firefox 3.0.12 and previous versions (and 3.5
should be also vulnerable).
Vulnerable version is Opera 9.52 and previous versions (and
potentially next versions too).
DoS:
http://websecurity.com.ua/uploads/2010/Firefox,%20IE,%20Chrome%20&%20Opera%20DoS%20Exploit2.html
This exploit for news protocol works in Mozilla Firefox 3.0.19 (and besides
previous versions, it must work in 3.5.x and 3.6.x), Internet Explorer 6
(6.0.2900.2180), Internet Explorer 8 (8.0.7600.16385), Google Chrome
1.0.154.48 and Opera 9.52.
In all mentioned browsers occurs blocking and overloading of the system from
starting of Opera, which appeared as news-client at my computer, and IE8
CaptchaSecurityImages.php is different).
Resulting list of affected software:
Affected products: MiniManager for Project MANGOS 0.15 and previous
versions, Land of Legends Manager, WoWCrackz MaNGOS.
Concerning vulnerabilities in HoloCMS (http://websecurity.com.ua/4068/) and
in addition to GunCMS and PhoenixCMS PHP Edition
(http://websecurity.com.ua/4075/):
>> -----------------------------
>> Advisory: Vulnerability in CB Captcha for Joomla and Mambo
>> -----------------------------
>> URL: http://websecurity.com.ua/4087/
>> -----------------------------
>> Affected products: CB Captcha 1.0.2 and previous versions
>> (developed by
>> Kotofeich), CB Captcha 2.2 and previous versions (developed by Beat).
>> -----------------------------
>> Timeline:
>> 17.03.2010 - found vulnerability.
> http://websecurity.com.ua/uploads/2010/Firefox,%20IE,%20Chrome%20&%20Opera%20DoS%20Exploit2.html
>
>
> This exploit for news protocol works in Mozilla Firefox 3.0.19 (and
> besides
> previous versions, it must work in 3.5.x and 3.6.x), Internet Explorer 6
> (6.0.2900.2180), Internet Explorer 8 (8.0.7600.16385), Google Chrome
> 1.0.154.48 and Opera 9.52.
>
> In all mentioned browsers occurs blocking and overloading of the
> system from
-----------------------------
Advisory: Vulnerability in CB Captcha for Joomla and Mambo
-----------------------------
URL: http://websecurity.com.ua/4087/
-----------------------------
Affected products: CB Captcha 1.0.2 and previous versions (developed by
Kotofeich), CB Captcha 2.2 and previous versions (developed by Beat).
-----------------------------
Timeline:
17.03.2010 - found vulnerability.
31.03.2010 - disclosed at my site.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3142
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3143
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3144
Description:
Previous versions of the python package are vulnerable to multiple
attacks, the most serious of which may allow an attacker to execute
arbitrary code.
Additionally, previous versions of the python package on rPath Linux 2
and rPath Appliance Platform Linux Service 2 did not provide the bsddb
IV. DETECTION
iDefense confirmed this vulnerability exists in version 12.0 of the
Macrovision InstallShield InstallScript One-Click Install ActiveX
Control. Previous versions of the control are reported to be vulnerable
to variations of this attack. Previous versions are known to use
different CLSIDs.
V. WORKAROUND
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0590
http://www.openssl.org/news/secadv_20090325.txt
Description:
Previous versions of OpenSSL were vulnerable to denial of
service (crash) that could be caused when SSL enabled
applications called the ASN1_STRING_print_ex function to print
a BMPString or UniversalString.
Additionally, previous versions of the OpenSSL package in rPath
Next Page>>
|
