Next Page >>
RSS feed
Advisory: IceWarp WebMail Server: User-assisted Cross Site Scripting in
RSS Feed Reader
During a penetration test, RedTeam Pentesting discovered that the
IceWarp WebMail Server is prone to user-assisted Cross Site Scripting
attacks in its RSS feed reader. If attackers control or compromise an
RSS feed users are subscribed to, they can run arbitrary JavaScript code
in the users' browsers by embedding it within the feed.
Hi,
This is a cross-zone scripting vulnerability.
FeedReader uses the IE browser control to render HTML.
The RSS reader converts the RSS item data to a formatted HTML file and
caches it locally.
When the user clicks on the RSS item, the RSS reader displays the local
cached file, and any script in that file (or external references) will run
in Local Zone.
Therefore, an attacker can create/manipulate an RSS feed that will execute
== Overview ==
SugarCRM Community Edition is vulnerable to local file contents
disclosure.
This vulnerability can be exploited by a malicious user to disclose
potentially sensitive information. The flaw is caused due to a lack of
input filtering in the SugarCRM RSS module, which can be exploited
to disclose the content of local files.
The RSS module allows SugarCRM users to add RSS feeds to their personal
RSS list. The application expects an URL value pointing to a valid RSS
feed.
Title : FeedDemon Buffer OverFlow Vulnerability
1. General Information
FeedDemon is known as the most popular Windows RSS Reader which allows users
to view and manage easily RSS feeds from their desktop. In January 2009,
SVRT-BKIS detected a buffer overflow vulnerability in this software. Taking
advantage of this flaw, hackers can perform remote attacks, install viruses,
steal private information, and even take control of users' systems. We have
sent the alert to the manufacturer.
Microsoft Windows Vista Sidebar RSS Feeds Gadget Cross Site Scripting
Vulnerability
iDefense Security Advisory 08.14.07
http://labs.idefense.com/intelligence/vulnerabilities/
Aug 14, 2007
I. BACKGROUND
The Vista sidebar is a desktop extension that allows the user to keep a
IBM Lotus Notes 8.5 RSS Widget Privilege Escalation
scip AG Vulnerability ID 4021 (09/08/2009)
http://www.scip.ch/?vuldb.4021
I. INTRODUCTION
Lotus Notes is a client-server, collaborative application developed and
sold by IBM Software Group.
Hijacking Opera's Native Page using malicious RSS payloads
----------------------------------------------------------------------------
---------
For complete post (with images), please visit -
http://securethoughts.com/2009/10/hijacking-operas-native-page-using-malicio
us-rss-payloads/
Well, this one is a continuation of my previous post on Cross Site Scripting
issues relating to RSS feed readers. In that post, I mentioned Scenario (3),
but didn't discuss any details or PoC since Opera Team was actively fixing
<?php
/*
Bitweaver <= 2.6 /boards/boards_rss.php / saveFeed() remote code execution exploit
by Nine:Situations:Group::bookoo
php.ini independent
site: http://retrogod.altervista.org/
software site: http://www.bitweaver.org/
Source: http://www.int21.de/cve/CVE-2007-6205-s9y.html
Cross site scripting (XSS) in rss feed plugin of Serendipity 1.2
References
http://www.s9y.org/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6205
Description
The Serendipity blog system contains a plugin to display the content of feeds
Exploiting Chrome and Opera’s inbuilt ATOM/RSS reader with Script Execution
and more
----------------------------------------------------------------------------
---------
For complete post (with images), please visit -
http://securethoughts.com/2009/09/exploiting-chrome-and-operas-inbuilt-atomr
ss-reader-with-script-execution-and-more/
=============================================
SECURETHOUGHTS.COM ADVISORY
FLOCK-SA-2010-02
http://flock.com/security/
Title: A malicious RSS feed can bypass cross origin
protection (XSS)
Impact: High
Announced on: 2010-09-09
127# apachectl restart
/usr/local/sbin/apachectl restart: httpd restarted
127# ps -aux -U www
USER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME COMMAND
www 6361 0.0 0.5 18676 14248 ?? S 4:01AM 0:00.00 /usr/local/sbin/httpd
www 6362 0.0 0.5 18676 14248 ?? S 4:01AM 0:00.00 /usr/local/sbin/httpd
www 6363 0.0 0.5 18676 14248 ?? S 4:01AM 0:00.00 /usr/local/sbin/httpd
www 6364 0.0 0.5 18676 14248 ?? S 4:01AM 0:00.00 /usr/local/sbin/httpd
www 6365 0.0 0.5 18676 14248 ?? S 4:01AM 0:00.00 /usr/local/sbin/httpd
netVigilance Security Advisory #53
SAXON version 5.4 Multiple Path Disclosure Vulnerabilities
Description:
SAXON is a simple accessible online news publishing system for personal and small corporate site owners. Publish news, using configurable templates, on any .php page on your site. Publish news on a 'per author' basis. Edit and/or delete existing news items. Create multiple RSS news feeds automatically (RSS 0.9, RSS 2.0 and Atom). Post date news items for later public release. Multiple authors allowed. Ability to configure users as Standard or Administrators. Ability to add/delete users (Administrators only). Option to change any user password (Administrators only). Template creation/deletion/amendment interface. Online setup and configuration.
External References:
Mitre CVE: CVE-2007-4861
NVD NIST: CVE-2007-4861
OSVDB: Unassigned
+-----------+
|Description|
+-----------+
The Feed Sidebar Firefox extension will generate a
preview of any RSS item, from feeds you have currently
subscribed to. Security-Assessment.com discovered
that Feed Sidebar is vulnerable to multiple injection
vulnerabilities which can be exploited through a
malicious RSS feed. Cross-Site Scripting and HTML
injection vulnerabilities were discovered within the
'=.|w|.='
_='`"``=.
presents..
WizzRSS Firefox Extension Code Injection Vulnerability
Versions affected: WizzRSS Reader < 3.1.0.0
WizzRSS Reader Lite < 3.0.0.9b
+-----------+
===== noXSS.org Security Advisory ======
Advisory: WordPress XSS vulnerability in RSS Feed Generator
Author: Jeremias Reith <jr@noxss.org>
Published: 2008/11/25
Affected: WordPress < 2.6.5
Summary
=======
Hello,
I have found a Cross Site Scripting vulnerability in MagpieRSS, an RSS parser written in PHP, basically, this piece of software enables users to add their own RSS feeds to be parsed, so they can keep up to date with their favourite feeds, as well as the pre-defined ones.
I crafted my own RSS feed, which contains XSS inside the CDATA.
Here is the XML file I used: http://www.elites0ft.com/poc.xml
If for example, I ask a user to subscribe to my feed, after disguising it as a real feed, I then go and update it with malicious content, the RSS parser will then parse the updated content and the user will end up loading an Iframe with a cookie stealer inside.
##################################################################################################
plugin Rss Remote File Inclusion Vulnerability
Ghost Hacker, http://gh0st10.wordpress.com
|, .-. .-. ,|
| )(_o/ \o_)( | R-H team
|/ /\ \|
##################################################################################################
[~] Found by : Ghost Hacker
[~] HomePage : real-hack.net
tags. This data can be useful when testing poorly implemented Cross-site Scripting
blacklist filters, for those wishing to build an html white list system, as well as
other uses.
WASC is actively seeking volunteers from various sections of the community including
penetration testers, security researchers, and developers to contribute to this project.
If you would like to be involved with the project or if you have comments about the
results, test cases etc., please contact Romain Gaucher ( r@rgaucher.info)
Regards,
Join us on IRC: irc.freenode.net #webappsec
Have a question? Search The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/archive/
Subscribe via RSS:
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA
netVigilance Security Advisory #54
SAXON version 5.4 XSS Attack Vulnerability
Description:
SAXON is a simple accessible online news publishing system for personal and small corporate site owners. Publish news, using configurable templates, on any .php page on your site. Publish news on a 'per author' basis. Edit and/or delete existing news items. Create multiple RSS news feeds automatically (RSS 0.9, RSS 2.0 and Atom). Post date news items for later public release. Multiple authors allowed. Ability to configure users as Standard or Administrators. Ability to add/delete users (Administrators only). Option to change any user password (Administrators only). Template creation/deletion/amendment interface. Online setup and configuration.
Successful exploitation requires PHP register_globals set to On and magic_quotes_gpc set to Off.
External References:
Mitre CVE: CVE-2007-4862
NVD NIST: CVE-2007-4862
> Join us on IRC: irc.freenode.net #webappsec
>
> Have a question? Search The Web Security Mailing List Archives:
> http://www.webappsec.org/lists/websecurity/archive/
>
> Subscribe via RSS:
> http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
>
> To unsubscribe email websecurity-unsubscribe@webappsec.org and reply to
> the confirmation email
>
> Join us on IRC: irc.freenode.net #webappsec
>
> Have a question? Search The Web Security Mailing List Archives:
> http://www.webappsec.org/lists/websecurity/archive/
>
> Subscribe via RSS:
> http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
>
> Join WASC on LinkedIn
> http://www.linkedin.com/e/gis/83336/4B20E4374DBA
>
Join us on IRC: irc.freenode.net #webappsec
Have a question? Search The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/archive/
Subscribe via RSS:
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
To unsubscribe email websecurity-unsubscribe@webappsec.org and reply to
the confirmation email
Join us on IRC: irc.freenode.net #webappsec
Have a question? Search The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/archive/
Subscribe via RSS:
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA
Join us on IRC: irc.freenode.net #webappsec
Have a question? Search The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/archive/
Subscribe via RSS:
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA
Join us on IRC: irc.freenode.net #webappsec
>>
Have a question? Search The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/archive/
>>
Subscribe via RSS: http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
>>
Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA
>>
>>
> Join us on IRC: irc.freenode.net #webappsec
>
> Have a question? Search The Web Security Mailing List Archives:
> http://www.webappsec.org/lists/websecurity/archive/
>
> Subscribe via RSS:
> http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
>
> Join WASC on LinkedIn
> http://www.linkedin.com/e/gis/83336/4B20E4374DBA
>
Join us on IRC: irc.freenode.net #webappsec
Have a question? Search The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/archive/
Subscribe via RSS:
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
It was discovered that CUPS didn't properly handle adding a large number of RSS
subscriptions. A local user could exploit this and cause CUPS to crash, leading
to a denial of service. This issue only applied to Ubuntu 7.10, 8.04 LTS and
8.10. (CVE-2008-5183)
It was discovered that CUPS did not authenticate users when adding and
Next Page>>
|
