Next Page >>
Revision History
Patched version : 1.8
Faulty source code : function node_process_command() in
zabbix_server/trapper/nodecommand.c
Changelog entry : fixed security vulnerability in server allowing remote
unauthenticated users to execute scripts
[Zabbix Server : Remote SQL execution]
Impacted software : Zabbix Server
Impact
Exploit
Workarounds
Obtaining Patched Software
Credits
Revision History
Summary
-------
Template Security has discovered a serious Denial of Service
Impact
Exploit
Workarounds
Obtaining Patched Software
Credits
Revision History
Summary
-------
Template Security has discovered a serious user input
Impact
Exploit
Workarounds
Obtaining Patched Software
Credits
Revision History
Summary
-------
Template Security has discovered a root privilege escalation
| http://downloads.digium.com/pub/security/AST-2009-007.pdf and |
| http://downloads.digium.com/pub/security/AST-2009-007.html |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Revision History |
|------------------------------------------------------------------------|
| Date | Editor | Revisions Made |
|------------------------+------------------+----------------------------|
| October 26, 2009 | Jeff Peeler | Initial release |
+------------------------------------------------------------------------+
http://www.caucho.com/resin-javadoc/com/caucho/jsf/integration/Mojarra12
InjectionProvider.html
15. http://192.9.76.37/Wiki.jsp?page=JavaServerFacesRI
Revision History:
1.0 Initial publication (2010-02-03)
1.1 Added information about IBM WebSphere and Caucho Resin
(2010-02-08)
About Trustwave:
Future updates of this advisory, if any, will be placed on Cisco's
worldwide website, but may or may not be actively announced on
mailing lists or newsgroups. Users concerned about this problem are
encouraged to check the above URL for any updates.
Revision History
================
+---------------------------------------+
| Revision | | Initial |
| 1.0 | 2009-August-26 | public |
mailing lists or newsgroups. Users concerned about this problem are
encouraged to check the above URL for any updates.
Revision History
================
+---------------------------------------+
| Revision | | Initial |
| 1.0 | 2011-October-26 | public |
| http://downloads.digium.com/pub/security/AST-2008-003.pdf and |
| http://downloads.digium.com/pub/security/AST-2008-003.html |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Revision History |
|------------------------------------------------------------------------|
| Date | Editor | Revisions Made |
|------------------+---------------------+-------------------------------|
| 2008-03-18 | Jason Parker | Initial Release |
+------------------------------------------------------------------------+
A stand-alone copy or Paraphrase of the text of this document that omits
the distribution URL in the following section is an uncontrolled copy,
and may lack important information or contain factual errors.
Revision History
================
+------------------------------------------------------------+
| Revision 1.0 | 2010-November-17 | Initial public release. |
+------------------------------------------------------------+
Using this technique any SSL traffic using the api.someotherdomain.com
certificate can be intercepted transparently to the end user if the
attacker is in control of the network.
Revision History:
08/12/11 - Vulnerability Disclosed
09/23/11 - Advisory Published
Remediation Steps:
This vulnerability has not been addressed at the time of this advisory.
Future updates of this advisory, if any, will be placed on Cisco's
worldwide website, but may or may not be actively announced on
mailing lists or newsgroups. Users concerned about this problem are
encouraged to check the above URL for any updates.
Revision History
================
+----------------------------------------+
| Revision | | Initial |
| 1.0 | 2009-September-23 | public |
vulnerable to any attacks nor does it mean that they consent to being used
in any vulnerability tests. The use of information in this report is
entirely at user's risk.
Revision History
================
August 18, 2011: Initial release
Because the “HttpOnly” flag is not set on the cookie, the cookie data is available from client-side JavaScript. The URL above injects a JavaScript image object within an XSS attack. The src method is then invoked on the Image object, and the URL passed to the object contains a URI-encoded version of the cookie data.
This will cause the victim’s browser to connect to the URL and attempt to fetch this image. Since the image does not exist, nothing will display on the victim’s browser. The attacker’s web server access logs will contain the victim’s cookie data, including the session identifier.
Using the victim’s session identifier, the attacker can send a specially-crafted HTTP request to the server that will result in an authentication bypass.
Revision History
1.0 November 11, 2009 – Initial advisory release
PGP Keys
This advisory has been signed with the PGP key of the SecureWorks Counter Threat Unit(SM), which is available for download at http://www.secureworks.com/contact/SecureWorksCTU.asc.
Future updates of this advisory, if any, will be placed on Cisco's
worldwide website, but may or may not be actively announced on mailing
lists or newsgroups. Users concerned about this problem are encouraged
to check the above URL for any updates.
Revision History
================
+------------------------------------------------------------+
| Revision 1.0 | 2009-February-04 | Initial public release. |
+------------------------------------------------------------+
vulnerable to any attacks nor does it mean that they consent to being used
in any vulnerability tests. The use of information in this report is
entirely at user's risk.
Revision History
================
March 11, 2008: Initial release
10/21/10 - Vendor contact attempted
11/1/10 - Vendor contact attempted
11/11/10 - CVE numbers obtained
11/12/10 - Advisory public release
Revision History:
1.0 Initial publication
About Trustwave:
Trustwave is the leading provider of on-demand and subscription-based
information security and payment card industry compliance management
A stand-alone copy or Paraphrase of the text of this document that
omits the distribution URL in the following section is an
uncontrolled copy, and may lack important information or contain
factual errors.
Revision History
================
+------------------------------------------------------------+
| Revision 1.0 | 2011-May-05 | Initial public release |
+------------------------------------------------------------+
Future updates of this advisory, if any, will be placed on Cisco's
worldwide website, but may or may not be actively announced on
mailing lists or newsgroups. Users concerned about this problem are
encouraged to check the above URL for any updates.
Revision History
================
+----------------------------------------+
| Revision | | Initial |
| 1.0 | 2009-September-23 | public |
| http://downloads.digium.com/pub/security/AST-2008-001.pdf and |
| http://downloads.digium.com/pub/security/AST-2008-001.html |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Revision History |
|------------------------------------------------------------------------|
| Date | Editor | Revisions Made |
|------------------+--------------------+--------------------------------|
| 2008-01-02 | Joshua Colp | Initial Release |
+------------------------------------------------------------------------+
Future updates of this advisory, if any, will be placed on Cisco's
worldwide website, but may or may not be actively announced on mailing
lists or newsgroups. Users concerned about this problem are encouraged
to check the above URL for any updates.
Revision History
================
+-------------------------------------------------------------+
| Revision 1.0 | 2008-January-23 | Initial public release |
+-------------------------------------------------------------+
| http://downloads.digium.com/pub/security/AST-2009-004.pdf and |
| http://downloads.digium.com/pub/security/AST-2009-004.html |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Revision History |
|------------------------------------------------------------------------|
| Date | Editor | Revisions Made |
|----------------+-----------------+-------------------------------------|
| 27 Jul, 2009 | Mark Michelson | Initial Draft |
|----------------+-----------------+-------------------------------------|
Future updates of this advisory, if any, will be placed on Cisco's
worldwide website, but may or may not be actively announced on
mailing lists or newsgroups. Users concerned about this problem are
encouraged to check the above URL for any updates.
Revision History
================
+---------------------------------------+
| Revision | | Initial |
| 1.0 | 2011-July-06 | public |
Future updates of this advisory, if any, will be placed on Cisco's
worldwide website, but may or may not be actively announced on
mailing lists or newsgroups. Users concerned about this problem are
encouraged to check the above URL for any updates.
Revision History
================
+---------------------------------------+
| Revision | | Initial |
| 1.0 | 2010-August-27 | public |
Future updates of this advisory, if any, will be placed on Cisco's
worldwide website, but may or may not be actively announced on
mailing lists or newsgroups. Users concerned about this problem are
encouraged to check the above URL for any updates.
Revision History
================
+---------------------------------------+
| Revision | | Initial |
| 1.0 | 2008-August-14 | public |
Future updates of this advisory, if any, will be placed on Cisco's
worldwide website, but may or may not be actively announced on
mailing lists or newsgroups. Users concerned about this problem are
encouraged to check the above URL for any updates.
Revision History
================
+---------------------------------------+
| Revision | | Initial |
| 1.0 | 2008-March-13 | public |
http://www.caucho.com/resin-javadoc/com/caucho/jsf/integration/Mojarra12
InjectionProvider.html
15. http://192.9.76.37/Wiki.jsp?page=JavaServerFacesRI
Revision History:
1.0 Initial publication (2010-02-03)
1.1 Added information about IBM WebSphere and Caucho Resin
(2010-02-08)
About Trustwave:
vulnerable to any attacks nor does it mean that they consent to being used
in any vulnerability tests. The use of information in this report is
entirely at user's risk.
Revision History
================
March 11, 2008: Initial release
Future updates of this advisory, if any, will be placed on Cisco's
worldwide website, but may or may not be actively announced on
mailing lists or newsgroups. Users concerned about this problem are
encouraged to check the above URL for any updates.
Revision History
================
+---------------------------------------+
| Revision | | Initial |
| 1.0 | 2009-July-28 | public |
| http://downloads.digium.com/pub/security/AST-2007-026.pdf and |
| http://downloads.digium.com/pub/security/AST-2007-026.html |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Revision History |
|------------------------------------------------------------------------|
| Date | Editor | Revisions Made |
|-----------------+------------------------+-----------------------------|
| 2007-11-29 | Tilghman Lesher | Initial release |
+------------------------------------------------------------------------+
Next Page>>
|
