Next Page >>
Vulnerability Description
# [#] Greetz: sHoKeD-bYte, syst0x1c & r00tDefaced Members #
##################################################################
#
# [1]-Cross Site Scripting
#
# Vulnerability Description:
# Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications which allow code #injection by malicious web users into the web pages viewed by other users.
#
# Affected items:
# http://127.0.0.1/community/thread.php?start=[XSS]
# http://127.0.0.1/community/thread.php?forum=[XSS]
Locally Exploitable: No
Bugtraq ID: N/A
CVE Name: CVE-2010-1186
3. *Vulnerability Description*
An XSS[1] vulneravility has been discovered in NextGEN Gallery[2], a
very popular and commonly used plugin for the Wordpress content
management system commonly found as a blogging platform. This
vulnerability results from reflected unsanitized imput that can be
Locally Exploitable: No
CVE Name: CVE-2011-1511
3. *Vulnerability Description*
Built using the GlassFish Server Open Source Edition, Oracle GlassFish
Server delivers a flexible, lightweight and extensible Java EE 6
platform. It provides a small footprint, fully featured Java EE
application server that is completely supported for commercial
Affected Software: Successfully tested on VertrigoServ 2.25
Vendor URL: http://vertrigo.sourceforge.net/
Vendor Status: informed
==========================
Vulnerability Description
==========================
VertrigoServ 2.25 'ext' parameter is prone to a Cross-site-Scripting vulnerability
==================
Affects: TFTPUtil GUI versions 1.2.0 and 1.3.0
Fixed in: 1.4.0
Risk: Medium
Vulnerability Description: TFTPUtil GUI versions 1.2.0 and 1.3.0 are prone to a directory-traversal vulnerability because it fails to sanitize TFTP GET requests. By using a specially crafted TFTP GET request an attacker is capable of retrieving files outside of the TFTP root directory.
Impact: The ability to obtain files outside of the TFTP root directory may allow an attacker to obtain more information about the underlying operating system and applications running on the host.
Keywords: security, vulnerability, tftp, directory traversal, princeofnigeria, gui, windows, server
Locally Exploitable: No
Bugtraq ID: 31061
CVE Name: CVE-2008-3950
3. *Vulnerability Description*
Apple Safari is the default web browser included on Apple iPhone. A
vulnerability has been found on the 'WebKit' library used by Safari
inside iPhone. By inserting a special string on the 'alert()' JavaScript
method, it's possible to crash Safari via an outbound memory read
extensible blogging engine written in PHP by Edoardo Vacchi.
Website: http://www.flatpress.org
Vulnerability Description
-------------------------
The versions 0.804 through 0.812.1 are resulting to be prone to a nasty
LFI vulnerability which can be exploited to have RCE (Remote Command
Execution). The piece of code involved is in the
fp-includes/core/core.users.php directory in the user_get() function
Discovered By
-------------
Digital Defense, Inc. Vulnerability Research Team
Credit: Corey LeBleu and r@b13$
Vulnerability Description
-------------------------
The iPhone Configuration Web Utility allows centralized management of iPhone configuration settings. The iPhone Configuration Web Utility 1.0 for Windows web interface is vulnerable to a common web directory traversal attack. Successful exploitation will result in arbitrary read-only file access outside of the iPhone Configuration Web Utility 1.0 web root.
Solution Description
--------------------
Solutionary ID: SERT-VDN-1012
Solutionary public disclosure URL: http://www.solutionary.com/index/SERT/Vuln-Disclosures/NetSaro-Enterprise-Messenger-Source-Code.html
Vulnerability Description: A vulnerability exists in the NetSaro Enterprise Messenger Server Administration Console allowing a remote attacker to obtain unauthenticated access to the applications source code. Attackers may make HTTP GET requests and append a Null Byte to allow download of the source code for the applications web pages. An attacker does not need to authenticate to obtain access to source code for pages that usually require authentication prior to viewing. More information about this class of vulnerability can be obtained by visiting: http://cwe.mitre.org/data/definitions/158.html - Improper Neutralization of Null Byte of NUL Character – CWE 158
Affected software versions: NetSaro Enterprise Messenger Server v2.0 (previous versions may also be vulnerable)
Impact: Attackers may be able to obtain access to the source code of the application and use information found in the source code to conduct further attacks against the application.
Locally Exploitable: No
Bugtraq ID: 28007
CVE Name: CVE-2008-0984
*Vulnerability Description*
VLC player [1] is an open-source popular multimedia player for various
audio and video formats, and various streaming protocols. It can also be
used as a server to stream in unicast or multicast in IPv4 or IPv6 on a
high-bandwidth network.
Vendor URL: http://sourceforge.net/projects/siteatschool/
Vendor Status: insecure and no longer maintained
CVE-ID: -
==========================
Vulnerability Description:
==========================
Site@School is prone to multiple SQL Injection and XSS vulnerabilities
==================
Discovered By
-------------
Digital Defense, Inc. Vulnerability Research Team
Credit: David Marshall and r@b13$
Vulnerability Description
-------------------------
NetMRI contains a cross-site scripting (XSS) issue whereby portions of the GET request are echoed back in an error page. This allows scripting tags to be executed by the browser to perform XSS attacks. Such an attack would require convincing a user to click on a specially crafted link.
Solution Description
--------------------
Locally Exploitable: No
Bugtraq ID: 30585
CVE Name: CVE-2008-1448
*Vulnerability Description*
Internet Explorer introduces the concept of URL Security Zones, which
basically define a set of privileges for web applications (such as, for
example, accessing and/or modifying the local computer files) depending
on their level of trustworthiness.
against viruses, Trojan horse programs, worms, and other threats, including
network viruses and rootkits. It also blocks spyware, hackers, phishing
fraud attempts, and unwanted Web sites. It can filter your email messages
for spam as well.
---[ Vulnerability Description ]
Positive Technologies Research Team has discovered multiple priviliege
escalation vulnerabilities in Trend Micro products.
The IOCTL handler in tmactmon.sys uses the METHOD_NEITHER communication
Remotely Exploitable: Yes
Locally Exploitable: No
CVE Name: CVE-2011-1516
3. *Vulnerability Description*
Several of the default pre-defined sandbox profiles don't properly
limit all the available mechanisms and therefore allow exercising part
of the restricted functionality. Namely, sending Apple events is
possible within the no-network sandbox (kSBXProfileNoNetwork). A
=========================
WinRAR v3.80 is prone to a Filename Spoofing contained inside a
malformed .ZIP file.
II. Vulnerability Description:
==============================
ZIP File Spoofing can be done by to a mismatch of file name in the
file list in WinRAR GUI shell and in extracted file. A real
exploitation of this issue is in the following scenario: When a user
opens the malformed file using WinRAR v3.80 will see filename
Bugtraq ID: 37708
CVE Name: CVE-2010-0280
3. *Vulnerability Description*
Google SketchUp is a 3D modeling program designed for architects, civil
engineers, filmmakers, game developers, and related professions. Google
SketchUp bundles an old version of 'lib3ds', a library used to process
3DS files. This library is being compiled in a way that leads to
---[ Software Description ]
BLOG CMS is a content management system (CMS) software, usually implemented as a Web application, for creating and managing HTML content. It is used to manage and control a large, dynamic collection of Web material (HTML documents and their associated images).
---[ Vulnerability Description ]
Positive Technologies Research Team has discovered a Cross-Site Scripting (XSS) vulnerability in BLOG CMS.
User input passed to certain parameter is not properly sanitized. This can be exploited to inject malicious code and allows to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Vulnerability details are not disclosed.
Affects: NetDecision TFTP Server 4.2
Fixed in: N/A
Risk: MEDIUM
Vulnerability Description: NetDecision TFTP Server 4.2 is prone to a directory-traversal vulnerability because it fails to sanitize TFTP GET and PUT requests. By using a specially crafted TFTP request an attacker is capable of putting (PUT) and retrieving (GET) files outside of the TFTP root directory.
Impact: The ability to PUT and GET files outside of the TFTP root directory may allow an attacker to obtain more information about the underlying operating system and applications running on the host. Additionally, malicious code can be uploaded to the host operating system.
[--Background--]
Locally Exploitable: Yes
Bugtraq ID: None currently assigned
CVE Name: None currently assigned
*Vulnerability Description*
CORE FORCE is the first community oriented security solution for personal
computers that provides a comprehensive endpoint security solution for
Windows 2000 and Windows XP systems.
Date Discovered
---------------
1/29/2008
Vulnerability Description
-------------------------
The default installation of the PacketTrap PT360 Tool Suite Version 1.1.33.1.0 TFTP server component is susceptible to denial of service condition. A remote or local attacker can exploit this flaw by sending a specially crafted packet to the TFTP server. Successful exploitation of this flaw will cause the TFTP server process to crash. The TFTP server will need to be restarted to resume normal TFTP server operations.
Solution Description
--------------------
Affected Software: Successfully tested on Serendipity 1.6
Vendor URL: http://www.s9y.org
Vendor Status: fixed
==========================
Vulnerability Description:
==========================
The Serendipity backend is prone to a Cross-Site Scripting and SQL-Injection vulnerability.
==================
Locally Exploitable: Yes
Bugtraq ID: 27441
CVE Name: CVE-2008-0486
*Vulnerability Description*
The MPlayer package [1] is vulnerable to a buffer overflow attack, which
can be exploited by malicious remote attackers. The vulnerability is due
to MPlayer not properly sanitizing certain tags on a FLAC file before
using them to index an array on the stack. This can be exploited to
Locally Exploitable: No
CVE Name: CVE-2011-0615
3. *Vulnerability Description*
Adobe Audition is a digital audio workstation software for Windows that
was originally developed by Syntrillium as Cool Edit Pro, and acquired
by Adobe in 2003. The software allows user to do multitrack audio mixing
and editing and supports storing of multitrack audio using a session
Vendor URL: http://www.adaptcms.com/
Vendor Status: fixed
CVE-ID: -
==========================
Vulnerability Description:
==========================
AdaptCMS 2.0.1 is prone to multiple security vulnerabilities
==================
Locally Exploitable: No
Bugtraq ID: N/A
CVE Name: CVE-2009-2533, CVE-2009-2534
3. *Vulnerability Description*
Helix Server is a multi-format cross-platform streaming server. Two
vulnerabilities have been found, that could allow a remote attacker to
crash the Helix Server.
1. Overview
Tortoise SVN is vulnerable to Windows DLL Hijacking Vulnerability. Version 1.6.10, Build 19898 (latest available on 30th August 2010 was tested) is vulnerable.
2. Vulnerability Description
Tortoise SVN passes insufficiently qualified path for the dll "dwmapi.dll" while opening a file using TortoiseProc
Timeline
30-08-2010 - Discovered Vulnerability
30-08-2010 - Informed the developers
30-08-2010 - Response from developers (in 25 minutes)
Locally Exploitable: No
Bugtraq ID: 34150, 34152, 34153
CVE Name: N/A
3. *Vulnerability Description*
Several vulnerabilities have been discovered in Sun Java System Calendar
Express web server [1]. First, an attacker can crash the web server
creating a Denial of Service condition by simply requesting certain URL
twice. Second, several Cross-site scripting vulnerabilities [2], [3]
Locally Exploitable: No
Bugtraq ID: N/A
CVE Name: N/A
*Vulnerability Description*
The Borland Interbase 2007 database server [1] is vulnerable to an
integer overflow when a malformed packet is sent to the default TCP port
3050. The integer overflow can cause a stack overflow, which allows
arbitrary code execution with system privileges.
Affected Software: v4.0,build0245,101208 (MR1 Patch 2)
Vendor URL: http://www.fortinet.com/
Vendor Status: informed
==========================
Vulnerability Description:
==========================
The Fortinet "FortiMail Messaging Security Appliance" is prone to a XSS vulnerability
==================
Next Page>>
|
