Next Page >>
Web content
Advisory: Meditate Web Content Editor 'username_input' SQL-Injection vulnerability
Advisory ID: SSCHADV2011-039
Author: Stefan Schurtz
Affected Software: Successfully tested on Meditate 1.2
Vendor URL: http://www.arlomedia.com/
Vendor Status: fixed
==========================
Vulnerability Description
==========================
"Over 450 million Internet-enabled desktops have installed Adobe Shockwave
Player. These people now have access to some of the best the Web has to
offer
including dazzling 3D games and entertainment, interactive product
demonstrations, and online learning applications. Shockwave Player displays
Web content that has been created by Adobe Director." from Adobe.com
II. DESCRIPTION
---------------------
Exploitation of this vulnerability would require a user to open a
malicious media file, usually an AVI file; however, since the
vulnerability is in the streaming component of Microsoft Windows,
attacks can be launched from a malicious website or any application
that delivers Web content. In Windows Explorer, if the Web View Content
is enabled, which is the default setting, a single click will open the
malicious file in the preview pane and trigger the vulnerability. An
attacker can host a malicious AVI file and use social engineering
techniques to trick a user into visiting the site or to deliver the
hostile code to a user via e-mail, for example.
[Bug Summary]
- The lack of input validation on the sub-nick and textarea field for
- Ocultar texto das mensagens anteriores -
Windows Live Messenger allows attackers to bypass client-side security
mechanisms normally imposed on web content by modern browsers. An
attacker can gain elevated access privileges to sensitive
page-content, session cookies, and a variety of other information
maintained by the browser on behalf of the user.
[Impact]
"Over 450 million Internet-enabled desktops have installed Adobe Shockwave
Player. These people now have access to some of the best the Web has to
offer
including dazzling 3D games and entertainment, interactive product
demonstrations, and online learning applications. Shockwave Player displays
Web content that has been created by Adobe Director." from Adobe.com
II. DESCRIPTION
---------------------
II. DESCRIPTION
Remote exploitation of a memory corruption vulnerability in WebKit, as
included with multiple vendors' browsers, could allow an attacker to
execute arbitrary code with the privileges of the current user. Google
Chrome browsers to parse and render web content.
The vulnerability occurs when the a certain property of an HTML element
with a caption is reset via JavaScript code. When this occurs, a C++
object is incorrectly accessed after it has been freed. This results in
an attacker controlled value being used as a C++ VTABLE, which leads to
Several vulnerabilities have been discovered in OpenJDK, an
implementation of the Oracle Java platform.
CVE-2011-3377
The Iced Tea browser plugin included in the openjdk-6 package
does not properly enforce the Same Origin Policy on web content
served under a domain name which has a common suffix with the
required domain name.
CVE-2011-3563
The Java Sound component did not properly check for array
Authentication credentials with empty usernames, resulting
in potential Cross-Site Request Forgery attacks.
CVE-2008-1240
Gregory Fleischer discovered that web content fetched through
the jar: protocol can use Java to connect to arbitrary ports.
This is only an issue in combination with the non-free Java
plugin.
CVE-2008-1241
2. PRODUCT DESCRIPTION
Adobe Flash Player is the standard for delivering high-impact, rich
Web content. Designs, animation, and application user interfaces are
deployed immediately across all browsers and platforms, attracting and
engaging users with a rich Web experience.
3. VULNERABILITY DESCRIPTION
administration backend.
2. BACKGROUND
Geeklog is a PHP/MySQL based application for managing dynamic web content.
"Out of the box", it is a blog engine, or a CMS with support for
comments, trackbacks,
multiple syndication formats, spam protection, and all the other vital
features of such a system.
"Over 450 million Internet-enabled desktops have installed Adobe Shockwave
Player. These people now have access to some of the best the Web has to
offer
including dazzling 3D games and entertainment, interactive product
demonstrations, and online learning applications. Shockwave Player displays
Web content that has been created by Adobe Director." from Adobe.com
II. DESCRIPTION
---------------------
"Over 450 million Internet-enabled desktops have installed Adobe Shockwave
Player. These people now have access to some of the best the Web has to
offer
including dazzling 3D games and entertainment, interactive product
demonstrations, and online learning applications. Shockwave Player displays
Web content that has been created by Adobe Director." from Adobe.com
II. DESCRIPTION
---------------------
"Over 450 million Internet-enabled desktops have installed Adobe Shockwave
Player. These people now have access to some of the best the Web has to
offer
including dazzling 3D games and entertainment, interactive product
demonstrations, and online learning applications. Shockwave Player displays
Web content that has been created by Adobe Director." from Adobe.com
II. DESCRIPTION ---------------------
VUPEN Vulnerability Research Team discovered four critical vulnerabilities
affecting
###################################################################################
####################
1. Description:
####################
eLineStudio Site Composer is a 100% browser-based database-driven content management system that helps companies to better manage, update & share web content. eLineStudio Site Composer provides affordable & flexible licensing for end users & web developers.
####################
2. Vulnerabilities:
####################
2.1. Injection Flaws, Cross Site Scripting (XSS). SQL Injection in "/ansFAQ.asp" in "id" parameter. Reflected XSS attack in "/ansFAQ.asp" in "topic" and "button" parameters.
2.1.1. Exploit:
###################################################################################
####################
1. Description:
####################
Pooya site builder (psb) is an easy to use database driven web content management and security management system. It allows you to create, edit & web content instantly using just a browser, psb provides all essential feature you need for running your own business websites (you can even use it for large websites, without the complexity of unused functions).
####################
2. Vulnerabilities:
####################
2.1. Injection Flaws. SQL Injection in "/utils/getXsl.aspx" in "xslIdn" parameter.
using a certain non-Ubuntu font. If a user configured Firefox to use this
font, an attacker could exploit this to spoof the location bar, such as in
a phishing attack. (CVE-2009-3078)
It was discovered that the BrowserFeedWriter in Firefox could be subverted
to run JavaScript code from web content with elevated chrome privileges.
If a user were tricked into viewing a malicious website, an attacker could
exploit this to execute arbitrary code with the privileges of the user
invoking the program. (CVE-2009-3079)
transLucid - Cross Site Scripting and HTML Injection Vulnerabilities
Version Affected: 1.75 (newest)
Info: transLucidonline is the easy website publishing system with which anyone can create and maintain web content, in multiple languages and based on a growing list of ready-made, professional layouts.
Credits: InterN0T (macd3v and MaXe)
External Links:
http://www.pantha.net/
"Over 450 million Internet-enabled desktops have installed Adobe Shockwave
Player. These people now have access to some of the best the Web has to
offer
including dazzling 3D games and entertainment, interactive product
demonstrations, and online learning applications. Shockwave Player displays
Web content that has been created by Adobe Director." from Adobe.com
II. DESCRIPTION
---------------------
Security researcher regenrecht reported via TippingPoint's Zero Day
Initiative that appendChild did not correctly account for DOM objects
it operated upon and could be exploited to dereference an invalid
pointer (CVE-2011-2378).
Mozilla security researcher moz_bug_r_a4 reported that web content
could receive chrome privileges if it registered for drop events and a
browser tab element was dropped into the content area (CVE-2011-2984).
Security researcher Mitja Kolsek of Acros Security reported that
ThinkPadSensor::Startup could potentially be exploited to load a
Authentication credentials with empty usernames, resulting
in potential Cross-Site Request Forgery attacks.
CVE-2008-1240
Gregory Fleischer discovered that web content fetched through
the jar: protocol can use Java to connect to arbitrary ports.
This is only an issue in combination with the non-free Java
plugin.
CVE-2008-1241
incorrect file when opening it. Since this attack requires local
access to the victim's machine, the severity of this vulnerability
was determined to be low (CVE-2009-3274).
Security researcher Paul Stone reported that a user's form history,
both from web content as well as the smart location bar, was vulnerable
to theft. A malicious web page could synthesize events such as mouse
focus and key presses on behalf of the victim and trick the browser
into auto-filling the form fields with history entries and then
reading the entries (CVE-2009-3370).
Firefox for SSL Client Authentication allowed for users to be tracked
via their client certificate. The default has been changed to prompt
the user each time a website requests a client certificate.
(CVE-2007-4879)
Gregory Fleischer discovered that web content fetched via the jar
protocol could use Java LiveConnect to connect to arbitrary ports on
the user's machine due to improper parsing in the Java plugin. If a
user were tricked into opening malicious web content, an attacker may be
able to access services running on the user's machine. (CVE-2008-1195,
CVE-2008-1240)
Do not perform administrative access of security management consoles from computers exposed to the Internet through web browsing, email, and other applications. Lock down and heavily monitor systems used to perform administrative tasks such as accessing security management consoles.
Details
User-controllable input supplied by the “iaction” and “node” parameters to the “Login.jsp” page is not properly sanitized for invalid or malicious content prior to being returned to the user in dynamically generated web content. This condition may aid an attacker in retrieving session cookies, stealing recently submitted data, or launching further attacks.
SecureWorks Risk Scoring
Likelihood: 2 – Best practice is to deploy the management console web application on a segmented management network.
Impact: 5 – Control over security appliances managed by the management console.
########################################################
-=[Description]=-
ar web content manager is a free web contemts management system (cms) built with php , mysql , css , javascript , css to allow you to manage your website easily and fast.
it contains many main categories such as (videos, topics, sounds, photo gallery.
########################################################
-=[VUln Code]=-
3. *Vulnerability Description*
Autodesk 3D Studio Max [2] is a modeling, animation and redering
package widely used for video game , film , multimedia and web content
developement. The software provides a built-in scripting language,
allowing users to bind custome code to actions performed in the
applciation. Execution of scripting code does not require explicit
permission from the user. This mechanim can be exploited by an
attacker to execute arbitrary code by enticing a victim to open .max
:
: ########################################################
:
: -=[Description]=-
:
: ar web content manager is a free web contemts management system (cms) built with php , mysql , css , javascript , css to allow you to manage your website easily and fast.
: it contains many main categories such as (videos, topics, sounds, photo gallery.
:
: ########################################################
:
: -=[VUln Code]=-
control.
Attacker-supplied HTML or JavaScript code could run in the context of
the affected site, potentially allowing an
attacker to steal cookie-based authentication credentials, control how
the site is rendered to the user, and
influence or misrepresent how web content is served, cached, or
interpreted. Other attacks are also possible.
* Peter Brodersen and Alexander Klink reported that the browser
automatically selected and sent a client certificate when SSL Client
Authentication is requested by a server (CVE-2007-4879).
* Gregory Fleischer reported that web content fetched via the "jar:"
protocol was not subject to network access restrictions
(CVE-2008-1240).
The following vulnerabilities were reported in Firefox:
Authentication credentials with empty usernames, resulting
in potential Cross-Site Request Forgery attacks.
CVE-2008-1240
Gregory Fleischer discovered that web content fetched through
the jar: protocol can use Java to connect to arbitrary ports.
This is only an issue in combination with the non-free Java
plugin.
CVE-2008-1241
. 2009-04-23:
Core also suggests some mitigation actions to prevent the exploitation
of this flaw. For example, by explicitly constraining 'file://127.0.0.1'
to a given zone (i.e. Intranet) and then disabling "Websites in less
privileged web content zone can navigate into this zone" for that zone.
. 2009-04-24:
MSRC notifies that it would be possible to bypass the suggested
workaround if a malicious site had its domain name resolve to 127.0.0.1
since Zone determination does not depend on name resolution.
Next Page>>
|
