Next Page >>
application
------------------------------------------------------------------------
Office arbitrary ClickOnce application execution vulnerability
------------------------------------------------------------------------
Yorick Koster, June 2010
------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
A logic flaw has been found in the way .NET grants permissions to
ClickOnce applications. Combined with relaxed security warnings when
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory: Multiple Vulnerabilities in the Cisco ACE
Application Control Engine Module and Cisco ACE 4710 Application
Control Engine
Document ID: 109450
Advisory ID: cisco-sa-20090225-ace
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory: Multiple Vulnerabilities in the Cisco ACE
Application Control Engine Module and Cisco ACE 4710 Application
Control Engine
Advisory ID: cisco-sa-20100811-ace
Revision 1.0
- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Advisory Name: WebLogic Plugin HTTP Injection via Encoded URLs
Release Date: 2010-07-13
Application: WebLogic Plugin
Versions: All known versions
Severity: High
Discovered by: Timothy D. Morgan < tmorgan (at) vsecurity {dot} com >
Contributors: George D. Gal < ggal {at} vsecurity (dot) com >
Vendor Status: Patch Released [4]
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Advisory Name: Multiple Cisco CSS / ACE Client Certificate and HTTP Header
Manipulation Vulnerabilities
Release Date: 2010-07-02
Application: Cisco Content Services Switch (CSS) / ACE Products
Versions: Cisco CSS 11500 - 08.20.1.01
Cisco ACE 4710 - Version A3(2.5) [build 3.0(0)A3(2.5)
(Other versions may be affected)
Severity: High (in specific configurations)
Author: George D. Gal <ggal (a) vsecurity . com>
CVE Name: CVE-2008-1035 CVE-2008-2006 CVE-2008-2007
*Vulnerability Description*
iCal is a personal calendar application from Apple Inc. included on the
Mac OS X operating system. The calendar application can be used as a
stand-alone application or as a client-side component to calendar server
that lets users create and share multiple calendars and subscribe to
other user's calendars. Apple's iCal uses the iCalendar standard for its
calendar file format (which uses the '.ics' filename extension) [1] and
CVE Name: CVE-2008-1035 CVE-2008-2006 CVE-2008-2007
*Vulnerability Description*
iCal is a personal calendar application from Apple Inc. included on the
Mac OS X operating system. The calendar application can be used as a
stand-alone application or as a client-side component to calendar server
that lets users create and share multiple calendars and subscribe to
other user's calendars. Apple's iCal uses the iCalendar standard for its
calendar file format (which uses the '.ics' filename extension) [1] and
Hash: SHA1
Core Security Technologies - CoreLabs Advisory
http://corelabs.coresecurity.com/
IBM WebSphere Application Server Cross-Site Request Forgery
1. *Advisory Information*
Title: IBM WebSphere Application Server Cross-Site Request Forgery
requests.
Java Servlets provide a filter component which can dynamically intercept
requests and responses to transform information contained in the
requests or responses[1]. Servlet filters are often recommended as an
effective way to perform input validation in Java web applications due
to the centralized nature and little modifications required to the
application's code.
Open Web Application Security Project (OWASP) has developed Stinger,
which aims to provide a centralized input validation component which can
Trustwave's SpiderLabs Security Advisory TWSL2011-006:
IBM Web Application Firewall Bypass
https://www.trustwave.com/spiderlabs/advisories/TWSL2011-006.txt
Published: 2011-06-21
Version: 1.0
Vendor: IBM
Product: IBM Web Application Firewall
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory: Cisco Application Extension Platform Privilege
Escalation Vulnerability
Advisory ID: cisco-sa-20100609-axp
Revision 1.0
Version: SUPERAntiSpyware 4.34.1000 (18 Feb
2010) or older
Super Ad Blocker 4.6.1000 (not
updated since 2007, pre-release exists) or older
Platform: Windows XP and later
Components affected: Device drivers in both applications
Remote: No
Local: Yes
Vulnerability type: DoS, Privilege Escalation
Multiple Vulnerabilities In .FLAC File Format and Various Media
Applications
Release Date:
November 15, 2007
Date Reported:
September 28, 2007 (Vendor Reporting Coordination Began With US-CERT)
Severity:
1 Background
============
Android applications are executed in a sandbox environment, to ensure that no
application can access sensitive information held by another, without adequate
privileges. For example, The Browser application holds sensitive information
such as cookies, cache and history, and this cannot be accessed by third-party
apps, while the Google Talk application stores contacts and conversations. An
android app may request specific privileges during its installation; if granted
by the user, the app's capabilities are extended.
Short name:
iPhone Safari phone-auto-dial (vulnerability)
Vulnerability class:
application logic bug
Executive Summary:
A malicious website can initiate a phone call without the need of user
interaction. The destination phone number is chosen by the attacker.
>
>Short name:
> iPhone Safari phone-auto-dial (vulnerability)
>
>Vulnerability class:
> application logic bug
>
>Executive Summary:
> A malicious website can initiate a phone call without the need of user
> interaction. The destination phone number is chosen by the attacker.
>
>>
>> Short name:
>> iPhone Safari phone-auto-dial (vulnerability)
>>
>> Vulnerability class:
>> application logic bug
>>
>> Executive Summary:
>> A malicious website can initiate a phone call without the need of user
>> interaction. The destination phone number is chosen by the attacker.
>>
>>>
>>> Short name:
>>> iPhone Safari phone-auto-dial (vulnerability)
>>>
>>> Vulnerability class:
>>> application logic bug
>>>
>>> Executive Summary:
>>> A malicious website can initiate a phone call without the need of user
>>> interaction. The destination phone number is chosen by the attacker.
>>>
=============================================================
Android Browser Cross-Application Scripting (CVE-2011-2357)
=============================================================
1) Background
--------------
Android applications are executed in a sandbox environment, to ensure that no
application can access sensitive information held by another, without adequate
privileges. For example, Android's browser application holds sensitive
information such as cookies, cache and history, and this cannot be accessed by
Advisory: Zeacom Chat Server JSESSIONID weak SessionID Vulnerability
Release Date: unknown
Last Modified: 09/27/2010
Author: Daniel Clemens [daniel.clemens[at]packetninjas.net]
Application: Zeacom Chat Application <= 5.0 SP4
Severity:
Usage of weak Weak Session management exists within the Zeacom web-chat application
enabling the bruteforce of the sessionid which can enable the hijacking of anothers chat session.
The Zeacom application handles new sessions through a 10 character string (JSESSIONID),
Thanks,
David Byrne
Senior Security Consultant
Trustwave - SpiderLabs, Application Security
-----Original Message-----
From: Ivan Buetler [mailto:ivan.buetler@csnc.ch]
____________________________________________________________________________
Armorlogic Profense Web Application Firewall 2.4 multiple vulnerabilities.
____________________________________________________________________________
An advisory by EnableSecurity.
Trustwave published a joint advisory named TWSL2009-001
ID: ES-20090500
Secunia Research has discovered vulnerabilities in HP OpenView Network
Node Manager, which can be exploited by malicious people to compromise
a vulnerable system.
1) Various boundary errors in the OpenView5.exe CGI application when
processing parameters can be exploited to cause stack-based buffer
overflows via HTTP requests to the CGI application with overly long
parameter strings.
2) A boundary error in ov.dll can be exploited to cause a stack-based
444
Introduction:
=============
The Barracuda Web Application Firewall provides superior protection against hackers’ attempts to exploit vulnerabilities
in Web sites or Web applications to steal data, cause denial of service or deface Web sites. By integrating application
delivery capabilities, the Barracuda Web Application Firewall is an affordable and comprehensive application firewall
that can secure Web applications, as well as increase their performance and availability.
Published: 2010-02-08 Version: 1.1
SpiderLabs has documented view state tampering
vulnerabilities in three products from separate vendors.
View states are used by some web application frameworks to
store the state of HTML GUI controls. View states are
typically stored in hidden client-side input fields,
although server-side storage is widely supported.
The affected vendors generally recommend that client-side
Published: 2010-02-08 Version: 1.1
SpiderLabs has documented view state tampering
vulnerabilities in three products from separate vendors.
View states are used by some web application frameworks to
store the state of HTML GUI controls. View states are
typically stored in hidden client-side input fields,
although server-side storage is widely supported.
The affected vendors generally recommend that client-side
Published: 2010-02-08 Version: 1.1
SpiderLabs has documented view state tampering
vulnerabilities in three products from separate vendors.
View states are used by some web application frameworks to
store the state of HTML GUI controls. View states are
typically stored in hidden client-side input fields,
although server-side storage is widely supported.
The affected vendors generally recommend that client-side
www.sektioneins.de
-= Security Advisory =-
Advisory: Horde Application Framework Horde_Form_Type_image
Arbitrary File Overwrite Vulnerability
Release Date: 2009/09/18
Last Modified: 2009/09/18
Author: Stefan Esser [stefan.esser[at]sektioneins.de]
Introduction
Internet security threats are migrating from pure network-level attacks
to web server and web application attacks. The web application itself
has become the new security perimeter, and is wide open to the new
generation of attacks. That's the reason why is very important for IT
security staff to have cutting- edge knowledge of web application
security vulnerability testing techniques and tools.
1. 'https://<server>:3443/login.wcap'
2. 'https://<server>:3443/command.shtml'
Cross-site scripting (XSS) vulnerabilities allow an attacker to execute
arbitrary scripting code in the context of the user browser (in the
vulnerable application's domain). For example, an attacker could exploit
an XSS vulnerability to steal user cookies (and then impersonate the
legitimate user) or fake a page requesting information to the user (i.e.
credentials). This vulnerability occurs when user-supplied data is
displayed without encoding.
Next Page>>
|
