Next Page >>
blogs
3. *Vulnerability Description*
WordPress is a web application written in PHP that allows the easy
installation of a flexible weblog on any computer connected to the
Internet. WordPress 2.7 reached more than 6 million downloads during
June 2009 [9].
A vulnerability was found in the way that WordPress handles some URL
requests. This results in unprivileged users viewing the content of
List of found vulnerabilities
===============================================================================
1. Insecure file upload in blog personal gallery
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Security risk: critical
Preconditions:
1. attacker must be registered user
.OR.ID
ECHO_ADV_100$2008
-----------------------------------------------------------------------------------------
[ECHO_ADV_100$2008] Comdev Web Blogger <= 4.1.3 (arcmonth) Sql Injection Vulnerability
-----------------------------------------------------------------------------------------
Author : M.Hasran Addahroni
Date : July, 14 th 2008
Location : Jakarta, Indonesia
SUBJECT: Microsoft SWI blog inaccuracies
Hello BugTraq
As you know, 3 weeks ago I published my paper, "Microsoft
Windows DNS Stub Resolver Cache Poisoning"
(http://www.trusteer.com/docs/Microsoft_Windows_resolver_DNS_cache_poisoning.pdf),
simultaneously with Microsoft's release of MS08-020
(http://www.microsoft.com/technet/security/Bulletin/MS08-020.mspx).
- Severity: 6.8/10 (CVSS scored)
=============================================
I. VULNERABILITY
-------------------------
Simple PHP Blog <= 0.5.1 Local File Include vulnerability
II. BACKGROUND
-------------------------
Simple PHP Blog is a blog system does not requires database setup, and
is very easy to install.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
PR08-13: Persistent Cross-site Scripting (XSS) on Moodle via blog entry
title
Vulnerability found: 20/06/2008
Vendor informed: 25/06/2008
I've found that funny result when i try to input some miscellaneous parameters in the query string.
When i try to click the HIGHLIGHTED POSTS in the blog but that entry had no longer exist.
Dear Yahoo,
I've found a bug on your site that i can list all the comments, all the entry belong to the public blog. When i try to click in the HighLighted post in a blog but this entry had no longer existed,
the page result is only the box for comment.
I look at the URL Address, it like this:
http://blog.360.yahoo.com/blog-(blog user encrypted ID)?cq=1&p=
I guest the string that encrypted in the query string is the blog user encrypted ID
Ok so now i try to input the query string paramter like this
http://blog.360.yahoo.com/blog-(blog user encrypted ID)?cq=2&p='
Neuron Blog Admin Permission Bypass and Remote File Upload Vulnerability
------------------------------------------------------------------------
Script : Neuron Blog
Version : 1.1
Site : http://dev.localhost.be/?q=detail-script&id=11
Founder : Rizgar
During research on MySQL Column Truncation Vulnerabilities it was
discovered that the user registration system of Wordpress is not
protected against this kind of attack. Further research then
discovered that this vulnerability can be used to reset the passwords
of users to a random string when user registration is activated
in the blog.
In addition to this it was discovered that Wordpress uses mt_rand()
to create passwords and reset tokens, which is not secure enough
for cryptographic secrets. The use of mt_rand() allows predicting
the randomly generated passwords when the PRNG is freshly seeded
******* Salvatore "drosophila" Fresta *******
[+] Application: RitsBlog
[+] Version: 0.4.2
[+] Website: http://sourceforge.net/projects/ritsblog/
[+] Bugs: [A] SQL Injection
[B] XSS Persistent
[+] Exploitation: Remote
WordPress MU < 2.7 'Host' HTTP Header Cross Site Scripting (XSS)
Vulnerability
II. BACKGROUND
-------------------------
WordPress MU, or multi-user, allows to run unlimited blogs with a
single install of wordpress. It is most famously used for
WordPress.com where it serves tens of millions of hits on hundreds of
thousands of blogs each day. Also is used in many other sites like
Harvard University and Le Monde.
Subject: FC2 BLOG Cross-Site Scripting Vulnerabilities
Application: FC2 BLOG
Vendor:BLOG.FC2.COM
Corporation: FC2, Inc.
DATE : 9 Oct 2008
Description: FC2 BLOG Cross-Site Scripting Vulnerabilities
Vulnerability:
==============
They do not properly sanitize the potentially malicious input content
BP Blog 6.0 (id) Remote Blind SQL Injection Vulnerability
JosS, Jose Luis Gngora Fernndez
Spanish Hackers Team
www.spanish-hackers.com
[+] Info:
[~] Software: bp blog
[~] HomePage: http://blog.betaparticle.com/
H - Security Labs
Eggblog v3.1.0 Security Advisory
ID : HSEC#20071111
General Information
--------------------------
Name : EggBlog v.3.1.0
Vendor HomePage :http://sourceforge.net/projects/eggblog/
Platforms : PHP && MySQL
Vulnerability Type : Input Validation Error
Secure Network - Security Research Advisory
Vuln name: Simple PHP Blog Multiple Vulnerabilities
Systems affected: simplePHPBlog 0.5.0.1, simplePHPBlog 0.4.8 and all previous versions
Systems not affected: -
Severity: Medium
Local/Remote: Remote
Vendor URL: http://www.simplephpblog.com/
Author(s): Luca "ikki" Carettoni - luca.carettoni@securenetwork.it, Luca "Daath" De Fulgentis - daath@webapptest.org
Vendor disclosure: 14th September 2007
II. BACKGROUND
-------------------------
WordPress is a state-of-the-art publishing platform with a focus on aesthetics, web standards,
and usability. WordPress is both free and priceless at the same time. More simply, WordPress is
what you use when you want to work with your blogging software, not fight it.
III. DESCRIPTION
-------------------------
Wordpress allows authorised users to add an attachment to a blog post.
Microsoft has issued a patch to fix the vulnerability and a detailed
description of how to implement the workarounds on IE. It is available
as Security Bulletin http://go.microsoft.com/fwlink/?LinkID=150860.
Microsoft's Research and Defense blog has further discussion about the
vulnerability, workarounds and mitigations [3].
7. *Credits*
Additional Drawing
- ------------------
If you help us to spread the word about the Month of PHP Security
and the open CFP by writing a blog posting about it, you have the
chance to win one of ten 33 USD/25 EUR Amazon Coupons. To participate
you have to write a blog posting about the Month of PHP Security CFP
and send a link to your blog posting to drawing@php-security.org
The winners will be announced on May 1, 2010.
Additional Drawing
- ------------------
If you help us to spread the word about the Month of PHP Security
and the open CFP by writing a blog posting about it, you have the
chance to win one of ten 33 USD/25 EUR Amazon Coupons. To participate
you have to write a blog posting about the Month of PHP Security CFP
and send a link to your blog posting to drawing@php-security.org
The winners will be announced on May 1, 2010.
Update:
Aladdin responded and posted a blog post, please read the timeline and
then the blog post.
http://www.aladdin.com/AircBlog/post/2009/05/Archive-Bypass-Issue-and-eSafe.aspx
It is said that :
-----------------
"This means that in case a customer receives such a specially crafted
----------------------------------------------------------------------
(PT-2009-14) Positive Technologies Security Advisory
BLOG:CMS Cross-Site Scripting vulnerability
----------------------------------------------------------------------
---[ Affected Software ]
- - The victim's user ID ('id') parameter and course ID ('course'
parameter) are required for a successful attack. However, such values
are public as they can be obtained from many sections of the site such as:
user blogs ('/blog/')
chats
public profiles. i.e.: '/user/view.php?id=2&course=1',
'/user/index.php?id=1',
'/user/index.php?id=1&group=&perpage=20&teachers=1&accesssince=0&search=0&perpage=500'
Hi All,
I have been posting a few entries to my blog over the last few weeks on Oracle 11g Security and have been looking at the new SHA-1 password algorithm used in Oracle 11g.
The password algorithm is simple and very easy to guess once you realise that the sha1 verifier stored in the database is 80 bits too long. Its also obvious from other testing I documented on my blog that a salt is indeed used. Once these facts are known the algoritm can be guessed. The algorithm is simply SHA1(pwd||salt) = 160 bit verifier||salt (stored in sys.user$spare4.
To create a simple function to test a verifier you simply need to do:
SYS.USER$.SPARE4 = SHA1("pwd guess" || substr(sys.user$.spare4,43,10)) || substr(sys.user$.spare4,43,10)
Hi All,
I have been posting a few entries to my blog over the last few weeks on Oracle 11g Security and have been looking at the new SHA-1 password algorithm used in Oracle 11g.
The password algorithm is simple and very easy to guess once you realise that the sha1 verifier stored in the database is 80 bits too long. Its also obvious from other testing I documented on my blog that a salt is indeed used. Once these facts are known the algoritm can be guessed. The algorithm is simply SHA1(pwd||salt) = 160 bit verifier||salt (stored in sys.user$spare4.
To create a simple function to test a verifier you simply need to do:
SYS.USER$.SPARE4 = SHA1("pwd guess" || substr(sys.user$.spare4,43,10)) || substr(sys.user$.spare4,43,10)
Product Information
-------------------
FlatPress is an open-source standard-compliant multi-lingual
extensible blogging engine written in PHP by Edoardo Vacchi.
Website: http://www.flatpress.org
Vulnerability Description
> >>
> >> --
> >> Gadi Evron,
> >> ge@linuxbox.org.
> >>
> >> Blog: http://gevron.livejournal.com/
> >
>
>
> --
> Gadi Evron,
PDF Evasion
________________________________________________________________________
Release mode: Forced disclosure
Ref : [TZO-30-2009] - Kaspersky PDF evasion (Forced disclosure)
WWW : http://blog.zoller.lu/2009/05/advisory-kaspersky-generic-pdf-evasion.html
Vendor : http://www.kaspersky.com
Status : Silent fix that doesn't work - No appropriate patch
CVE : none provided
Credit : none given
OSVDB vendor entry: No [1]
Details:
The problems arising from using mt_(s)rand for cryptographic secrets
and possible attacks against PHP's PRNG and PHP applications using it
are explained by the blog post "mt_(s)rand and not so random numbers"
which is available here:
http://www.suspekt.org/2008/08/17/mt_srand-and-not-so-random-numbers/
>>
>> --
>> Gadi Evron,
>> ge@linuxbox.org.
>>
>> Blog: http://gevron.livejournal.com/
>
--
Gadi Evron,
Download: http://www.bigace.de/BIGACE-2.7.2.html
4. About Bkis
Bkis is Vietnamese leading Company in researching, deploying network security software and solutions.
Official website: http://www.bkis.com
Blog: http://blog.bkis.com and http://security.bkis.com
----------------------------------------------------------------
Bui Quang Minh
Manager - Vuln Team - Bkis Security - Bkis
Next Page>>
|
