Next Page >>
command injection
each component of the solution is addressed independently in its own
advisory. This advisory addresses Cisco TelePresence endpoint devices
and details the following vulnerabilities:
* Unauthenticated Common Gateway Interface (CGI) Access
* CGI Command Injection
* TFTP Information Disclosure
* Malicious IP Address Injection
* XML-Remote Procedure Call (RPC) Command Injection
* Cisco Discovery Protocol Remote Code Execution
Recording Server. This security advisory outlines details of the
following vulnerabilities:
* Unauthenticated Java Servlet Access
* Common Gateway Interface (CGI) Command Injection
* Unauthenticated Arbitrary File Upload
* XML-Remote Procedure Call (RPC) Arbitrary File Overwrite
Multiple vulnerabilities exist in the Cisco TelePresence Manager.
This security advisory outlines the details of the following
vulnerabilities:
* Simple Object Access Protocol (SOAP) Authentication Bypass
* Java Remote Method Invocation (RMI) Command Injection
* Cisco Discovery Protocol Remote Code Execution
Duplicate Issue Identification in Other Cisco TelePresence Advisories
+--------------------------------------------------------------------
Additional information below. For current updates to Cisco PSIRT
response, please see the Intellishield response URL stated above.
---------------------------------------------------------------------
NX-OS - "less" sub-command - Command injection / sanitization issues.
---------------------------------------------------------------------
Affected Products:
==================
First advisory, mail list post and original jibe suggesting common.php
issue is CVE-2008-5449:
iDefense Security Advisory 01.13.09: Oracle Secure Backup Administration
Server login.php Command Injection Vulnerability
http://archives.neohapsis.com/archives/bugtraq/2009-01/0111.html
The vulnerability is in a function of common.php which is called from the
login.php page.
The Common Vulnerabilities and Exposures (CVE) project has assigned the
name CVE-2008-5449 to this issue.
Hash: SHA1
Core Security Technologies - CoreLabs Advisory
http://www.coresecurity.com/corelabs/
LANDesk command injection
1. *Advisory Information*
Title: LANDesk command injection
8.12.3 Non-Vulnerable packages
UTF-8b
8.13 PHP Code Injection for categories module
------------------------------------------------------------------------------------------------------------------------
Severity: Medium
Requires: Administrator level account
8.13.1 Proof of concept exploit
Release date: 08/06/2011
Last update: 08/06/2011
Credits: Roberto Paleari, Emaze Networks S.p.A (roberto.paleari@emaze.net)
[VULNERABILITY INFORMATION]
Class: Hidden functionalities, command-injection, weak encryption
[AFFECTED PRODUCTS]
The vulnerabilities described in this advisory are related to a firmware shared
among several devices of different vendors. Unfortunately, we have not been
able to identify the actual firmware manufacturer: we asked the name of the
Vulnerabilities
CVE IDs in this security advisory:
1) Authentication bypass - CVE-2010-4279
2) OS Command Injection - CVE-2010-4278
3) SQL Injection - CVE-2010-4280
4) Blind SQL Injection - CVE-2010-4280
5) Path Traversal - CVE-2010-4281 - CVE-2010-4282 - CVE-2010-4283
Host: localhost
Cookie: cookie_login[login]=admin;cookie_login[active]=1;cookie_login[user_type]=administrator;cookie_login[password]=1;cookie_password=1
Connection: keep-alive
+--------------------+
| PHP Code Injection |
+--------------------+
The vulnerable code is located in /www/student.php
123. if (isset($_GET['course']) || isset($_GET['from_course'])) {
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Cisco Security Advisory: Cisco Small Business SRP500 Series Command
Injection Vulnerability
Advisory ID: cisco-sa-20111102-srp500
Revision 1.0
=======
Cisco Small Business (SRP 500) Series Services Ready Platforms
contain the following three vulnerabilities:
* Cisco SRP 500 Series Web Interface Command Injection
Vulnerability
* Cisco SRP 500 Series Unauthenticated Configuration Upload
Vulnerability
* Cisco SRP 500 Series Directory Traversal Vulnerability
Description (from the vendor site):
ZoneMinder is an integrated set of applications which provide a complete surveillance solution allowing capture, analysis, recording and monitoring of any CCTV or security cameras attached to a Linux based machine.
Overview:
ZoneMinder is prone to Command Injection, SQL Injcetion and XSS. All attacks are possible because of lack of user input sanitizing.
I. Command Injection
In the "zm_html_view_events.php" function executeFilter() doesn't validate user input.
In the "zm_html_view_state.php" parameter "run_state" is not validated.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====[ Tempest Security Intelligence - Advisory #02 / 2012 ]============
Polycom Web Management Interface O.S. Command Injection
-------------------------------------------------------
Authors:
- Joao Paulo Caldas Campello:
- @jpcampello
Vulnerability Summaries:
------------------------
Login page can be bypassed, granting administrative access to the web interface.
Unauthenticated OS command injection is possible through the web interface.
The easiest way to perform these attacks is using a web proxy.
Vulnerable Versions:
--------------------
Hash: SHA1
Core Security Technologies - CoreLabs Advisory
http://www.coresecurity.com/corelabs/
DX Studio Player Firefox plug-in command injection
1. *Advisory Information*
Core Security Technologies - CoreLabs Advisory
http://corelabs.coresecurity.com/
Landesk OS command injection
1. *Advisory Information*
Title: Landesk OS command injection
Advisory Id: CORE-2010-1018
I. VULNERABILITY
-------------------------
XSS
Command Injection
Banks below are vulnerable:
BankSA. www.banksa.com.au
Commonwealth Bank. www.commbank.com.au
etc...
for small and medium sized enterprises looking for an inexpensive way to
effectively manage and develop their human resources."
Product link: http://www.orangehrm.com/
2. Vulnerability Information
Class: Cross site scripting, SQL injection, PHP code injection, Cross-site
request forgery
Impact: Session hijacking, unauthorized data access, privilege escalation,
user-assisted arbitrary command execution
Rating: Less critical
Remotely Exploitable: Yes
Core Security Technologies - CoreLabs Advisory
http://www.coresecurity.com/corelabs/
StoneTrip S3DPlayers remote command injection
1. *Advisory Information*
Title: StoneTrip S3DPlayers remote command injection
--> Backup, it is possible for a remote unauthenticated user to
access the backup configuration file. This file contains all
configuration parameters of the device, including the HTTP
authentication password and VPN pre-shared-keys (PSKs).
* Root operating system arbitrary command injection by an
authenticated attacker
A user who is authenticated to the device can inject arbitrary
commands into the underlying operating system with root
privileges, via the ping test and traceroute test parameters.
Advisory # 1:
TITLE
OS Command Injection Vulnerability in Aruba Remote Access Point
Diagnostic Web Interface.
SUMMARY
An OS command injection vulnerability has been discovered in the Aruba
</message>
###########################################################################
###########################################################################
=== [ HTML Code Injection ] ===
[»] add new message
<img src="">
Is the affected product Secure Backup accidentally missing from the subject line and the advisory title,
i.e. the correct title is Oracle Secure Backup Administration selector Command Injection Remote Code Execution Vulnerability?
Juha-Matti
ZDI Disclosures [zdi-disclosures@tippingpoint.com] wrote:
> ZDI-10-121: Command Injection Remote Code Execution Vulnerability
> http://www.zerodayinitiative.com/advisories/ZDI-10-121
> July 13, 2010
>
UVC products.
This vulnerability is documented in Cisco bug ID CSCti54008 and has been
assigned CVE ID CVE-2010-3038.
Remote Command Injection on the Web Interface in Cisco UVC Products
+------------------------------------------------------------------
Several fields in the web server interface of Cisco UVC products are
vulnerable to a shell command injection vulnerability. An
administrator user who is authenticated to the web interface of Cisco
- - Affected Components:
. SAP NetWeaver 2004 < SP21
. SAP NetWeaver 2004s < SP13
- - Vulnerability Class: HTML Code Injection
- - Remotely Exploitable: Yes
- - Locally Exploitable: Yes
http://labs.idefense.com/intelligence/vulnerabilities/
Jan 10, 2011
I. BACKGROUND
HP Network Node Manager Command Injection Vulnerability HP Network Node
Manager (NNM) is an application suite that is used to map out and
manage network topography. NNM runs on a variety of platforms,
including Linux and multiple versions of Windows. For more information,
see the vendor's site found at the following link:
http://www.openview.hp.com/products/nnm/index.html
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Cisco Nexus OS (NX-OS) - Command "injection" / sanitization issues.
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Discovery by:
1) Peter Adkins <adkins.peter@gmail.com>
Access:
1) Local; authenticated access is required.
then save the shopping cart for the tables to be revealed by
browsing to: http://www.victim.com/cart_save.php
===============================================================
===============================================================
!risk 3 - Arbitrary Code Injection
High
Attackers can use this vulnerability to execute arbitrary code
on a legitimate user.
===============================================================
9. *References*
[1] http://www.sun.com/software/products/calendar_srvr/
[2] HTML Code Injection and Cross-Site Scripting
http://www.technicalinfo.net/papers/CSS.html.
[3] The Cross-Site Scripting FAQ (XSS)
http://www.cgisecurity.com/articles/xss-faq.shtml
[4] How to prevent Cross-Site Scripting Security Issues
http://support.microsoft.com/default.aspx?scid=KB;en-us;q252985
Next Page>>
|
