Next Page >>
cross/site
Version: 7.5.0
Hardware: Tomcat/Oracle
Vulnerability: Cross-Site Scripting, Phishing Through Frames,
Application Error
Overview:
[DSECRG-11-011] SAP Crystal Reports 2008 - Multiple XSS
SAP Crystal Report Server 2008 - multiple cross-site scripting vulnerabilities.
SAP Crystal Report Server 2008 - Multiple cross-site scripting vulnerabilities. [DSecRG-11-011] (Internal DSECRG-00147)
Multiple XSS vulnerabilities found in the module PerformanceManagement application SAP Crystal Report Server 2008. An attacker can intercept the cookie administrator or regular user of the system.
Application: SAP Crystal Report Server 2008
#=cicatriz <c1c4tr1z@voodoo-labs.org>=#=~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~(advisories)=#
/) /) /)
_ _ _______(/ ________ // _ (/_ _ _____ _
(/__(_)(_)(_(_(_)(_) (/_(_(_/_) /_)_ o (_)/ (_(_/_
.-/
#=net2ftp <= 0.97 Cross-Site Scripting/Request Forgery=#=~~~~~~~~~~~~~~~(_/~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~=#
#=~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~=#
#=Advisory & Vulnerability Information=#=~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~=#
Title: net2ftp <= 0.97 Cross-Site Scripting/Request Forgery
Advisory ID: VUDO-2009-0804
Release mode: Coordinated release
2. *Vulnerability Information*
Class: Cross site scripting (XSS)
Remotely Exploitable: Yes
Locally Exploitable: No
Bugtraq ID: 34154, 34155
CVE Name: CVE-2009-1729
#=cicatriz <c1c4tr1z@voodoo-labs.org>=#=~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~(advisories)=#
/) /) /)
_ _ _______(/ ________ // _ (/_ _ _____ _
(/__(_)(_)(_(_(_)(_) (/_(_(_/_) /_)_ o (_)/ (_(_/_
.-/
#=Phorum < 5.2.10 Cross-Site Scripting/Request Forgery=#=~~~~~~~~~~~~~~~(_/~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~=#
#=~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~=#
#=Advisory & Vulnerability Information=#=~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~=#
Title: Phorum < 5.2.10 Cross-Site Scripting/Request Forgery
Advisory ID: VUDO-2009-1504
Release mode: Coordinated release
2. *Vulnerability Information*
Class: Denial of service (DoS), Cross site scripting (XSS)
Remotely Exploitable: Yes
Locally Exploitable: No
Bugtraq ID: 34150, 34152, 34153
CVE Name: N/A
Hash: SHA1
Core Security Technologies - CoreLabs Advisory
http://corelabs.coresecurity.com/
IBM WebSphere Application Server Cross-Site Request Forgery
1. *Advisory Information*
Title: IBM WebSphere Application Server Cross-Site Request Forgery
Version: 1.4.3
From: Remote
Severity: Extremely Critical
Impact:
Manipulation of data
Cross-Site Scripting
Type of Advisory: Full Disclosure
_________________
Software Description |
===============
Summary
=======
Cisco CallManager and Unified Communications Manager are vulnerable
to cross-site Scripting (XSS) and SQL Injection attacks in the lang
variable of the admin and user logon pages. A successful attack may
allow an attacker to run JavaScript on computer systems connecting to
CallManager or Unified Communications Manager servers, and has the
potential to disclose information within the database.
release available.
3. Problem Description
a. WebAccess Context Data Cross-site Scripting Vulnerability
A cross-site scripting vulnerability in WebAccess allows for
disclosure of sensitive information. The flaw is due to insufficient
verification of certain parameters which may lead to redirection of
a user's requests.
Details follow:
It was discovered that Apache did not sanitize the Expect header from
an HTTP request when it is reflected back in an error message, which
could result in browsers becoming vulnerable to cross-site scripting
attacks when processing the output. With cross-site scripting
vulnerabilities, if a user were tricked into viewing server output
during a crafted server request, a remote attacker could exploit this
to modify the contents, or steal confidential data (such as passwords),
within the same domain. This was only vulnerable in Ubuntu 6.06.
Moodle does not enable the "Regenerate session id during
login" setting by default, which makes it easier for remote
attackers to conduct session fixation attacks.
CVE-2010-1614
Multiple cross-site scripting (XSS) vulnerabilities allow
remote attackers to inject arbitrary web script or HTML via
vectors related to (1) the Login-As feature or (2) when the
global search feature is enabled, unspecified global search
forms in the Global Search Engine.
+ Advisory ID: 2010-003
+ Version: 0.65
+ Date: 12/10/2010
+ Impact: Gaining Administrative Privileges - Execute Malicious
Javascript Codes
+ CWE-ID: 352 (Cross-site Request Forgery) - 79 (Cross-site Scripting)
+ Credit: Anatolia Security
### VULNERABLE PRODUCT ###
Moodle does not enable the "Regenerate session id during
login" setting by default, which makes it easier for remote
attackers to conduct session fixation attacks.
CVE-2010-1614
Multiple cross-site scripting (XSS) vulnerabilities allow
remote attackers to inject arbitrary web script or HTML via
vectors related to (1) the Login-As feature or (2) when the
global search feature is enabled, unspecified global search
forms in the Global Search Engine.
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01650939
Version: 3
HPSBUX02401 SSRT090005 rev.3 - HP-UX Running Apache Web Server Suite, Remote Denial of Service (DoS), Cross-site Scripting (XSS), Execution of Arbitrary Code, Cross-Site Request Forgery (CSRF)
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2009-02-02
Last Updated: 2009-02-25
corruption and application crash) via a crafted HTML document.
CVE-2009-1714
Cross-site scripting (XSS) vulnerability in Web Inspector in WebKit allows
user-assisted remote attackers to inject arbitrary web script or HTML, and read
local files, via vectors related to the improper escaping of HTML attributes.
CVE-2009-1710
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01650939
Version: 1
HPSBUX02401 SSRT090005 rev.1 - HP-UX Running Apache Web Server Suite, Remote Denial of Service (DoS), Cross-site Scripting (XSS), Execution of Arbitrary Code, Cross-Site Request Forgery (CSRF)
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2009-02-02
Last Updated: 2009-02-02
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01650939
Version: 1
HPSBUX02401 SSRT090005 rev.2 - HP-UX Running Apache Web Server Suite, Remote Denial of Service (DoS), Cross-site Scripting (XSS), Execution of Arbitrary Code, Cross-Site Request Forgery (CSRF)
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2009-02-02
Last Updated: 2009-02-12
necessary changes.
Details follow:
Fernando Quintero discovered than MoinMoin did not properly sanitize its
input when processing login requests, resulting in cross-site scripting (XSS)
vulnerabilities. With cross-site scripting vulnerabilities, if a user were
tricked into viewing server output during a crafted server request, a remote
attacker could exploit this to modify the contents, or steal confidential data,
within the same domain. This issue affected Ubuntu 7.10 and 8.04 LTS.
(CVE-2008-0780)
Application Description 3
OpenNMS HTTP Response Splitting Vulnerability 3
Vulnerability Information 3
Vulnerability Details 3
Proof-of-Concept 4
OpenNMS Cross-Site Scripting Vulnerabilities 5
Vulnerability Information 5
Vulnerability Details 5
Proof-of-Concept 5
Security Analysis 6
Discovery 6
Title: CA Service Desk Multiple Cross-Site Scripting
Vulnerabilities
CA Advisory Date: 2008-09-24
Reported By:
Open Security Foundation
[5] http://secunia.com/advisories/34220/
APPENDIX: Advisories
====================================================
Advisory: “Cross-Site Scripting” in Avatar uploads in fluxBB
Application: fluxBB
Vulnerable Versions: 1.3-legacy and older 1.3 versions.
Reported By: Jacques Copeau
Details follow:
It was discovered that Apache did not sanitize the method specifier header from
an HTTP request when it is returned in an error message, which could result in
browsers becoming vulnerable to cross-site scripting attacks when processing the
output. With cross-site scripting vulnerabilities, if a user were tricked into
viewing server output during a crafted server request, a remote attacker could
exploit this to modify the contents, or steal confidential data (such as
passwords), within the same domain. This issue only affected Ubuntu 6.06 LTS and
7.10. (CVE-2007-6203)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Response: Cisco IOS Cross-Site Scripting
Vulnerabilities
http://www.cisco.com/warp/public/707/cisco-sr-20090114-http.shtml
Revision 1.0
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[ multiple vendor ftpd - Cross-site request forgery ]
Author: Maksymilian Arciemowicz
securityreason.com
Date:
- - Written: 03.09.2008
- - Public: 26.09.2008
The first set of vulnerabilities address several buffer overflow
conditions in the UCP application that could result in remote
execution of arbitrary code on the host system where UCP is
installed.
The second set of vulnerabilities address cross-site scripting in the
UCP application pages.
Both sets of vulnerabilities could be remotely exploited, and do not
require valid user credentials.
The research is made of two components: a purple paper and a video. The research doesn't just cover boring PoCs, but actual Hollywood-style exploits :-) . Yes, this includes the classic attack in which the legitimate video stream gets replaced by another stream that keeps looping forever!
In the paper we only cover new vulnerabilities affecting older _and_ the latest firmware. The most eye-catching ones are perhaps the following issues affecting the latest version of the firmware (2.43):
System-wide Cross-site Request Forgeries (CSRF) – any admin action can be forged by design!
Non-persistent Cross-site Scripting (XSS) on 404 error pages
Persistent cross-site Scripting (XSS) on the network settings page
Persistent cross-site Scripting (XSS) on the video viewing page
Persistent cross-site Scripting (XSS) on the logs viewing facility
over a million store owners around the world."
The following web vulnerabilities were found in CubeCart version 4.3.3;
1.SQL injection in “/cubecart_4/index.php”, parameter “searchStr”.
2.Cross-site Scripting vulnerability in
“/cubecart_4/modules/gateway/WorldPay/return.php”, parameter “amount”.
3.Cross-site Scripting vulnerability in
“/cubecart_4/modules/gateway/WorldPay/return.php”, parameter “cartId”.
4.Cross-site Scripting vulnerability in
“/cubecart_4/modules/gateway/WorldPay/return.php”, parameter “email”.
SEC Consult Vulnerability Lab Security Advisory < 20120315-0 >
=======================================================================
title: Multiple permanent cross-site scripting vulnerabilities
product: EMC Documentum eRoom
vulnerable version: 7.33.498.98
fixed version: 7.4.4
impact: high
homepage: http://www.emc.com/products/detail/software2/eroom.htm
found: 2011-05-05
by: F. Lukavsky, B. Schildendorfer
get basic information about the hosts in the Resource Pools, information about
the VMs and also connect to the console of the VMs.
Due to poor validation of some user controlled inputs, a variety of attacks
against the application and the underlying server are possible.
Cross-site scripting, cross-site request forgery, SQL injection and remote
command execution attack vectors were identified as well.
XSS and CSRF attacks can be performed on the virtual appliance itself, while
the others require the PHP parameter magic_quotes_gpc to be off on the web
server.
Next Page>>
|
