development tool
San Diego, CA 92101
http://www.hotelsolamar.com
FRIDAY - 75 minute talks
James O'Gorman & Matthew Churchill - Digital Forensics - Footsteps in the Snow
Travis Goodspeed - Repurposing the TI EZ430 Development Tool
Ryan Sherstobitoff - The Evolution of Cyber Crime
Jared DeMott - AppSec A-Z: Reverse Engineering, Source Code Auditing, Fuzzing, and Exploitation
3. Problem Description
a. VMware Studio 2.0 remote command execution by Studio user
VMware Studio is a development tool to create and manage virtual
appliances. VMware Studio itself is a virtual appliance.
A vulnerability in the Virtual Appliance Management Infrastructure
(VAMI) allows for remote command execution in Studio 2.0 or in
virtual appliances created with Studio 2.0. Exploitation of the
Apr 15, 2008
I. BACKGROUND
Oracle Application Express (Oracle APEX), formerly called HTML DB, is a
rapid web application development tool for the Oracle database. For
more information about Oracle Application Express, please visit
following URL.
http://www.oracle.com/technology/products/database/application_express/index.html
See http://www.petefinnigan.com/Advisory_CPU_Oct_2008.htm for details
Description
-----------
Oracle Appication Express (APEX) is a rapid development tool for
developing web based ineterfaces and applications that run against an
Oracle database. APEX is operated from a web browser and allows people
with limited programming experience to develop professional
applications. The issue located by PeteFinnigan.com Limited relates to
excessive privileges assigned to the FLOWS database schema/user account.
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2007-0176
José Ramón Palanco discovered th a cross site scripting vulnerability
in GForge, a collaborative development tool, allows remote attackers to
inject arbitrary web script or HTML in the context of a logged in user's
session.
For the stable distribution (etch), this problem has been fixed in version
4.5.14-22etch5.
Problem type : local
Debian-specific: no
CVE Id(s) : CVE-2008-0167
Stephen Gran and Mark Hymers discovered that some scripts run by GForge,
a collaborative development tool, open files in write mode in a potentially
insecure manner. This may be exploited to overwrite arbitary files on the
local system.
For the stable distribution (etch), this problem has been fixed in version
4.5.14-22etch8.
CVE IDs : CVE ids pending
Laurent Almeras and Guillaume Smet have discovered a possible SQL
injection vulnerability and cross-site scripting vulnerabilities in
gforge, a collaborative development tool. Due to insufficient input
sanitising, it was possible to inject arbitrary SQL statements and use
several parameters to conduct cross-site scripting attacks.
For the stable distribution (lenny), these problem have been fixed in
version 4.7~rc2-7lenny1.
Problem type : local
Debian-specific: no
CVE Id(s) : CVE-2008-0167
Stephen Gran and Mark Hymers discovered that some scripts run by GForge,
a collaborative development tool, open files in write mode in a potentially
insecure manner. This may be exploited to overwrite arbitary files on the
local system.
For the stable distribution (etch), this problem has been fixed in version
4.5.14-22etch8.
Problem-Type : remote
Debian-specific: no
CVE ID : CVE-2007-3913
Sumit I. Siddharth discovered that Gforge, a collaborative development
tool performs insufficient input sanitising, which allows SQL injection.
For the oldstable distribution (sarge) this problem has been fixed in
version 3.1-31sarge2.
For the stable distribution (etch) this problem has been fixed in
Problem type : local
Debian-specific: no
CVE Id(s) : CVE-2007-3921
Steve Kemp from the Debian Security Audit project discovered that gforge,
a collaborative development tool, used temporary files insecurely which
could allow local users to truncate files upon the system with the privileges
of the gforge user, or create a denial of service attack.
For the stable distribution (etch), this problem has been fixed in version
4.5.14-22etch3.
Problem type : local
Debian-specific: no
CVE ID : CVE-2009-3304
Sylvain Beucler discovered that gforge, a collaborative development
tool, is prone to a symlink attack, which allows local users to perform
a denial of service attack by overwriting arbitrary files.
For the stable distribution (lenny), this problem has been fixed in
version 4.7~rc2-7lenny3.
|
