the references [2], [3], [4], [5] and [6].
8.1. *Vulnerability #1 - XSS (BID 34154, CVE-2009-1729)*
Cross-site scripting vulnerabilities were found in the following file/url:
/-----------
https://<server>/uwc/abs/search.xml?
- -----------/
information, please look at the references [2], [3], [4], [5] and [6].
7.1. *Vulnerability #1 - XSS (BID 34152)*
Cross-site scripting vulnerabilities were found in the following file/url:
/-----------
https://<server>:3443/login.wcap
- -----------/
to arbitrary applications by replaying the NTLM credentials of a
browser user (CVE-2009-3983).
Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey
before 2.0.1, allows remote attackers to spoof an SSL indicator for
an http URL or a file URL by setting document.location to an https
URL corresponding to a site that responds with a No Content (aka 204)
status code and an empty body (CVE-2009-3984).
Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey
before 2.0.1, allows remote attackers to associate spoofed content
to arbitrary applications by replaying the NTLM credentials of a
browser user (CVE-2009-3983).
Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey
before 2.0.1, allows remote attackers to spoof an SSL indicator for
an http URL or a file URL by setting document.location to an https
URL corresponding to a site that responds with a No Content (aka 204)
status code and an empty body (CVE-2009-3984).
Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey
before 2.0.1, allows remote attackers to associate spoofed content
It remains to solve the
back-arrow/history/bookmark problem. Here is what
I propose for that: if the file retrieval session
ID does not map to a file retrieval session
record, the application redirects the browser to
the standard user file URL. If the user is logged
in, the redirected request will come in with the
user-file authentication cookie, and the
application will create a file retrieval session
record and redirect to a new extended user-file
URL. Yes, that's two redirects for each download
is displayed without encoding.
The Cisco Secure Desktop web application does not sufficiently verify if
a well-formed request was provided by the user who submitted the POST
request. The cross-site scripting vulnerability was found in the
following file/url:
/-----
https://{IP}//+CSCOT+/translation?textdomain=csd&prefix=trans&lang=en-us
- -----/
Affected modules are Blog (gallery file upload), Reviews and Image Gallery.
For example let's look at Image Gallery's file upload code:
---------[source code]--------------------------
if (!$FILE_UPLOAD && $FILE_URL) {
//Copy file from remote server to gallery "tmp" directory
if (!copy("$file", "mkportal/modules/gallery/album/tmp/$file_name")) {
$message = "{$mklib->lang['ga_errorupl']}";
$mklib->error_page($message);
exit;
Hi Peter,
Apropos File URI scheme, if you are saying about accessing a file with something like file://abcd... in a link, 'over a network', then most of the browsers (perhaps all) do not follow "file:" links on a page that is fetched with "HTTP". The purpose is "security" or to prevent a remote page from executing a program on the visitor's computer.
The file: links work on pages that are local files on the user's disk! Though in some browsers these settings can be changed. That is why the Opera exploit through file://abcd.... does not work on network.
Hope it answers your query!
--
Thanks & Regards,
Subject: Re: Re: Re: Re: Re: Opera 9.6x file:// overflow
Sent: Nov 19, 2008 5:59 PM
Hi Peter,
Apropos File URI scheme, if you are saying about accessing a file with something like file://abcd... in a link, 'over a network', then most of the browsers (perhaps all) do not follow "file:" links on a page that is fetched with "HTTP". The purpose is "security" or to prevent a remote page from executing a program on the visitor's computer.
The file: links work on pages that are local files on the user's disk! Though in some browsers these settings can be changed. That is why the Opera exploit through file://abcd.... does not work on network.
Hope it answers your query!
