graphs
1. XSS 1
A HTTP GET request against the following URL will, on a web browser
with Javascript support, cause a dialog box saying '1' to be displayed:
http://CACTIHOST/graph.php?action=zoom&local_graph_id=1&graph_end=1%27%20style=visibility:hidden%3E%3Cscript%3Ealert(1)%3C/script%3E%3Cx%20y=%27
This vulnerability is only exploitable if the victim is allowed to view
graphs. This will be true if the victim has previously authenticated
against Cacti or if both the guest user has been activated (default:
disabled) and the graph view permission was set to 'guest' (default:
want to call it :).
WifiZoo does the following:
-gathers bssid->ssid information from beacons and probe responses
*(now the graph contains the ssid of the bssid :), new in v1.1)*
-gathers list of unique SSIDS found on probe requests (you can keep
track of all SSIDS machines around you are probing for, and use this
information on further attacks)*new in v1.1*
-gathers the list and graphs which SSIDS are being probed from what
sources *new in v1.1*
The graphviz team has just released a patch to a critical security issue
I reported to them.
The following is the advisory (also available at
http://roeehay.blogspot.com/2008/10/graphviz-buffer-overflow-code-execution.html):
Background
==========
Graphviz is an open-source multi-platform graph visualization software. It
takes a description of graphs in a simple text format (DOT language), and
XSS Vulnerability in JpGraph 3.0.6
Discovered by Martin Barbella <barbella@sas.upenn.edu>
Description of Vulnerability:
-----------------------------
JpGraph is an object oriented library for PHP that can be used to create
various types of graphs which also contains support for client side
image maps.
> pre-patch and post-patch builds, it was easy to directly see when content
> was added, removed, shifted in location, etc. Joxean's going to have much
> the same result -- as basic as his similarity metric is, he'll get the broad
> strokes just fine.
>
> Ultimately the best approach is to build a graph of how functions interact
> and measure graph isomorphism, but of course Halvar figured that out years
> ago :)
>
> On Tue, Jan 5, 2010 at 3:41 PM, T Biehn <tbiehn@gmail.com> wrote:
>>
> Joxean's going to have much
> > the same result -- as basic as his similarity metric
> is, he'll get the broad
> > strokes just fine.
> >
> > Ultimately the best approach is to build a graph of
> how functions interact
> > and measure graph isomorphism, but of course Halvar
> figured that out years
> > ago :)
> >
http://OSSIM-SERVER/ossim/?option=0" onload=alert(document.cookie) a="
3. Access to data without authentication.
Unauthorized user can see graphs and infrastructure
Example
*******
Bug Fixes:
o Solved 'ij' issue inside attach window
o Fixed VCG parser (Blocks display complete address now)
o Fixed traceback error when trying to graph and not attached
o Fixed printfloat() format error
o Fixed ret value of Getaddrfromexp in case of non-existing expression
EDLGraph is a social engineering tool that harvests email addresses in the
public domain and produces a graph linking FQDN domains in a single row based
on
public user interaction records.
http://sourceforge.net/projects/edlgraph/
The source code can be obtained from the svn:
https://edlgraph.svn.sourceforge.net/svnroot/edlgraph
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Graphviz: User-assisted execution of arbitrary code
Date: November 09, 2008
Bugs: #240636
ID: 200811-04
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- Core
o Pyshell can be focused once created with alt-F11
o Shortcut for attach process added: Ctrl+F1
o Added librecognition.py (Library for function recognizing)
- Graph
o immvcglib.generateGraphFromBuf() method added: play with your
own vcg
files!
o Redesign of VCG parser: easier to read, easier to use.
* Security in Agile Development - Dave Wichers
* Security framework is not in the code - Sam Reghenzi
* Exploiting Online Games - Gary McGraw
* SHIELDS: metrics, tools and Internet services to improve security in
application developments - Domenico Rotondi
* Graph Analysis for WebApps: From Nodes to Edges - Simon Roses Femerling
* The OWASP Education Project - Martin Knobloch
* Dynamic Taint Propagation: Finding Vulnerabilities Without Attacking -
Matias Madou
* Threat Modeling for Application Designers & Architects - Shay Zalalichin
I. BACKGROUND
---------------------
"Cacti is a complete network graphing solution designed to harness the power
of RRDTool's data storage and graphing functionality. Cacti provides a fast
poller, advanced graph templating, multiple data acquisition methods, and
user management features out of the box." from cacti.net
Antonio "s4tan" Parata (s4tan AT ush DOT it)
Date 20071218
I. BACKGROUND
From the cacti web site: "Cacti is a complete network graphing solution
designed to harness the power of RRDTool's data storage and graphing
functionality. Cacti provides a fast poller, advanced graph templating,
multiple data acquisition methods, and user management features out of
the box".
What is Exomind?
Exomind is an experimental Python console and programmatic framework for
building decorated graphs and developing open-source intelligence
modules and ideas, centered on social network services, search engines
and instant messaging.
Tool:
http://corelabs.coresecurity.com/index.php?module=FrontEndMod&action=view&type=tool&name=Exomind
http://php-security.org/2010/05/15/mops-2010-030-cmsqlite-mod-parameter-local-file-inclusion-vulnerability/
MOPS-2010-029: CMSQlite c Parameter SQL Injection Vulnerability
http://php-security.org/2010/05/15/mops-2010-029-cmsqlite-c-parameter-sql-injection-vulnerability/
MOPS-2010-023: Cacti Graph Viewer SQL Injection Vulnerability
http://php-security.org/2010/05/13/mops-2010-023-cacti-graph-viewer-sql-injection-vulnerability/
Thank you
Stefan Esser
o JFreeChart 1.0.8 branch "jfreechart-1.0.8-security"
2. Summary
JFreeChart is a popular Java-based chart library used to generate
charts and graphs of data. The library includes support for
generating HTML image maps, which allow for enhanced interaction of
the chart via hyperlinks bound to shapes specified by coordinates.
Multiple cross-site scripting vulnerabilities exist within the
image map support functionality of JFreeChart which may allow an
The ‘Protect Worksheet’ functionality, used to protect sections Mathcad sheets from alterations, in versions 12 through 14 is easily bypassed allowing access to the protected data due to the implementation of the file format used to save the files.
Background on Mathcad
======================
Mathcad (http://www.ptc.com/appserver/mkt/products/home.jsp?k=3901) is used to perform, document and share calculation and design work. The unique Mathcad visual format and scratchpad interface integrate standard mathematical notation, text and graphs in a single worksheet - making Mathcad ideal for knowledge capture, calculation reuse, and engineering collaboration.
Vulnerable Software Versions
=============================
Mathsoft, Mathcad 12
Bug Fixes:
o Solved 'ij' issue inside attach window
o Fixed VCG parser (Blocks display complete address now)
o Fixed traceback error when trying to graph and not attached
o Fixed printfloat() format error
o Fixed ret value of Getaddrfromexp in case of non-existing expression
XSS vulnerability in 'Monitor_Bandwidth' - PRTG Traffic Grapher
<http://blog.bkis.com/?p=704>
1. General information
PRTG Traffic Grapher is a network monitoring solution, which helps
manage and classify bandwidth usage of a network by providing accurate
results about network traffic and usage trends in graphs and tables. The
software also supports SNMP (Simple Network Management Protocol). PRTG
Traffic Grapher is available at http://www.paessler.com.
|
