New User, Welcome!     Login

image maps

R7-0031: JFreeChart Image Map Cross-Site Scripting Vulnerabilities

            Visit http://www.rapid7.com/ to download NeXpose,
        SC Magazine Winner of Best Vulnerability Management product.
_______________________________________________________________________

Rapid7 Advisory R7-0031
JFreeChart Image Map Cross-Site Scripting Vulnerabilities

   Published:  Dec 06, 2007
   Revision:   1.0
   http://www.rapid7.com/advisories/R7-0031.jsp

[ MDVSA-2008:015 ] - Updated apache 2.0.x packages fix multiple vulnerabilities

 Problem Description:
 
 A number of vulnerabilities were found and fixed in the Apache 2.0.x
 packages:
 
 A flaw found in the mod_imagemap module could lead to a cross-site
 scripting attack on sites where mod_imagemap was enabled and an
 imagemap file was publically available (CVE-2007-5000).
 
 A flaw found in the mod_status module could lead to a cross-site
 scripting attack on sites where mod_status was enabled and the status

[ MDVSA-2008:014 ] - Updated apache 1.3.x packages fix multiple vulnerabilities

 scripting attack on sites where mod_autoindex was enabled and the
 AddDefaultCharset directive was removed from the configuration,
 against web browsers that did not correctly derive the response
 character set following the rules in RFC 2616 (CVE-2007-4465).
 
 A flaw found in the mod_imagemap module could lead to a cross-site
 scripting attack on sites where mod_imagemap was enabled and an
 imagemap file was publically available (CVE-2007-5000).
 
 A flaw found in the mod_status module could lead to a cross-site
 scripting attack on sites where mod_status was enabled and the status

[ MDVSA-2008:016 ] - Updated apache 2.2.x packages fix multiple vulnerabilities

 Problem Description:
 
 A number of vulnerabilities were found and fixed in the Apache 2.2.x
 packages:
 
 A flaw found in the mod_imagemap module could lead to a cross-site
 scripting attack on sites where mod_imagemap was enabled and an
 imagemap file was publically available (CVE-2007-5000).
 
 A flaw found in the mod_status module could lead to a cross-site
 scripting attack on sites where mod_status was enabled and the status

XSS Vulnerability in JpGraph 3.0.6

Description of Vulnerability:
-----------------------------
JpGraph is an object oriented library for PHP that can be used to create
various types of graphs which also contains support for client side
image maps.

The GetURLArguments function for the JpGraph's Graph class does not
properly sanitize the names of get and post variables, leading to a
cross site scripting vulnerability.

WordPress 2.8.5 Unrestricted File Upload Arbitrary PHP Code Execution

the MIME-type text/html.

Care should be taken when a file with multiple extensions gets associated with both a MIME-type 
and a handler. This will usually result in the request being handled by the module associated with
the handler. For example, if the .imap  extension is mapped to the handler imap-file 
(from mod_imagemap) and the .html extension is mapped to the MIME-type text/html, then the file 
world.imap.html will be associated with both the imap-file handler and text/html MIME-type. 
When it is processed, the imap-file handler will be used, and so it will be treated as a 
mod_imagemap imagemap file.
"


Copyright © 1995-2012 LinuxRocket.net. All rights reserved.

Nearly all of LinuxRocket's features are free. Be kind and donate to the cause!