Next Page >>
link
IOS Software vulnerabilities that have been published in Cisco
Security Advisories on March 25, 2009, or earlier.
http://www.cisco.com/warp/public/707/cisco-sa-20090325-bundle.shtml
Individual publication links are listed below:
* Cisco IOS cTCP Denial of Service Vulnerability
http://www.cisco.com/warp/public/707/cisco-sa-20090325-ctcp.shtml
* Cisco IOS Software Multiple Features IP Sockets Vulnerability
------------------------------------------------------------------------
The PulseAudio binary is affected by a local race condition. If the
binary is installed as SUID root, it is possible to exploit this
vulnerability to gain root privileges. This attack requires that a local
attacker can create hard links on the same hard disk partition on which
PulseAudio is installed (i.e. /usr/bin and /tmp reside on the same
partition).
------------------------------------------------------------------------
See also
is a result of un sanitized GPC variables being issued directly
to smarty via the assign function.
/user.php?view=search&keyword=<script>alert(document.cookie);</script>
The above example link would display the end users cookie to
them. Of course this can also be used to steal the cookie data
as mentioned earlier in this advisory.
d. vShield Manager Cross-Site Request Forgery vulnerability
The vShield Manager (vSM) interface has a Cross-Site Request
Forgery vulnerability. If an attacker can convince an
authenticated user to visit a malicious link, the attacker may
force the victim to forward an authenticated request to the
server.
VMware would like to thank Frans Pehrson of Xxor AB
(www.xxor.se) and Claudio Criscione for independently reporting
a blocked interface.
Cisco has released free software updates that address these
vulnerabilities.
This advisory is posted at the following link
http://www.cisco.com/warp/public/707/cisco-sa-20090325-mobileip.shtml
Note: The March 25, 2009, Cisco IOS Security Advisory bundled
publication includes eight Security Advisories. All of the advisories
address vulnerabilities in Cisco IOS Software. Each advisory lists
based off vixie-cron. This package is installed by default, and includes a
setuid-root crontab binary to allow unprivileged users to list and modify their
own cronjobs.
I recently audited this code [1], and found a few interesting race conditions
and symlink attacks that allow for very minor information leakage. I thought
I'd share my findings because I enjoyed exploiting these issues and they don't
pose any significant risk to live systems - in other words, this advisory is
intended for system administrators and developers of FreeBSD-based systems;
journalists, end users and other non-technical readers do not need to be
concerned. :p
|Description|
+-----------+
The Windows Skype client implements two URI handlers, Skype: and Skype-Plugin.
Both handlers allow for easy browser integration and are supported by all
modern browsers. When a Skype link is clicked, the Skype.exe process is
spawned with the "/URI:%1" command argument, followed by the user specified
phone number or contact name. For example, clicking the link:
Skype:PaulCraig will spawn the process Skype.exe “/URI:Skype:PaulCraig“
Due to a flaw in the current user input validation performed by Skype, it is
| |
C D
Take first scenario:
1. A - sends frame to B
2. Switch 1 - accepts frame and forwards it to switch 2 3. Switch 2 - accepts frame via link from switch 1 and forwards it to B
Second scenario:
1. Station C and station D starts to send frames to break link beetween switch 1 and switch 2, and announce non existing connection and switch from C port on switch 1 to D port on switch 2
A ---- switch 1 --X-- switch 2 ----- B
C D
Take first scenario:
1. A - sends frame to B
2. Switch 1 - accepts frame and forwards it to switch 2
3. Switch 2 - accepts frame via link from switch 1 and forwards it to B
Second scenario:
1. Station C and station D starts to send frames to break link beetween switch 1 and switch 2, and announce non existing connection and switch from C port on switch 1 to D port on switch 2
A ---- switch 1 --X-- switch 2 ----- B
http://127.0.0.1/vtigercrm/index.php?module=Emails&action=ListView
At this page Vtiger CRM shows the list of all the emails sent and saved,
and for every email it allows to download the attachment showing its
unique id in the link.
http://127.0.0.1/vtigercrm/index.php?module=uploads&action=downloadfile&
return_module=Emails&fileid=133&entityid=136
So, finally, the link to exploit this vulnerability should be something
======================================================================
Secunia Research 07/11/2007
- Link Grammar "separate_sentence()" Buffer Overflow -
======================================================================
Table of Contents
Affected Software....................................................1
======================================================================
Secunia Research 07/11/2007
- AbiWord Link Grammar "separate_sentence()" Buffer Overflow -
======================================================================
Table of Contents
Affected Software....................................................1
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Link Grammar: User-assisted execution of arbitrary code
Date: November 18, 2007
Bugs: #196803
ID: 200711-27
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
This is the Cisco PSIRT response to an issue discovered and reported
to Cisco by Roger Jefferiss and Rob Pope of SecureTest Ltd, UK
regarding cross-site scripting (XSS) vulnerability in Cisco Unified
MeetingPlace Web Conferencing.
The original report is available at the following link:
http://lists.grok.org.uk/pipermail/full-disclosure/2007-August/065134.
html
We greatly appreciate the opportunity to work with researchers on
security vulnerabilities, and welcome the opportunity to review and
allow a remote, unauthenticated attacker to execute arbitrary code
with elevated privileges.
Workarounds that mitigate this vulnerability are available.
This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120126-ironport
Affected Products
=================
Cisco has released free software updates that address these
vulnerabilities.
Workarounds that mitigate these vulnerabilities are available.
This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120223-srp500
Affected Products
=================
Cisco has released free software updates that address these
vulnerabilities.
Workarounds that mitigate these vulnerabilities are available.
This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120229-cucm
Affected Products
=================
Cisco has released free software updates that address these
vulnerabilities. Workarounds are available to mitigate some of the
vulnerabilities.
This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120314-asa
Note: The Cisco Catalyst 6500 Series Firewall Services Module (FWSM)
may be affected by some of the vulnerabilities above. A separate Cisco
Security Advisory has been published to disclose the vulnerabilities
-----------------------------
Active Calendar is PHP Class, that generates calendars (year, month or
week view) as a HTML Table (XHTML-Valid). (From:
http://micronetwork.de/activecalendar/index.php)
In the functions enableYearNav, enableMonthNav, enableDayLinks, and
enableDatePicker of the activeCalendar class, certain variables are
assigned the value of $_SERVER['PHP_SELF'] when either no value is
specified for $link, or the value of $link is false. The values of
these variables are not sanitized later, resulting in several cross
site scripting vulnerabilities.
On Tue, Jan 05, 2010 at 10:49:07AM -0800, Michal Zalewski wrote:
> > Video: http://www.secniche.org/videos/google_chrome_link_inj.html
>
> You might find it informative to review the section of BSH on URL parsing:
> http://code.google.com/p/browsersec/wiki/Part1#Uniform_Resource_Locators
Also, a considerable part of Aditya's concern seems to be the disconnect
between what the user sees in the Status Bar and the actual link target.
It's easy to conceal the link's URL on a page in which the attacker can embed
vulnerabilities that have been published on September 23, 2009, or
earlier.
http://www.cisco.com/warp/public/707/cisco-sa-20090923-bundle.shtml
Individual publication links are in "Cisco Event Response: Semiannual
Cisco IOS Software Advisory Bundled Publication" at the following
link:
http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep09.html
vulnerabilities that have been published on September 23, 2009, or
earlier.
http://www.cisco.com/warp/public/707/cisco-sa-20090923-bundle.shtml
Individual publication links are in "Cisco Event Response: Semiannual
Cisco IOS Software Advisory Bundled Publication" at the following
link:
http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep09.html
vulnerabilities that have been published on September 23, 2009, or
earlier.
http://www.cisco.com/warp/public/707/cisco-sa-20090923-bundle.shtml
Individual publication links are in "Cisco Event Response: Semiannual
Cisco IOS Software Advisory Bundled Publication" at the following
link:
http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep09.html
invalid/corrupt update.
This is a different vulnerability to what was disclosed in the Cisco
Security Advisory "Cisco IOS Software Border Gateway Protocol 4-Byte
Autonomous System Number Vulnerabilities" disclosed on the 2009 July
29 1600 UTC at the following link:
http://www.cisco.com/warp/public/707/cisco-sa-20090729-bgp.shtml
Cisco is preparing to release free software maintenance upgrade (SMU)
that address this vulnerability. This advisory will be updated once
When a user, teacher, admin, alumn, post a new post-its,
he could read all post-its in database.
The vuln link would be:
http://[HOST]/[PATH]/ilias.php?col_side=right&block_type=pdnotes&rel_obj=0¬e_id=1¬e_type=1&cmd=showNote&cmdClass=ilpdnotesblockgui&cmdNode=50&baseClass=ilPersonalDesktopGUI
Changing note_id=1 for other value, for ex. 100, we could
No workarounds are available for the first vulnerability.
A workaround is available for the second vulnerability.
This advisory is posted at the following link:
http://www.cisco.com/warp/public/707/cisco-sa-20090729-bgp.shtml
Affected Products
=================
Cisco Unified Communications Manager software version 4.2(3)SR4b
contains the fix for this vulnerability. Administrators of Cisco
Unified CallManager software version 4.1 systems are encouraged to
upgrade to Cisco Unified Communications Manager software version 4.2
(3)SR4b in order to obtain fixed software. Version 4.2(3)SR4b can be
downloaded at the following link:
http://tools.cisco.com/support/downloads/go/PlatformList.x?sftType=Unified%20Communications%20Manager%20Updates&mdfid=280264388&treeName=Voice%20and%20Unified%20Communications&mdfLevel=Software%20Version/Option&url=null&modelName=Cisco%20Unified%20CallManager%20Version%204.2&isPlatform=N&treeMdfId=278875240&modifmdfid=null&imname=null&hybrid=Y&imst=N
Cisco Unified Communications Manager software version 4.3(2)SR1b
contains the fix for this vulnerability. Version 4.3(2)SR1b can be
Description
pPIM (http://www.phlatline.org/index.php?page=prod-ppim) is a Personal
Information Management application written in PHP that can store
contacts (including their photos), events, links, notes, send and check
email, and upload files. pPIM came to my attention recently with the
publishing on Milw0rm of exploit code designed to facilitate remote
command execution (http://www.milw0rm.com/exploits/8093). As there is a
milw0rm exploit already posted it is likely malicious users are already
exploiting pPIM. I decided to have a closer look at pPIM and, quite
the Cisco Technical Assistance Center (TAC) or your contracted
maintenance provider for assistance.
Cisco Unified CallManager version 4.1(3)SR7 contains fixes for all
vulnerabilities affecting Cisco Unified CallManager version 4.1
listed in this advisory. It can downloaded at the following link:
http://www.cisco.com/pcgi-bin/tablebuild.pl/callmgr-41?psrtdcat20e2
Cisco Unified Communications Manager version 4.2(3)SR4 contains fixes
for all vulnerabilities affecting Cisco Unified Communications
the Cisco Technical Assistance Center (TAC) or your contracted
maintenance provider for assistance.
Cisco Unified CallManager version 4.1(3)SR7 contains fixes for all
vulnerabilities affecting Cisco Unified CallManager version 4.1
listed in this advisory. It can downloaded at the following link:
http://www.cisco.com/pcgi-bin/tablebuild.pl/callmgr-41?psrtdcat20e2
Cisco Unified Communications Manager version 4.2(3)SR4 contains fixes
for all vulnerabilities affecting Cisco Unified Communications
Next Page>>
|
