Next Page >>
online
Recommendation:
We strongly recommend that RSA customers should obtain the following hot fixes:
RSA AAOP 6.0.2.1 SP1 Patch 2 customers should obtain Hotfix 430 from SecurCare Online.
RSA AAOP 6.0.2.1 SP1 Patch 3 customers should obtain Hotfix 130 from SecurCare Online.
RSA AAOP 6.0.2.1 SP2 customers should obtain Hotfix 360 from SecurCare Online.
RSA AAOP 6.0.2.1 SP2 Patch 1 customers should obtain Hotfix 140 from SecurCare Online.
RSA AAOP 6.0.2.1 SP3 customers should obtain Hotfix 130 from SecurCare Online.
Recommendation:
We strongly recommend that RSA customers should obtain the following security fixes:
RSA AAOP 6.0.2.1 SP1 Patch 2 customers should obtain 6.0.2.1 SP1 P2 HF460 from SecurCare Online.
RSA AAOP 6.0.2.1 SP1 Patch 3 customers should obtain 6.0.2.1 SP1 P3 HF170 from SecurCare Online.
RSA AAOP 6.0.2.1 SP2 customers should obtain 6.0.2.1 SP2 HF390 from SecurCare Online.
RSA AAOP 6.0.2.1 SP2 Patch 1 customers should obtain 6.0.2.1 SP2 P1 HF210 from SecurCare Online.
RSA AAOP 6.0.2.1 SP3 customers should obtain 6.0.2.1 SP3 HF210 from SecurCare Online.
Recommendation:
RSA strongly recommends that all customers running RSA Access Manager Server versions 5.5.3, 6.0.4, and 6.1 apply the following security hot fixes, which contain the resolution to this issue, at the earliest opportunity. The hotfix can be downloaded from SecurCare Online or by contacting RSA Security Customer Support.
•Security Hot fix # 5.5.3.173 for RSA Access Manager Server version 5.5.3
•Security Hot fix # 6.0.4.58 for RSA Access Manager Server version 6.0.4
•Security Hot fix # 6.1.2.06 for RSA Access Manager Server version 6.1.2
•Security Hot fix # 6.1.3.01 for RSA Access Manager Server version 6.1.3
Recommendation:
We strongly recommend that all customers follow these remediation steps:
RSA AAOP 5.7.x customers should obtain hot fix 110 from RSA SecurCare® Online.
RSA AAOP 6.x customers should obtain hot fix 40 from RSA SecurCare® Online.
RSA AAOP customers who are still on 2.x versions should contact Support for remediation assistance.
Recommendation:
RSA strongly recommends that all customers running RSA Access Manager Server versions 5.5.3, 6.0.4, and 6.1 apply the following updated security hot fixes, which contain the resolution to this issue, at the earliest opportunity. The hot fixes can be downloaded from SecurCare Online or by contacting RSA Security Customer Support.
•Security Hot fix # 5.5.3.174 for RSA Access Manager Server version 5.5.3
•Security Hot fix # 6.0.4.60 for RSA Access Manager Server version 6.0.4
•Security Hot fix # 6.1.2.08 for RSA Access Manager Server version 6.1.2
•Security Hot fix # 6.1.3.05 for RSA Access Manager Server version 6.1.3
#!/usr/bin/perl
#-------------------------------------------------------------------------------------------------------------------
#(Post Form --> Parent Register (name)) Credentials Changer (SQLi) EXPLOIT -- Online Grades & Attendance v-3.2.6-->
#-------------------------------------------------------------------------------------------------------------------
#
#CMS INFORMATION:
#
#-->WEB: http://www.onlinegrades.org/
#-->DOWNLOAD: http://www.onlinegrades.org/
#-->DEMO: http://www.onlinegrades.org/demo_info
trigger this bug using other browsers?
On Sun, May 31, 2009 at 8:53 PM, <y3nh4ck3r@gmail.com> wrote:
> #!/usr/bin/perl
> #-------------------------------------------------------------------------------------------------------------------
> #(Post Form --> Parent Register (name)) Credentials Changer (SQLi) EXPLOIT -- Online Grades & Attendance v-3.2.6-->
> #-------------------------------------------------------------------------------------------------------------------
> #
> #CMS INFORMATION:
> #
> #-->WEB: http://www.onlinegrades.org/
On Sun, May 31, 2009 at 8:53 PM, <y3nh4ck3r (at) gmail (dot) com [email concealed]> wrote:
> #!/usr/bin/perl
> #-----------------------------------------------------------------------
--------------------------------------------
> #(Post Form --> Parent Register (name)) Credentials Changer (SQLi) EXPLOIT -- Online Grades & Attendance v-3.2.6-->
> #-----------------------------------------------------------------------
--------------------------------------------
> #
> #CMS INFORMATION:
> #
http://labs.idefense.com/intelligence/vulnerabilities/
Oct 10, 2007
I. BACKGROUND
Kaspersky Lab Online Virus Scanner is a free online virus scanner
service, enabling a user to scan their system for malicious code via
their Web browser. This online service can be accessed at following
URL.
http://www.kaspersky.com/virusscanner/
Recommendation:
RSA strongly recommends that all customers running RSA Access Manager Server versions 5.5.3, 6.0.4, and 6.1 apply the following security hot fixes, which contain the resolution to this issue, at the earliest opportunity. The hotfix can be downloaded from SecurCare Online or by contacting RSA Security Customer Support. In addition, RSA recommends that customers running versions of Access Manager Agents prior to 6.0.4 upgrade to supported software.
•Security Hot fix # 5.5.3.172 for RSA Access Manager Server version 5.5.3
•Security Hot fix # 6.0.4.53 for RSA Access Manager Server version 6.0.4
•Security Hot fix # 6.1.2.01 for RSA Access Manager Server version 6.1
Recommendation:
RSA strongly recommends that all customers running RSA Access Manager Agent version 4.7.1 apply the following software hot fixes designed to address to this issue at the earliest opportunity. The hotfix can be downloaded from SecurCare Online or by contacting RSA Security Customer Support.
•Security Hot fix RSA Access Manager Agent hot fix 4.7.1.7 or greater
This security hot fix for RSA Access Manager Agent is available immediately. As of the date of this RSA SecurCare® Online Security Advisory, RSA is not aware of any security breaches that have occurred as a result of this vulnerability.
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c02492472
Version: 1
HPSBMA02571 SSRT100034 rev.1 - HP Insight Diagnostics Online Edition, Remote Cross Site Scripting (XSS)
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2010-08-30
Last Updated: 2010-08-30
Description:
CVE Identifier: CVE-2008-7266
To mitigate this issue, RSA released a patch in 2008 that was made available from RSA SecurCare® Online and is still available now, if needed.
Affected Products:
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c02652463
Version: 1
HPSBMA02615 SSRT100228 rev.1 - HP Insight Diagnostics Online Edition Running on Linux and Windows, Remote Cross Site Scripting (XSS)
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2010-12-14
Last Updated: 2010-12-14
#!/usr/bin/perl
#
#-----------------------------------------------------------------------------------
#(Post Form --> 'cc') Blind (SQLi) EXPLOIT --Online Grades & Attendance v-3.2.6-->
#-----------------------------------------------------------------------------------
#
#CMS INFORMATION:
#
#-->WEB: http://www.onlinegrades.org/
#-->DOWNLOAD: http://www.onlinegrades.org/
ECHO_ADV_91$2008
-----------------------------------------------------------------------------------------
[ECHO_ADV_91$2008] Online Rental Property Script <= 4.5 (pid) Blind Sql Injection Vulnerability
-----------------------------------------------------------------------------------------
Author : M.Hasran Addahroni
Date : May, 5 th 2008
Location : Jakarta, Indonesia
Web : http://advisories.echo.or.id/adv/adv91-K-159-2008.txt
arbitrary URL redirection vulnerability that may be exploited by
malicious people to bypass certain security restrictions.
The security hot fix for RSA Federated Identity Manager available
immediately, is designed to address this potential issue. As of the date
of this RSA SecurCare(r) Online Security Advisory, RSA is not aware of
any security breaches that have occurred as a result of this
vulnerability.
Obtaining Downloads:
To obtain the latest RSA product downloads, log on to RSA SecurCare
Online at https://knowledge.rsasecurity.com and click Products in the
top navigation
menu. Select the specific product whose download you want to obtain.
Scroll to the section for the product download that you want and click
on the link.
Obtaining Downloads:
To obtain the latest RSA product downloads, log on to RSA SecurCare Online at https://knowledge.rsasecurity.com and click Products in the top navigation menu. Select the specific product whose download you want to obtain. Scroll to the section for the product download that you want and click on the link.
Obtaining Documentation:
Obtaining Downloads:
To obtain the latest RSA product downloads, log on to RSA SecurCare Online at https://knowledge.rsasecurity.com and click Products in the top navigation menu. Select the specific product whose download you want to obtain. Scroll to the section for the product download that you want and click on the link.
Obtaining Documentation:
Obtaining Downloads:
To obtain the latest RSA product downloads, log on to RSA SecurCare Online at https://knowledge.rsasecurity.com and click Products in the top navigation menu. Select the specific product whose download you want to obtain. Scroll to the section for the product download that you want and click on the link.
Obtaining Documentation:
Obtaining Downloads:
To obtain the latest RSA product downloads, log on to RSA SecurCare Online at https://knowledge.rsasecurity.com and click Products in the top navigation menu. Select the specific product whose download you want to obtain. Scroll to the section for the product download that you want and click on the link.
Obtaining Documentation:
Obtaining Downloads:
To obtain the latest RSA product downloads, log on to RSA SecurCare Online at https://knowledge.rsasecurity.com and click Products in the top navigation menu. Select the specific product whose download you want to obtain. Scroll to the section for the product download that you want and click on the link.
Obtaining Documentation:
Title:
======
eBank IT Online Banking - Multiple Web Vulnerabilities
Date:
=====
2012-01-26
Dear All,
SecurityTube.net is pleased to announce the CFP for SecurityTubeCon, the
first hacker conference, to be held completely online!
SecurityTubeCon is aimed at democratizing hacker conferences by allowing
any researcher, regardless of his physical location, to share his work
with the community. Unlike other Cons we will not *accept / reject*
speakers. If you have something interesting to share, you WILL be heard.
The idea behind SecurityTubeCon is not to pass judgments on your work,
the problem is explained quickly:
- email service provider delete inactive accounts after six or twelve months of inactivity and release the adresse (nearly every big email provider does it)
- many platforms (webshops, forums, etc...) do NOT delete inactive accounts
This asymmetry in handling inactive accounts has the consequence that thousands of accounts of various online platforms can be hijacked by attackers without any technical difficulties.
The procedure is so simple that it hardly needs to be mentioned:
- An attacker takes an old email address and try to register this email account at the email service provider.
- If it can be registered, it is assumed that the account has been released (or has never existed).
- Then the attacker tries at a variety of online platforms to create accounts for the just mentioned email address.
BitDefender Online Scanner 8 Double Decode Heap Overflow
Release Date:
November 20, 2007
Date Reported:
October 24, 2007
Severity:
High (Remote Code Execution)
presented only a marginal risk. At the time, phishing itself was still
in its infancy, and had yet to grow into the epidemic that can be
observed today. When we revisit the potential risk of phishing to the
2008 federal election, we find ourselves in a much different position.
Candidates have flocked to the Internet in order to communicate with
constituents, as well as to raise campaign contributions online. We
performed an analysis of campaign web sites in order to determine to
what degree they allow contributions to be made online. The most
concerning attack may involve the diversion of online campaign donations
intended for one candidate, to another, entirely different candidate,
entirely undermining voter confidence in online donations.
RSA would like to thank Graham Steele, LSV, INRIA & CNRS & ENS-Cachan as well as Matteo Bortolozzo, Matteo Centenaro and Riccardo Focardi, Universita Ca'Foscari for reporting this issue.
Obtaining Documentation:
To obtain RSA documentation, log on to RSA SecurCare Online at https://knowledge.rsasecurity.com and click Products in the top navigation menu. Select the specific product whose documentation you want to obtain. Scroll to the section for the product version that you want and click the set link.
Obtaining More Information:
For more information about RSA SecurID, visit the RSA web site at http://www.rsa.com/node.aspx?id=1156.
Credits:
RSA would like to thank Tim Brown of Portcullis Computer Security Ltd for
reporting this issue.
Obtaining Documentation:
To obtain RSA documentation, log on to RSA SecurCare Online at
https://knowledge.rsasecurity.com and click Products in the top navigation
menu. Select the specific product whose documentation you want to obtain.
Scroll to the section for the product version that you want and click the
set link.
Next Page>>
|
