Hello,
This is the Cisco PSIRT response to an issue that was discovered
and reported to Cisco by Brad Antoniewicz from Mcafee/Foundstone
Professional Services regarding a cross-site scripting (XSS)
vulnerability in Cisco's Building Broadband Service Manager (BBSM).
This vulnerability is documented in Cisco bug ID CSCso62583. The Release
Note for said bug reads as follows:
------------------------------------------------------------------------
------------------------------------------------------------------------
--
Warm Regards,
Riyaz Ahemed Walikar || Senior Engineer - Professional Services
Vulnerability Assessment & Penetration Testing
Microland Limited
www.microland.com
Hunting Down XSS Vulnerabilities
Erez Metula, Application Security Department Manager, 2Bsecure
How Dangerous Is It Out There?
Dror Paz, Director of Professional Services, Breach Security
Smuggling SQL injection attacks
Avi Douglen, Application Security Consultant, ComSec
SOA security
Port:proxy.port, Username:proxy.username)
http://127.0.0.1:8080/archiva/admin/networkProxies.action
---------------------------------------------------------------------
Warm Regards,
Riyaz Ahemed Walikar || Senior Engineer - Professional Services
Vulnerability Assessment & Penetration Testing
Mobile: +91-98860-42242 || Extn: 5601
on?enabledCleanupConsumers=not-present-remove-db-artifact&enabledCleanup
Consumers=not-present-remove-db-project&enabledCleanupConsumers=not-pres
ent-remove-indexed
Warm Regards,
Riyaz Ahemed Walikar || Senior Engineer - Professional Services
Vulnerability Assessment & Penetration Testing
Mobile: +91-98860-42242 || Extn: 5601
The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material.
------------------------------------------------------------------------
------------------------------------------------------------------------
--
Warm Regards,
Riyaz Ahemed Walikar || Senior Engineer - Professional Services
Vulnerability Assessment & Penetration Testing
Microland Limited
www.microland.com
About CYBSEC S.A. Security Systems
-----------------------------------
Since 1996 CYBSEC S.A. is devoted exclusively to provide professional services specialized in Computer Security. More than 150 clients around the
globe validate our quality and professionalism.
To keep objectivity, CYBSEC S.A. does not represent, neither sell, nor is associated with other software and/or hardware provider companies.
Our services are strictly focused on Information Security, protecting our clients from emerging security threats, mantaining their IT deployments
available, safe, and reliable.
Beyond professional services, CYBSEC is continuosly researching new defense and attack techiniques and contributing with the security community with
Rising Multiple Products Local Privilege Escalation Vulnerability
BACKGROUND
RISING has introduced a variety of operating system based antivirus software, firewall software and enterprise antivirus wall, firewall, network security warning system and other hardware products. RISING is the third company in the world and the only one in China to provide a full range of information security products and professional services.
RISING is catering to over 60 million personal users and more than 70,000 corporate customers in Asia, Europe and Northern America. RISING technology for the search of unknown computer viruses is recognized and protected by patents in Europe, Japan and the United States of America.
Source: http://www.rising-global.com
VULNERABLE PRODUCTS
2010-08-27 - Vendor replied indicating a fix is in the works
2010-08-27 - Vendor schedules the fix for August 30th, 2010
2010-08-30 - Vendor releases version 2.6.4 to address the issue
-- Credit:
This vulnerability was discovered by Will Vandevanter of the Rapid7 professional services team during a customer engagement.
-- About Rapid7 Security
Rapid7 provides vulnerability management, compliance and penetration testing solutions for Web application, network and database security. In addition to developing the NeXpose Vulnerability Management system, Rapid7 manages the Metasploit Project and is the primary sponsor of the
W3AF web assessment tool.
