Next Page >>
protections
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
ESA-2011-010: EMC Data Protection Advisor Collector arbitrary code execution with elevated privileges vulnerability
EMC Identifier: ESA-2011-010
CVE Identifier: CVE-2011-1420
Severity Rating: CVSS v2 Base Score: 6.8 (AV:L/AC:L/Au:S/C:C/I:C/A:C)
Description of Vulnerability
=============================
According to Mathcad’s online help:
‘When distributing worksheets, you may wish to restrict user access to most regions. Rather than locking an area, you may opt instead to use worksheet protection.
The intent of file protection is to prevent other users from opening the worksheet in a text editor and editing its contents by hand. The allowed file formats are either binary (XMCDZ, MCD) or output-only (RTF, HTML). With file protection enabled, you can only alter the contents of a worksheet from Mathcad. You can create, edit, and delete regions within the worksheet with no restrictions.’
The XMCDZ file format is not a true binary format. It is the standard Mathcad .XMCD XML sheet, which has been GZIPPED. For this reason it is a simple matter to get the original plain text XML sheet out of the file, using an archive utility.
CA ARCserve Backup for Laptops and Desktops r11.1 SP1
CA ARCserve Backup for Laptops and Desktops r11.1
CA ARCserve Backup for Laptops and Desktops r11.0
CA Desktop Management Suite 11.2
CA Desktop Management Suite 11.1
CA Protection Suites r2
CA Protection Suites 3.0
CA Protection Suites 3.1
Affected Platforms:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
ESA-2011-021: EMC Data Protection Advisor sensitive information disclosure vulnerability.
EMC Identifier: ESA-2011-021
CVE Identifier: CVE-2011-1742
Severity Rating: CVSS v2 Base Score: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)
Affected products :
The vulnerabilities have been fixed in Norman's compression library (NCL) 5.99.07,
relased on Norman's Internet update servers as an automatic update 03 June 2009.
This solves the vulnerability for all updated Norman's products except for
Norman Network Protection
- Norman Virus Control single user and corporate versions
- Norman Internet Control
- Norman Virus Control E-mail plugins
- Norman Endpoint Protection
Summary: Introduction
Blind SQL Injection
Insecure SQL Password Usage
Admin Session Hijacking
Deep Recursion Protection Bypass
Code Execution
Miscellanious
Risk level: Medium / High
CVE: ----------
Affected Products:
CA ARCserve Backup r12.0 Windows
CA ARCserve Backup r11.5 Windows SP3 and prior*
CA ARCserve Backup r11.1 Windows*
CA ARCserve Backup r11.1 Netware*
CA Server Protection Suite r2
CA Business Protection Suite r2
CA Business Protection Suite for Microsoft Small Business Server
Standard Edition r2
CA Business Protection Suite for Microsoft Small Business Server
Premium Edition r2
Released on: 2007/12/16
Changelog: 2007/12/16
Summary: [HT] Remote File Inclusion
[MT] SQL Injection
[MT] SQL Injection Protection Bypass
[__] Conclusion
Legend: L - Low risk M - Medium risk
H - High risk T - Tested
SUMMARY
=======
SafeNet Inc.'s Sentinel Protection Server and Sentinel Keys Server
products include web servers which are vulnerable to directory
traversal attacks. A remote attacker could exploit these
vulnerabilities to read arbitrary files with the permissions of the web
server, typically SYSTEM.
AFFECTED SOFTWARE
------------------------------
1. Cross-Site Request Forgery.
------------------------------
Taking in account that in plugin WordPress Database Backup there is no
protection against CSRF, then with help of this CSRF vulnerability it's
possible to attack admin. It can be done for forcing of backup, in order to
get the backup of site's DB via earlier mentioned Information Leakage
vulnerability, or for the purpose of creating of large number of backup
files, to occupy free space at the server. Or in order to receive backup on
email. These CSRF-attacks are possible if plugin WP-DB-Backup is activated.
-----Original Message-----
From: Inferno [mailto:inferno@securethoughts.com]
Sent: Thursday, August 20, 2009 2:18 AM
To: bugtraq@securityfocus.com
Subject: Bypassing OWASP ESAPI XSS Protection inside Javascript
Bypassing OWASP ESAPI XSS Protection inside Javascript
------------------------------------------------------
By Inferno (inferno {at} securethoughts {dot} com)
and products are affected, however there is no plan to patch, the
patch will come or will not come - sometime in the future.
You are encouraged to read the time line and draw your own conclusions.
Desktop Protection
* avast! 4 Professional (impact low, reason real-time protection)
* avast! 4 Home Edition (impact low, reason real-time protection)
* avast! Pro Family pack (impact low, reason real-time protection)
* avast! WHS Edition (impact low, reason real-time protection)
Affected Products:
CA ARCserve Backup r12.0 Windows
CA ARCserve Backup r11.5 Windows*
CA ARCserve Backup r11.1 Windows*
CA Server Protection Suite r2
CA Business Protection Suite r2
CA Business Protection Suite for Microsoft Small Business Server
Standard Edition r2
CA Business Protection Suite for Microsoft Small Business Server
Premium Edition r2
Affected Products:
CA ARCserve Backup r12.0 Windows
CA ARCserve Backup r11.5 Windows*
CA ARCserve Backup r11.1 Windows*
CA Server Protection Suite r2
CA Business Protection Suite r2
CA Business Protection Suite for Microsoft Small Business Server
Standard Edition r2
CA Business Protection Suite for Microsoft Small Business Server
Premium Edition r2
r11.5)
CA ARCserve Backup r11.1 (formerly BrightStor ARCserve Backup
r11.1)
CA ARCserve Backup r11.0 (formerly BrightStor ARCserve Backup
r11.0)
CA Server Protection Suite r2
CA Business Protection Suite r2
CA Business Protection Suite for Microsoft Small Business Server
Standard Edition r2
CA Business Protection Suite for Microsoft Small Business Server
Premium Edition r2
BrightStor ARCserve Backup r11.5
BrightStor ARCserve Backup r11.1
BrightStor ARCserve Backup r11 for Windows
BrightStor Enterprise Backup r10.5
BrightStor ARCserve Backup v9.01
CA Server Protection Suite r2
CA Business Protection Suite r2
CA Business Protection Suite for Microsoft Small Business Server
Standard Edition r2
CA Business Protection Suite for Microsoft Small Business Server
Premium Edition r2
BrightStor ARCserve Backup r11.5
BrightStor ARCserve Backup r11.1
BrightStor ARCserve Backup r11 for Windows
BrightStor Enterprise Backup r10.5
BrightStor ARCserve Backup v9.01
CA Server Protection Suite r2
CA Business Protection Suite r2
CA Business Protection Suite for Microsoft Small Business Server
Standard Edition r2
CA Business Protection Suite for Microsoft Small Business Server
Premium Edition r2
X-Forwarded-For: 127.0.0.1\r\n
Connection: keep-alive\r\n\r\n
Later, we'll see how to gain the administrator's session
id. Even if we got the good session id, there is a
protection that "normally" don't permit to be logged in.
Let's see a part of the file "scripts/sb_login.php":
28| // Check if user is logged in.
29| if ( isset( $_SESSION[ 'logged_in' ] ) &&
| $_SESSION[ 'logged_in' ] == 'yes' ) {
Product Coverage
================
- Solutions based on F-Secure Protection Service for Consumers version 9
- Solutions based on F-Secure Protection Service for Business -
Workstation security version 9
- Solutions based on F-Secure Protection Service for Business -
Email and Server Security version 9
- Solutions based on F-Secure Protection Service for Business -
https://github.com/stefanesser/suhosin
Overview:
Quote from http://www.suhosin.org
"Suhosin is an advanced protection system for PHP installations.
It was designed to protect servers and users from known and
unknown flaws in PHP applications and the PHP core. Suhosin comes
in two independent parts, that can be used separately or in
combination. The first part is a small patch against the PHP
core, that implements a few low-level protections against
-- Affected Vendors:
Symantec
-- Affected Products:
Symantec Symantec Backup Exec Continuous Protection Server
Symantec Veritas CommandCentral Storage
Symantec Veritas Cluster Server
Symantec Veritas Traffic Director
Symantec Veritas NetBackup
Symantec Veritas Storage Foundation
#####################################################################################
Application: Panda Global Protection 2010
Panda Internet Security 2010
Platforms: Windows XP Professional SP & windows Vista SP1
Exploitation: Local Privilege Escalation
Date: 2009-10-27
--Saturday, October 31, 2009, 5:24:38 PM, you wrote to bugtraq@securityfocus.com:
PRL> #####################################################################################
PRL> Application: Panda Global Protection 2010
PRL> Panda Internet Security 2010
PRL> Platforms: Windows XP Professional SP & windows Vista SP1
PRL> Exploitation: Local Privilege Escalation
Vendor: DWS Systems, Inc.
Product: SQL-Ledger – an open source double entry accounting/ERP system
Website: http://www.sql-ledger.org
Vulnerabilities:
- no Cross-Site-Request-Forgery (XSRF) protection
- persistent cross site scripting
- SQL injections
- local file include
- secure cookie flag not set
Class: remote
Bypassing OWASP ESAPI XSS Protection inside Javascript
------------------------------------------------------
By Inferno (inferno {at} securethoughts {dot} com)
Everyone knows the invaluable XSS cheat sheet maintained by "RSnake". It is
all about breaking things and features all the scenarios that can result in
XSS. To complement his efforts, there is an excellent XSS prevention cheat
sheet created by "Jeff Williams" (Founder and CEO, Aspect Security). As far
as I have seen, this wiki page provides the most comprehensive information
on protecting yourself from XSS on the internet. It advises using the OWASP
======================================================================
Secunia Research 31/07/2008
- Blue Coat K9 Web Protection "Referer" Header Buffer Overflow -
======================================================================
Table of Contents
Affected Software....................................................1
======================================================================
Secunia Research 31/07/2008
- Blue Coat K9 Web Protection "Referer" Header Buffer Overflow -
======================================================================
Table of Contents
Affected Software....................................................1
Skype
-- Affected Products:
Skype
-- TippingPoint(TM) IPS Customer Protection:
TippingPoint IPS customers have been protected against this
vulnerability by Digital Vaccine protection filter ID 8329.
For further product information on the TippingPoint IPS, visit:
http://www.tippingpoint.com
RealNetworks
-- Affected Products:
RealNetworks RealPlayer
-- TippingPoint(TM) IPS Customer Protection:
TippingPoint IPS customers have been protected against this
vulnerability by Digital Vaccine protection filter ID 5783.
For further product information on the TippingPoint IPS, visit:
http://www.tippingpoint.com
Apple
-- Affected Products:
Apple WebKit
-- TippingPoint(TM) IPS Customer Protection:
TippingPoint IPS customers have been protected against this
vulnerability by Digital Vaccine protection filter ID 9853.
For further product information on the TippingPoint IPS, visit:
http://www.tippingpoint.com
Next Page>>
|
