Next Page >>
scripting language
----------------------------------------------------------------
Script : Pluck 4.5.2
Type : Multiple Cross Site Scripting Vulnerabilities
Alert : Medium
----------------------------------------------------------------
Version: 7.5.0
Hardware: Tomcat/Oracle
Vulnerability: Cross-Site Scripting, Phishing Through Frames,
Application Error
Overview:
Release mode: Coordinated release
2. *Vulnerability Information*
Class: Multiple Cross Site Scripting (XSS)
Remotely Exploitable: Yes
Locally Exploitable: Yes
CVE Name: CVE-2010-0432
Release mode: Coordinated release
2. *Vulnerability Information*
Class: Cross site scripting (XSS)
Remotely Exploitable: Yes
Locally Exploitable: No
Bugtraq ID: 34154, 34155
CVE Name: CVE-2009-1729
Release mode: Coordinated release
2. *Vulnerability Information*
Class: Denial of service (DoS), Cross site scripting (XSS)
Remotely Exploitable: Yes
Locally Exploitable: No
Bugtraq ID: 34150, 34152, 34153
CVE Name: N/A
[DSECRG-11-011] SAP Crystal Reports 2008 - Multiple XSS
SAP Crystal Report Server 2008 - multiple cross-site scripting vulnerabilities.
SAP Crystal Report Server 2008 - Multiple cross-site scripting vulnerabilities. [DSecRG-11-011] (Internal DSECRG-00147)
Multiple XSS vulnerabilities found in the module PerformanceManagement application SAP Crystal Report Server 2008. An attacker can intercept the cookie administrator or regular user of the system.
Application: SAP Crystal Report Server 2008
Summary
=======
Cisco CallManager and Unified Communications Manager are vulnerable
to cross-site Scripting (XSS) and SQL Injection attacks in the lang
variable of the admin and user logon pages. A successful attack may
allow an attacker to run JavaScript on computer systems connecting to
CallManager or Unified Communications Manager servers, and has the
potential to disclose information within the database.
Release Type: Co-ordinated, responsible disclosure
2. Vulnerability Information
------------------------------------------------------------------------------------------------------------------------
Class: Cross Site Request Forgery, Cross Site Scripting, File Path
Disclosure, Local File Inclusion, Authentication Bypass and PHP Command
Injection
Remotely Exploitable: Yes
Locally Exploitable: No
over a million store owners around the world."
The following web vulnerabilities were found in CubeCart version 4.3.3;
1.SQL injection in “/cubecart_4/index.php”, parameter “searchStr”.
2.Cross-site Scripting vulnerability in
“/cubecart_4/modules/gateway/WorldPay/return.php”, parameter “amount”.
3.Cross-site Scripting vulnerability in
“/cubecart_4/modules/gateway/WorldPay/return.php”, parameter “cartId”.
4.Cross-site Scripting vulnerability in
“/cubecart_4/modules/gateway/WorldPay/return.php”, parameter “email”.
2. *Vulnerability Information*
Class: Protection Mechanism Failure [CWE-693], Authentication Issues
[CWE-287], Cross-Site Scripting (XSS) [CWE-79]
Impact: Code execution, Security bypass
Remotely Exploitable: Yes
Locally Exploitable: No
CVE Name: CVE-2010-3272, CVE-2010-3273, CVE-2010-3274
Hi there,
For the last year, we have been focusing on
Firefox Extension security and we have now
released a research paper and an addendum
on the topic of Cross Context Scripting (XCS).
The research paper "Cross Context Scripting
with Firefox" demonstrates different ways of
attacking Firefox extensions via Cross
Context Scripting (XCS) vulnerabilities.
would-be attacker to provide malicious HTML content from a website and
to predict the full pathname for the file that will be used to cache it
locally on the victim's system. If the entire path name can be
predicted, the attacker can cause a redirection to the locally stored
file using an URI specified in UNC form and force the local content to
be rendered as an HTML document, which will permit to run scripting
commands and instantiate certain ActiveX controls.
As a result of a successful attack, security or privacy-sensitive
information can be obtained by an attacker including but not limited to
user authentication credentials for any web application domain, HTTP
Below is a digest of vulnerabilities published by
http://securityvulns.com/ and believed to be previously unpublished in
English. All vulnerabilities were reported by MustLive
(http://websecurity.com.ua/).
1. AwesomeTemplateEngine Crossite scripting
Multiple crossite scripting (require register_globvals):
http://site/templates/example_template.php?data[title]=%3C/title%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
http://site/templates/example_template.php?data[message]=%3Cscript%3Ealert(document.cookie)%3C/script%3E
release available.
3. Problem Description
a. WebAccess Context Data Cross-site Scripting Vulnerability
A cross-site scripting vulnerability in WebAccess allows for
disclosure of sensitive information. The flaw is due to insufficient
verification of certain parameters which may lead to redirection of
a user's requests.
SEC Consult Security Advisory < 20090415-0 >
==========================================================================
title: Novell Teaming Multiple Vulnerabilities
* Username Enumeration
* Multiple Cross Site Scripting
* Includes vulnerable Liferay portal
program: Novell Teaming
vulnerable version: 1.0.3
homepage: http://www.novell.com/products/teaming/
found: February 2009
The first set of vulnerabilities address several buffer overflow
conditions in the UCP application that could result in remote
execution of arbitrary code on the host system where UCP is
installed.
The second set of vulnerabilities address cross-site scripting in the
UCP application pages.
Both sets of vulnerabilities could be remotely exploited, and do not
require valid user credentials.
Details follow:
It was discovered that Apache did not sanitize the Expect header from
an HTTP request when it is reflected back in an error message, which
could result in browsers becoming vulnerable to cross-site scripting
attacks when processing the output. With cross-site scripting
vulnerabilities, if a user were tricked into viewing server output
during a crafted server request, a remote attacker could exploit this
to modify the contents, or steal confidential data (such as passwords),
within the same domain. This was only vulnerable in Ubuntu 6.06.
1. *Advisory Information*
Title: DAZ Studio Arbitrary Command Execution
Advisory Id: CORE-2009-0911
Advisory URL:
http://www.coresecurity.com/content/dazstudio-scripting-injection
Date published: 2009-12-02
Date of last update: 2009-12-01
Vendors contacted: DAZ
Release mode: User release
software package.
Autodesk Maya offers so called "Script Nodes" as a way to program
animation behavior using MEL (Maya Embedded Language) and the Python
programming language. The Autodesk Maya file formats support embedding
of scripting code as part of a scene package. Programs embeded in Maya
files using scripting code are automatically executed upon opening of
the file. An attacker can take control of a system where Maya is
installed by sending a specially crafted scene package and enticing
the user to open it. The scripting code will run with the privileges
of the user running the Maya application.
necessary changes.
Details follow:
Fernando Quintero discovered than MoinMoin did not properly sanitize its
input when processing login requests, resulting in cross-site scripting (XSS)
vulnerabilities. With cross-site scripting vulnerabilities, if a user were
tricked into viewing server output during a crafted server request, a remote
attacker could exploit this to modify the contents, or steal confidential data,
within the same domain. This issue affected Ubuntu 7.10 and 8.04 LTS.
(CVE-2008-0780)
Application Description 3
OpenNMS HTTP Response Splitting Vulnerability 3
Vulnerability Information 3
Vulnerability Details 3
Proof-of-Concept 4
OpenNMS Cross-Site Scripting Vulnerabilities 5
Vulnerability Information 5
Vulnerability Details 5
Proof-of-Concept 5
Security Analysis 6
Discovery 6
Title: CA Service Desk Multiple Cross-Site Scripting
Vulnerabilities
CA Advisory Date: 2008-09-24
Reported By:
Open Security Foundation
http://www.example.com/activekb/index.php?ToDo=browse&catId=[SQL]
http://www.example.com/activekb/admin/index.php?ToDo=hideQuestion&questId=[SQL]
Original message (in Russian): http://securityvulns.ru/Rdocument901.html
4. MustLive reports Cross-Site Scripting vulnerability in Joomla! <= 1.0.13
An example of vulnerability is
http://site/index.php?option=com_search&searchword=';alert('XSS')//
SecurityVulns issue: http://securityvulns.com/news/Planet/VC-200M/DoS.html
Original message (in Russian): http://securityvulns.ru/Rdocument847.html
2. MustLive reports low-risk (requires social engineering), yet
interesting example of crossite scripting in Internet Explorer. Local
zone scripting is possible on accessing saved page with original URL
in the form of
http://site/-->[script]alert("XSS")[/script]
Moodle does not enable the "Regenerate session id during
login" setting by default, which makes it easier for remote
attackers to conduct session fixation attacks.
CVE-2010-1614
Multiple cross-site scripting (XSS) vulnerabilities allow
remote attackers to inject arbitrary web script or HTML via
vectors related to (1) the Login-As feature or (2) when the
global search feature is enabled, unspecified global search
forms in the Global Search Engine.
Moodle does not enable the "Regenerate session id during
login" setting by default, which makes it easier for remote
attackers to conduct session fixation attacks.
CVE-2010-1614
Multiple cross-site scripting (XSS) vulnerabilities allow
remote attackers to inject arbitrary web script or HTML via
vectors related to (1) the Login-As feature or (2) when the
global search feature is enabled, unspecified global search
forms in the Global Search Engine.
2. *Vulnerability Information*
Class: Cross site scripting [CWE-79]
Impact: Code execution
Remotely Exploitable: Yes
Locally Exploitable: No
Bugtraq ID: 37960
CVE Name: CVE-2010-0440
2. *Vulnerability Information*
Class: Cross site scripting [CWE-79]
Impact: Code execution
Remotely Exploitable: Yes
Locally Exploitable: No
Bugtraq ID: N/A
CVE Name: CVE-2009-2897, CVE-2009-2898
Release mode: Coordinated release
2. *Vulnerability Information*
Class: Multiple Cross Site Scripting (XSS)
Remotely Exploitable: Yes
Locally Exploitable: Yes
CVE Name: CVE-2009-2733
[5] http://secunia.com/advisories/34220/
APPENDIX: Advisories
====================================================
Advisory: “Cross-Site Scripting” in Avatar uploads in fluxBB
Application: fluxBB
Vulnerable Versions: 1.3-legacy and older 1.3 versions.
Reported By: Jacques Copeau
Next Page>>
|
