Next Page >>
uploading
begins. This action causes the browser to first download a "helper"
application that aids in downloading and executing the actual Cisco
AnyConnect Secure Mobility Client. The helper application is a Java
applet on the Linux and MacOS X platforms, and either a Java applet
on the Windows platform or an ActiveX control if the browser is
capable of utilizing ActiveX controls. The downloaded helper
application is executed in the context of the originating site in the
user's web browser. The helper application then downloads the Cisco
AnyConnect Secure Mobility Client from the VPN headend and executes
it.
Cisco Unified Communications Manager software version 4.2(3)SR4b
contains the fix for this vulnerability. Administrators of Cisco
Unified CallManager software version 4.1 systems are encouraged to
upgrade to Cisco Unified Communications Manager software version 4.2
(3)SR4b in order to obtain fixed software. Version 4.2(3)SR4b can be
downloaded at the following link:
http://tools.cisco.com/support/downloads/go/PlatformList.x?sftType=Unified%20Communications%20Manager%20Updates&mdfid=280264388&treeName=Voice%20and%20Unified%20Communications&mdfLevel=Software%20Version/Option&url=null&modelName=Cisco%20Unified%20CallManager%20Version%204.2&isPlatform=N&treeMdfId=278875240&modifmdfid=null&imname=null&hybrid=Y&imst=N
Cisco Unified Communications Manager software version 4.3(2)SR1b
contains the fix for this vulnerability. Version 4.3(2)SR1b can be
executable extensions such as .exe, .htm, .jar, etc.
The vulnerability arises from the fact that there are other extensions such
as .svg, .mht, .mhtml that don't exist in the Chrome's malicious extension
blacklist and hence the user never gets a warning message before they are
auto downloaded to his or her computer. If these downloaded files are
clicked from the Chrome's download bar or Windows Explorer (which the user
is highely likely to click considering his or her trust in Chrome that it
warns for malicious extensions), they will automatically get opened in other
browsers and can be used to steal any file on the user's computer.
the Cisco Technical Assistance Center (TAC) or your contracted
maintenance provider for assistance.
Cisco Unified CallManager version 4.1(3)SR7 contains fixes for all
vulnerabilities affecting Cisco Unified CallManager version 4.1
listed in this advisory. It can downloaded at the following link:
http://www.cisco.com/pcgi-bin/tablebuild.pl/callmgr-41?psrtdcat20e2
Cisco Unified Communications Manager version 4.2(3)SR4 contains fixes
for all vulnerabilities affecting Cisco Unified Communications
the Cisco Technical Assistance Center (TAC) or your contracted
maintenance provider for assistance.
Cisco Unified CallManager version 4.1(3)SR7 contains fixes for all
vulnerabilities affecting Cisco Unified CallManager version 4.1
listed in this advisory. It can downloaded at the following link:
http://www.cisco.com/pcgi-bin/tablebuild.pl/callmgr-41?psrtdcat20e2
Cisco Unified Communications Manager version 4.2(3)SR4 contains fixes
for all vulnerabilities affecting Cisco Unified Communications
The Documents module is vulnerable to persistent cross site scripting:
https://<mySharePointServer>/<id>/_layouts/Upload.aspx
An attacker can inject malicious scripts into a file and upload it. When any
user will access the uploaded file, it will be displayed directly on their
browser (rather than having the file downloaded to the computer), and the
malicious script will be executed in the context of the vulnerable
SharePoint site.
This vulnerability can obviously be exploited with HTML files (as mentioned
in CVE-2008-5026), but can also be exploited with any other file type parsed
During a penetration test, a ZyXEL ZyWALL USG appliance was found and
tested for security vulnerabilities. The following sections first
describe, how the appliance's filesystem can be extracted from the
encrypted firmware upgrade zip files. Afterwards it is shown, how
arbitrary configuration files can be up- and downloaded from the
appliance. This way, a custom user account with a chosen password can
be added to the running appliance without the need of a reboot.
Decrypting the ZyWALL Firmware Upgrade Files
Hello Bugtraq!
I want to warn you about Arbitrary File Uploading and Code Execution
vulnerabilities in CMS WebManager-Pro. It's Ukrainian commercial CMS.
SecurityVulns ID: 11176.
-------------------------
Affected products:
-------------------------
Cisco Unified Communications Manager (CUCM) version 4.2(3)SR4
contains fixes for all vulnerabilities affecting CUCM version 4.2
listed in this advisory. Cisco Unified CallManager 4.1 version
administrators are encouraged to upgrade to CUCM version 4.2(3)SR4 in
order to obtain fixed software. Version 4.2(3)SR4 can be downloaded
at the following link:
http://tools.cisco.com/support/downloads/go/PlatformList.x?sftType=Unified%20Communications%20Manager%20Updates&mdfid=280264388&treeName=Voice%20and%20Unified%20Communications&mdfLevel=Software%20Version/Option&url=null&modelName=Cisco%20Unified%20CallManager%20Version%204.2&isPlatform=N&treeMdfId=278875240&modifmdid=null&imname=null&hybrid=Y&imst=N
CUCM version 4.3(2)SR1 contains fixes for all vulnerabilities
to www1.partypoker.com for an EXE file in the /Downloads/en/vcc
directory and is stored on the local filesystem under
C:\Programs\PartyGaming\tmpUpgrade and executed. Afterwards, the user
may login and operate the PartyPoker client as usual.
Since the update itself is downloaded from a seperate server, the client
can contact the legitimate PartyGaming server during exploitation to
determine if an update is available as normal. The attacker only needs
to masquerade as www1.partypoker.com.
The server-side modification that has been implemented by PartyGaming causes
HP System Management Homepage for Linux (AMD64/EM64T) v6.0.0-95 (or subsequent)
Downloads are available from the following locations:
HP System Management Homepage v6.0.0.96 for Windows can be downloaded from
http://h20000.www2.hp.com/bizsupport/TechSupport/SoftwareDescription.jsp?lang=en&cc=us&prodTypeId=15351&prodSeriesId=1121486&prodNameId=3288144&swEnvOID=4064&swLang=8&mode=2&taskId=135&swItem=MTX-24b3c024ec034eee9a16c3cb3c
HP System Management Homepage for Linux (x86), v6.0.0-95 for Linux X86 OS can be downloaded from
http://h20000.www2.hp.com/bizsupport/TechSupport/SoftwareDescription.jsp?lang=en&cc=us&prodTypeId=15351&prodSeriesId=1121486&prodNameId=3288144&swEnvOID=4048&swLang=8&mode=2&taskId=135&swItem=MTX-07a54b93a826424faf044ba986
number of related authentication requests. The user adds the URLs of
trusted Web sites to this zone.
* Internet Zone: for Web sites on the Internet that do not belong to
another zone. This default setting causes Internet Explorer to prompt
the user whenever potentially unsafe content is about to be downloaded.
Web sites that are not mapped into other zones automatically fall into
this zone.
* Restricted Sites Zone: used for Web sites that contain content that
can cause (or have previously caused) problems when downloaded. This
HP System Management Homepage for Linux (AMD64/EM64T) v6.1.0-103 (or subsequent)
Downloads are available from the following locations:
HP System Management Homepage v6.1.0.102 for Windows can be downloaded from
http://h20000.www2.hp.com/bizsupport/TechSupport/SoftwareDescription.jsp?swItem=MTX-1b189d95582249b58d9ca94c45
HP System Management Homepage for Linux (x86), v6.1.0-103 for Linux X86 OS can be downloaded from
http://h20000.www2.hp.com/bizsupport/TechSupport/SoftwareDescription.jsp?swItem=MTX-4311cc1b61fd42a4874b13d714
| | are described in |
| | this advisory. |
+---------------------------------------+
Cisco Unified Communications Manager software version 4.3(2)SR2 can
be downloaded at the following link:
http://tools.cisco.com/support/downloads/go/PlatformList.x?sftType=Unified+Communications+Manager+Updates&mdfid=280771554&treeName=Voice+and+Unified+Communications&mdfLevel=Software%20Version/Option&url=null&modelName=Cisco+Unified+Communications+Manager+Version+4.3&isPlatform=N&treeMdfId=278875240&modifmdfid=null&imname=&hybrid=Y&imst=N
Cisco Unified Communications Manager software version 6.1(5) can be
downloaded at the following link:
The Service-URL parameter specifies the URL from which additional
configuration parameters are obtained, including the URL from which the
executable can be obtained. The other parameters are appended to this
URL and are used to supply additional information about the product that
has to be downloaded. The language and os parameters are automatically
set by the ActiveX control if they are not provided. The parameter
itemid is used to specify which product is to be downloaded. Multiple
products (multiple downloads) can be supplied using semi colon
characters between identifiers.
IE protected mode doesn't protect you as much as you assume. IE-PM
protects you from drive by downloads. If you download any program
manually it is executed in normal user mode (medium integrity) or in
elevated mode (high integrity) with admin rights if elevated. This is
the same for any program downloaded in IE and run by the user, or for a
Sidebar gadget. IE-PM protects you from the stuff the browser downloads
when you surf to a web site, but not from anything you intentionally
install.
I'm sorry, we'll have to agree to disagree. I don't see the new attack
The object tag contains the classid of the ActiveX control. The
(optional) codebase attribute contains a link to the installation files
in case Download Manager is not yet installed on the user's system.
The URL parameter contains a link to the file that needs to be
downloaded.
The download is started using the StartDownload method of the ActiveX
control. When the download starts, the ActiveX control creates a
temporary configuration file after which it invokes a separate program
(Manager.exe) that performs the download. Download Manager will first
HP System Management Homepage for Windows v6.0.0.96 contains Namazu v2.0.18 and PHP v5.2.9
HP System Management Homepage for Linux v6.0.0-95 contains Namazu v2.0.19 and PHP v5.2.9
Downloads are available from the following locations:
HP System Management Homepage v6.0.0.96 for Windows can be downloaded from
http://h20000.www2.hp.com/bizsupport/TechSupport/SoftwareDescription.jsp?lang=en&cc=us&prodTypeId=15351&prodSeriesId=1121486&prodNameId=3288144&swEnvOID=4064&swLang=8&mode=2&taskId=135&swItem=MTX-24b3c024ec034eee9a16c3cb3c
HP System Management Homepage for Linux (x86), v6.0.0-95 for Linux X86 OS can be downloaded from
http://h20000.www2.hp.com/bizsupport/TechSupport/SoftwareDescription.jsp?lang=en&cc=us&prodTypeId=15351&prodSeriesId=1121486&prodNameId=3288144&swEnvOID=4048&swLang=8&mode=2&taskId=135&swItem=MTX-07a54b93a826424faf044ba986
IE protected mode doesn't protect you as much as you assume. IE-PM
protects you from drive by downloads. If you download any program
manually it is executed in normal user mode (medium integrity) or in
elevated mode (high integrity) with admin rights if elevated. This is
the same for any program downloaded in IE and run by the user, or for a
Sidebar gadget. IE-PM protects you from the stuff the browser downloads
when you surf to a web site, but not from anything you intentionally
install.
I'm sorry, we'll have to agree to disagree. I don't see the new attack
Link to remedies:
Registered EMC Powerlink customers can download software from Powerlink.
For Data Protection Advisor Software, navigate in Powerlink to Home > Support > Software Downloads and Licensing > Downloads D > Data Protection Advisor.
Customers who previously downloaded version 5.7 and 5.7 SP1 of the product can contact EMC Customer Support at 1-800-782-4362 to obtain the patch.
Because the view is restricted based on customer agreements, you may not have permission to view certain downloads. Should you not see a software download you believe you should have access to, follow the instructions in EMC Knowledgebase solution emc116045.
For explanation of Severity Ratings, refer to EMC Knowledgebase solution emc218831. EMC recommends that all customers take into account both the base score and any relevant temporal and environmental scores, which may impact the potential severity associated with particular security vulnerability.
EMC SourceOne Web Security Patch 6.5.2.4033
EMC SourceOne Web Security Patch 6.6.1.2194
EMC SourceOne Web Security Patch 6.7.2.2033
A patch, for the appropriate version of the software listed above, should be downloaded from Powerlink and applied to each IIS web server in a customer's deployment. The download includes directions for applying the patch to an IIS web server, depending on which SourceOne components are installed.
EMC strongly recommends all customers download and apply these patches at the earliest opportunity.
Link to remedies:
|-----------------------------+---------------------------------|
| Cisco SRP 547W | 1.2.4 |
+---------------------------------------------------------------+
The latest Cisco SRP 500 Series Services Ready Platforms firmware can
be downloaded at:
http://www.cisco.com/cisco/software/navigator.html?mdfid=282736194&i=rm
Workarounds
===========
Solutions:
===========
The FortiGuard Global Security Research Team released the signature "EMC.RepliStor.Integer.Overflow"
Users should use EMC's Powerlink solution to upgrade to the following EMC RepliStor products:
RepliStor 6.2 SP5: Navigate in Powerlink to Home > Support > Software Downloads and Licensing > Downloads P-R >RepliStor 6.2 SP5
RepliStor 6.3 SP2: Navigate in Powerlink to Home > Support > Software Downloads and Licensing > Downloads P-R >RepliStor 6.3 SP2
Fortinet customers who subscribe to Fortinet¡¯s intrusion prevention (IPS) service should be protected against this buffer overflow
vulnerability. Fortinet¡¯s IPS service is one component of FortiGuard Subscription Services, which also offer comprehensive solutions
such as antivirus, Web content filtering and antispam capabilities. These services enable protection against threats on both application
.. then in case of Apache webserver php code inside of picture will
be executed. Therefore it's basically remote php code execution.
2. Insecure file upload in Downloads module
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Security risk: critical
Preconditions:
1. attacker must be registered user
-- Vendor Response:
EMC states:
For ControlCenter 5.2 SP5 Software navigate in Powerink to the following
location:
Support > Software Downloads and Licensing > Downloads C > ControlCenter
v 5.x > 5.2 SP5 Patch 4433
For ControlCenter 6.0 Software navigate in Powerlink to the following
location:
Support > Software Downloads and Licensing > Downloads C > ControlCenter
v 6.x > 6.0 Patch 4434
-- Vendor Response:
EMC states:
For ControlCenter 5.2 SP5 Software navigate in Powerink to the following
location:
Support > Software Downloads and Licensing > Downloads C > ControlCenter
v 5.x > 5.2 SP5 Patch 4433
For ControlCenter 6.0 Software navigate in Powerlink to the following
location:
Support > Software Downloads and Licensing > Downloads C > ControlCenter
v 6.x > 6.0 Patch 4434
Final Requests
We request the community to not mirror or torrent this release, or
otherwise distribute it online without our knowledge.
We are trying to gather statistics about bt3 downloads. If you would
like to mirror BT3 then please:
1) Think again! Traffic generated by BT3 downloads is CRAZY.
2) Please contact us before doing so.
3) Send us monthly statistics of downloads for the iso.
At 12.12.2009 I found new Cross-Site Scripting vulnerabilities in Invision
Power Board. Attack is going via files php, rtf and xml (in attachments).
There are possible next attacks:
1. Attack via uploading php-files with JavaScript code. Works in IE and
Opera in context of the site. In browsers Mozilla and Firefox file will open
locally (not in context of the site) at selecting open in browser.
Accordingly in case of attack via htm, html and php files at browsers
Mozilla and Firefox, which open them locally (at selecting in dialog window
by user), attack at local computer of the user it possible.
Upload in HTML).
When you send a POST request to a PHP script with the content-type of
"multipart/form-data" and include a list of files in that request, PHP
will create a temporary file for each file from the request. PHP will
create those files regardless if the script can handle file uploading or
not. After the script was executed, the temporary files will be deleted.
The problem is that you can include a very large number of files in the
request. PHP will need to create those files before the script is
executed and delete them afterwards.
This vulnerability is fixed in the Cisco Unified Customer Voice Portal
(CVP) software version 4.0(2)_ES14 for the 4.0.x release, 4.1(1)_ES11
for the 4.1.x release, and 7.0(1) for the 7.x release.
CVP software version 4.0(2)_ES14 can be downloaded from:
http://www.cisco.com/pcgi-bin/tablebuild.pl/36833091037661f49ad8152368c22bbf
CVP software version 4.1(1)_ES11 can be downloaded from:
http://www.cisco.com/pcgi-bin/tablebuild.pl/946b57654c80187da8c3cfc0aa02866e
Next Page>>
|
