Next Page >>
website
The following PoC code is available:
http://[host]/contract_add_service.php?contractid=1%20union%20%28select%20min%28@a:=1%29from%20%28select%201%20union%20select%202%29k%20group%20by%20%28select%20concat%28@@version,0x0,@a:=%28@a%2B1%29%2%29%29%29%20+--+
3) Input passed via the "mode" GET parameter to contact_support.php is not properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user browser session in context of affected website.
The following PoC code is available:
http://[host]/contact_support.php?mode=1%22%3E%3Cscript%3Ealert%28document.cookie%29;%3C/script%3E
High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in osCmax, which can be exploited to perform SQL Injection and Cross-Site Scripting (XSS) attacks.
1) Multiple Cross-Site Scripting (XSS) in osCmax: CVE-2012-1664
1.1 Input passed via the "username" POST parameter to /admin/login.php is not properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in user's browser session in context of affected website.
The following PoC (Proof of Concept) demonstrates the vulnerability:
<form action="http://[host]/admin/login.php?action=process" method="post" name="main" id="main">
1) Multiple Cross-Site Scripting (XSS) in Kajona: CVE-2012-3805
1.1 Input passed via the "absender_name", "absender_email" and "absender_nachricht" GET parameters to /index.php (when "page" is set to "contact") is not properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in user's browser session in context of affected website.
The following PoC (Proof of Concept) demonstrate the vulnerabilities:
http://kajona/index.php?page=contact&absender_name=%22%3E%3Cscript%3Ealert%28document.cookie%29;%3C/script%3E
> * Country: USA
> * Outcome: Identity Theft
> * Vertical: Government
>
> The Secret Service has arrested at least 6 people in an investigation that
> involves information theft at an Ohio court web site, which is actively used
> for identity theft. At least one known identity theft case resulted in
> $40,000 loss to the victim.
>
>
> WHID 2007-70: Tucson, Arizona police web site defaced using SQL injection
* Country: USA
* Outcome: Identity Theft
* Vertical: Government
The Secret Service has arrested at least 6 people in an investigation that
involves information theft at an Ohio court web site, which is actively used
for identity theft. At least one known identity theft case resulted in
$40,000 loss to the victim.
WHID 2007-70: Tucson, Arizona police web site defaced using SQL injection
* Country: USA
* Outcome: Identity Theft
* Vertical: Government
The Secret Service has arrested at least 6 people in an investigation that
involves information theft at an Ohio court web site, which is actively used
for identity theft. At least one known identity theft case resulted in
$40,000 loss to the victim.
WHID 2007-70: Tucson, Arizona police web site defaced using SQL injection
* Country: USA
* Outcome: Identity Theft
* Vertical: Government
The Secret Service has arrested at least 6 people in an investigation that
involves information theft at an Ohio court web site, which is actively used
for identity theft. At least one known identity theft case resulted in
$40,000 loss to the victim.
WHID 2007-70: Tucson, Arizona police web site defaced using SQL injection
3.5
Introduction:
=============
idev-Rentals is a PHP Script (special software for your website) allows you to create an apartment / housing / accommodation
rentals listing directory. You and your website visitors can add property rentals, upload photos, add property location
information that will display visually on a Google Map embedded plugin. You can choose to charge for listings, or make your
rentals directory entire free for visitors to post their rental listings to. idev-Rentals allows you to service either a broad
or highly targeted region. You can create a worldwide rentals directory or a rentals directory limited to a specific city or region.
8.3
Introduction:
=============
iScripts EasyCreate is an online web site building tool that can be hosted on your server to provide
web site building services to your clients. iScripts EasyCreate is completely customizable. You can decide
on the branding of the entire web site creation software by setting your logo, brand information, marketing
messages, special offers, custom support links, etc. on the application interface. Since the application is
hosted on your server, you have complete control over the working of the site. The application is easy to
install, and you can have your web site building service up and running in minutes.
Introduction:
=============
With Internet on mobile devices booming, having a desktop-oriented version is just not enough anymore. Empower your
visitors with content designed for mobile Web by offering them a mobile version of your classifieds website.
WorksForWeb is offering custom-made mobile frontend addons for our classified solutions. The mobile version of your
website will present all the data of the regular website in the format optimized for iPhone, Android, iPad, BlackBerry,
Symbian, or other mobile devices. Mobile frontend addon features:
Quick and advanced search,
8.3
Introduction:
=============
Choosing Flynax General Classifieds software allows you to set up any classifieds website. It is not designed for a
particular niche so it can be adjusted to any idea of a classifieds website. This gives you a chance to choose the
any niche for your classifieds website. For example you may create a classifieds website which will base on local
classifieds with job ads, sport goods, motorbikes, bicycles or be oriented on all ideas in one website. Using General
classifieds software with plugins you may create that classifieds website which you desire to have.
transferring data across domains, allowing them to interact with each other.
The Anti-XSS filter has been found to have some security holes in the
current implementation. Microsoft decided to filter "Type 1 XSS" which is
free text send to the server being reflected to the user and therefore
injecting HTML code into the website's page. They chose not to handle
certain situations such as injection into a JavaScript tag space, which
would be extremely difficult to filter. The software giant also chose not
to filter injection into HTTP headers, which will drive hackers to focus on
discovering CRLF vulnerabilities.
downloading a crafted .url file and a crafted HTML file, an attacker
could steal information from the user's cache. (CVE-2008-4582)
Georgi Guninski, Michal Zalewsk and Chris Evans discovered that the
same-origin check in Firefox could be bypassed. If a user were tricked
into opening a malicious website, an attacker could obtain private
information from data stored in the images, or discover information
about software on the user's computer. This issue only affects Firefox 2.
(CVE-2008-5012)
It was discovered that Firefox did not properly check if the Flash
Product Price: RM240 / year
Product Description:
Sistem Bina Website Sendiri(Biwes)
Sistem Bina Website Sendiri atau lebih dikenali dengan nama Sistem Biwes adalah sistem bina website sendiri berkonsepkan DIY(Do It Yourself).
Ia memberi peluang kepada mereka yang ingin mengendalikan website sendiri tetapi tidak mempunyai pengetahuan tentang website.
Cara penggunaannya iaitu anda masukkan kandungan website, sistem secara automatik akan mencipta menu bagi page baru.
Bagi website e-commerce pula sistem ini digabungkan dengan sistem shopping cart dan sistem pembayaran.
Giovanni "evilaliv3" Pellerano, Antonio "s4tan" Parata and Francesco
"ascii" Ongaro are credited with the discovery of this vulnerability.
Giovanni "evilaliv3" Pellerano
web site: http://www.ush.it/, http://www.evilaliv3.org/
mail: evilaliv3 AT ush DOT it
Antonio "s4tan" Parata
web site: http://www.ush.it/
mail: s4tan AT ush DOT it
Introduction:
-------------
The vulnerability found targets the Outlook Web Access application
for Microsoft Exchange 2003. A valid user can be redirected to a
malicious website when clicking on a specially crafted URL which can
be sent to the user by email. If the user is logged in,
he is redirected instantly - if he is not logged in yet, the login page
will be displayed and he will be redirected after successful login.
This vulnerability can be used to redirect the user to a phishing
website which shows the (faked) login screen and getting the users
>
> Introduction:
> -------------
> The vulnerability found targets the Outlook Web Access application
> for Microsoft Exchange 2003. A valid user can be redirected to a
> malicious website when clicking on a specially crafted URL which can
> be sent to the user by email. If the user is logged in,
> he is redirected instantly - if he is not logged in yet, the login page
> will be displayed and he will be redirected after successful login.
> This vulnerability can be used to redirect the user to a phishing
> website which shows the (faked) login screen and getting the users
Vulnerability Details:
High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in N-13 News, which can be exploited to perform cross-site scripting attacks.
1) Input passed via the GET "id" parameter to index.php is not properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of affected website.
The following PoC code is available:
http://[host]/index.php?id=%3C/script%3E%3Cscript%3Ealert%28document.cookie%29;%3C/script%3E
Vulnerability Details:
High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in Open-Realty, which can be exploited to perform cross-site scripting and SQL Injection attacks.
1) Input passed via the "name", "email", "friend_email", "subject", "message" POST parameters to index.php is not properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of affected website.
The following PoC code is available:
<form action="http://[host]/index.php?action=contact_friend&popup=yes&listing_id=1" method="post">
Introduction:
=============
GuestBook Script PHP is a script that is very easy to install,
administer and use on your website.
Visitors to your website can leave comments and feedback. Also you can
use it for testimonials.
Features of GuestBook Script PHP:
password protected administrator page
*Vulnerability Description*
WonderWare is supplier of industrial automation and information software
solutions. According to the company's website [1]: "one third of the
world's plants run Wonderware software solutions. Having sold more than
500,000 software licenses in over 100,000 plants worldwide, Wonderware
has customers in virtually every global industry - including Oil & Gas,
Food & Beverage, Utilities, Pharmaceuticals, Electronics, Metals,
Automotive and more".
workaround is available, a software upgrade is not required to address this
vulnerability. However, if you have a service contract, and would like to
upgrade to unaffected code, you may obtain upgraded software through your
regular update channels when that software is available. For most customers,
this means that upgrades should be obtained through the Software Center on
Cisco's worldwide web site at http://www.cisco.com.
Customers with Service Contracts
+-------------------------------
Customers with contracts should obtain upgraded software through their regular
Insecure web application programming or configuration
Technical Description
=====================
Session Fixation is an attack technique that forces a user's session ID to an explicit value. Depending on the functionality of the target web site, a number of techniques can be utilized to "fix" the session ID value. These techniques range from Cross-site Scripting exploits to peppering the web site with previously made HTTP requests. After a user's session ID has been fixed, the attacker waits for the user to login, and then uses the predefined session ID value to assume the user's online identity.
In general, there are two types of session management systems for ID values. The first type is "permissive" systems, that allow web browsers to specify any ID. The second type is "strict" systems, that only accept server-side generated values. With permissive systems, arbitrary session IDs are maintained without contact with the web site. Strict systems require that the attacker maintain the "trap-session", with periodic web site contact, preventing inactivity timeouts.
Without active protection against session fixation, the attack can be mounted against any web site using sessions to identify authenticated users. Web sites using session IDs are normally cookie-based, but URLs and hidden form-fields are used as well. Unfortunately, cookie-based sessions are the easiest to attack. Most of the currently identified attack methods are aimed toward the fixation of cookies.
Insecure web application programming or configuration
Technical Description
=====================
Session Fixation is an attack technique that forces a user's session ID to an explicit value. Depending on the functionality of the target web site, a number of techniques can be utilized to "fix" the session ID value. These techniques range from Cross-site Scripting exploits to peppering the web site with previously made HTTP requests. After a user's session ID has been fixed, the attacker waits for the user to login, and then uses the predefined session ID value to assume the user's online identity.
In general, there are two types of session management systems for ID values. The first type is "permissive" systems, that allow web browsers to specify any ID. The second type is "strict" systems, that only accept server-side generated values. With permissive systems, arbitrary session IDs are maintained without contact with the web site. Strict systems require that the attacker maintain the "trap-session", with periodic web site contact, preventing inactivity timeouts.
Without active protection against session fixation, the attack can be mounted against any web site using sessions to identify authenticated users. Web sites using session IDs are normally cookie-based, but URLs and hidden form-fields are used as well. Unfortunately, cookie-based sessions are the easiest to attack. Most of the currently identified attack methods are aimed toward the fixation of cookies.
|Description|
+-----------+
The Yoono Firefox extension provides an interface for
users to share objects with their friends on social
networks from any website. It allows users to select
images from a website to be shared, which publishes
that image to their friends.
Security-Assessment.com discovered that Yoono's share
function is vulnerable to DOM event handler injection.
Details follow:
Alin Rad Pop discovered a heap-based buffer overflow in Firefox when it
converted strings to floating point numbers. If a user were tricked into
viewing a malicious website, a remote attacker could cause a denial of service
or possibly execute arbitrary code with the privileges of the user invoking the
program. (CVE-2009-1563)
Jeremy Brown discovered that the Firefox Download Manager was vulnerable to
symlink attacks. A local attacker could exploit this to create or overwrite
Original advisory details:
Alin Rad Pop discovered a heap-based buffer overflow in Firefox when it
converted strings to floating point numbers. If a user were tricked into
viewing a malicious website, a remote attacker could cause a denial of service
or possibly execute arbitrary code with the privileges of the user invoking the
program. (CVE-2009-1563)
Jeremy Brown discovered that the Firefox Download Manager was vulnerable to
symlink attacks. A local attacker could exploit this to create or overwrite
e107 is a free content management system (CMS) written in PHP language
and is available at http://e107.org/news.php . In October 2009, Bkis
Security discovered a number of XSS and Blind SQL Injection
vulnerabilities on this system. Taking advantage of these holes, hackers
can insert arbitrary malicious codes onto users' browsers, then steal
private information or carry out requests to the website to gain
complete control of the website's database.
Details: http://blog.bkis.com/e107-multiple-vulnerabilities/
SVRT Advisory: Bkis-13-2009
Initial vendor notification: 10/28/09
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Website META Language: Insecure temporary file usage
Date: March 15, 2008
Bugs: #209927
ID: 200803-23
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
shown in the following URL:
http://www.cisco.com/en/US/docs/switches/lan/catalyst2950/software/release/12.1_9_ea1/configuration/guide/swacl.html#xtocid14
More information on configuring ACLs can be found on Cisco's public
website:
http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_tech_note09186a00800a5b9a.shtml
The following is an example of a vty access-list:
Next Page>>
|
