Home » 2010 » March » 03
ZDI-10-023: Multiple Vendor librpc.dll Signedness Error Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-023
March 1, 2010

-- CVE ID:
CVE-2009-2754

-- Affected Vendors:
IBM
EMC

-- Affected Products:
IBM Informix
EMC NetWorker

-- TippingPoint(TM) IPS Customer Protection:
TippingPoint IPS customers have been protected against this
vulnerability by Digital Vaccine protection filter ID 5945.
For further product information on the TippingPoint IPS, visit:

   http://www.tippingpoint.com

-- Vulnerability Details:
This vulnerability allows attackers to execute arbitrary code on
vulnerable installations of both IBM Informix Dynamic Server and EMC
Legato Networker. User interaction is not require ... Read more »
Views: 7681 | Added by: b1zz4rd | Date: 2010-03-03 | Comments (0)

==============================
===========
Yaniv Miron aka "Lament" Advisory Feb 28, 2010
Sparta Systems TrackWise TeamAccess module Multiple Cross Site Scripting Vulnerabilities
=========================================

=====================
I. BACKGROUND
=====================
TrackWise® by Sparta Systems: A Holistic Approach to Enterprise Quality Management

TrackWise by Sparta Systems is an enterprise quality management solution (EQMS)
that optimizes quality, ensures compliance and reduces costs for world-class clients
across a range of industries. TrackWise is the only enterprise quality management solution that offers the flexibility and configurability

to adapt to company-specific business processes,
enabling our world-class clients across a range of industries to define, track, manage
and report on the core activities vital to their success.

... Read more »
Views: 2221 | Added by: b1zz4rd | Date: 2010-03-03 | Comments (0)

==============================
===========
Yaniv Miron aka "Lament" Advisory Feb 27, 2010
Eshbel Priority MarketGate module Cross Site Scripting Vulnerability
=========================================

=====================
I. BACKGROUND
=====================
Priority’s ERP

The features listed below are a selection of some of the functionality
available in a selection of the Priority modules.
BI (Business Intelligence), Purchasing, BPM (Business Process Management),
Manufacturing/Production, GL + Financials, Human Resources,
CRM (Customer Relations Management), Project Management,
Order Processing, System Administration, Service and Customer Support,
SDK (Generators), Inventory Control, User Configuration, WMS

http://www.eshbel.com//ERP-Feature.htm

=====================
II. DESCRIPTION
... Read more »
Views: 6726 | Added by: b1zz4rd | Date: 2010-03-03 | Comments (1)

##########################www.BugReport.ir########################################
#
#        AmnPardaz Security Research Team
#
# Title:                1024CMS Blind SQL Injection Vulnerability
# Vendor:               http://www.1024cms.org/
# Vulnerable Version:   2.1.1 (Latest version till now)
# Exploitation:         Remote with browser
# Fix:                  N/A
##############################
#####################################################

####################
- Description:
####################

1024CMS is a PHP-based CMS which uses MySQL as its backend DBMS. It support forums, downloads,
search capability, BB code capability, gallery, chat ... Read more »
Views: 1363 | Added by: b1zz4rd | Date: 2010-03-03 | Comments (0)


Huawei HG510 is a device offered by the Serbian telecom operator, to provide ADSL Internet connection.
Administration of settings on this device is allowed only from local LAN network but not only from
private IP address (eg 192.168.1.1) then You can access with public IP address (only from local LAN again).

There is no CSRF protection so we can create malicious web pages and create some CSRF attacks.
Is user is logged on his device we can change passwords or some another settings.

POC:

http://PUBLIC_IP_OF_USER/password.cgi?sysPassword=BASE64_NEW_PASSWORD


When I testing this I found one strange behavior with /rebootinfo.cgi (reboot device script).
Normaly for all this CSRF user must be logged into device web interface but if we request:
http ... Read more »
Views: 1379 | Added by: b1zz4rd | Date: 2010-03-03 | Comments (0)

______________________________
____________________________________

 Insomnia Security Vulnerability Advisory: ISVA-100216.1
___________________________________________________________________

 Name: Windows URL Handling Vulnerability
 Released: 16 February 2010

 Vendor Link:
   http://www.microsoft.com/

 Affected Products:
   Windows 2000, Windows XP, Windows 2003, Windows Vista

 Original Advisory:
   http://www.insomniasec.com/advisories/ISVA-100216.1.htm

 Researcher:
   Brett Moore, Insomnia Security
   http://www.insomniasec.com
______________________________ ... Read more »
Views: 1129 | Added by: b1zz4rd | Date: 2010-03-03 | Comments (0)

# Greetz to all Darkc0de ,AI,ICW, AH Memebers
# Shoutz to r45c4l,j4ckh4x0r,silic0n,
smith,baltazar,d3hydr8,FB1H2S, lowlz,Eberly,Sumit,
#
# Author: Beenu Arora
#
# Home  : www.BeenuArora.com
#
# Email : beenudel1986@gmail.com
#
# Share the c0de!
#
################################################################
#
# Exploit: Multiple Stored XSS in XOOPS 2.4.4 Admin Section
#
# AppSite: www.xoops.org
#
# Tested Version : 2.4.4
#
# Request: POST
#
# Sample URLs:-http://localhost/xoops/htdocs/modules/system/admin/groupperm.php
# ... Read more »
Views: 1286 | Added by: b1zz4rd | Date: 2010-03-03 | Comments (0)

                  Virtual Security Research, LLC.
                     http://www.vsecurity.com/
                         Security Advisory


-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

Advisory Name: Chrome Password Manager Cross Origin Weakness
 Release Date: 2010-02-15
 Application: Google Chrome Web Browser
    Versions: 4.0.249.78, 3.0.195.38, and likely earlier
    Severity: Medium/Low
      Author: Timothy D. Morgan <tmorgan (a) vsecurity . com>
Vendor Status: Update Released [2]
CVE Candidate: CVE-2010-0556
   Reference: ... Read more »
Views: 6171 | Added by: b1zz4rd | Date: 2010-03-03 | Comments (0)

Information disclosure vulnerability in Drupal's Realname User Reference
Widget contributed module (version 6.x-1.0)

Discovered by Martin Barbella <barbella@sas.upenn.edu>

Description of Vulnerability:
-----------------------------
Drupal is a free software package that allows an individual or a
community of users to easily publish, manage and organize a wide variety
of content on a website (http://drupal.org/about).

The Realname CCK User Reference Widget module adds a new widget to the
User Reference CCK field type that uses the Realnames for autocompletion
(http://drupal.org/project/realname_userreference).

Only the access content permission is needed to access the page which
displays the user names and real names for users, used by ... Read more »
Views: 5930 | Added by: b1zz4rd | Date: 2010-03-03 | Comments (0)



##############################
##################################
#       .___             __          _______       .___        #
#     __| _/____ _______|  | __ ____ \   _  \    __| _/____    #
#    / __ |\__  \\_  __ \  |/ // ___\/  /_\  \  / __ |/ __ \   #
#   / /_/ | / __ \|  | \/    <\  \___\  \_/   \/ /_/ \  ___/   #
#   \____ |(______/__|  |__|_ \\_____>\_____  /\_____|\____\   #
#        \/                  \/             \/     &nbs ... Read more »
Views: 1502 | Added by: b1zz4rd | Date: 2010-03-03 | Comments (1)