Home » 2010 » March » 06
 ncpfs, Multiple Vulnerabilities
 March 5, 2010
 CVE-2010-0788, CVE-2010-0790, CVE-2010-0791


The ncpmount, ncpumount, and ncplogin utilities, installed as part of the ncpfs
package, contain several vulnerabilities.

1. ncpmount, ncpumount, and ncplogin are vulnerable to race conditions that
allow a local attacker to unmount arbitrary mountpoints, causing
denial-of-service, or mount Netware shares to arbitrary directories,
potentially leading to root compromise.  This issue was formerly assigned
CVE-2009-3297, but has since been re-assigned CVE-2010-0788 to avoid overlap
with related bugs in other packages.

2. ncpumount is vulnerable to an information disclosure vulnerability that
allows a local attacker to verify the existence of arbitrary files, ... Read more »
Views: 50116 | Added by: b1zz4rd | Date: 2010-03-06 | Comments (31)

# Title: [SQL injection vulnerability in Natychmiast CMS]
# Date: [03.03.2010]
# Author: [Ariko-Security]
# Software Link: [http://www.natychmiast-cms.pl/]
# Version: [ALL]

============ { Ariko-Security - Advisory #2/3/2010 } =============

      SQL injection and XSS vulnerability in NATYCHMIAST CMS

Vendor's Description of Software:
# http://www.natychmiast-cms.pl/Natychmiast+CMS.html [Polish]

# N/A

Application Info:
Vulnerability Info:
# Type: SQL injection and XSS Vulnerability
# Risk: medium

# N/A

Time Table:
# 03/03/2010 - Vendor notified.

Input passed via the "id_str" parameter to index.php and a_index.php is not properly sanitised before being used ... Read more »
Views: 22676 | Added by: b1zz4rd | Date: 2010-03-06 | Comments (1)

Hash: SHA256


The Juniper Secure Access (SA) web interface allows users to manage the
bookmarks on their landing page. This bookmark management functionality
does not filter user input properly and can allow cross site scripting

Upon modification or creation of a bookmark, the editbk.cgi script is
requested with a parameter named "row".  This parameter identifies the
bookmark in question and its value is used in the server response.  It is a
flaw in the input handling of this "row" parameter that makes the appliance
vulnerable to a cross site scripting attack.

Successful exploitation could allow a remote attacker to hijack an
authenticated session between a victim and the Juniper SA web interface.

Usage of the Single Sign-On (SSO) feature will severely increase the impact
as SSO automatically grants the hijacked session access to ot ... Read more »
Views: 16067 | Added by: b1zz4rd | Date: 2010-03-06 | Comments (0)