1.1.           
Latar Belakang
Cybercrime merupakan bentuk-bentuk kejahatan yang timbul karena pemanfaatan teknologi internet. Kebutuhan akan teknologi Jarin ... Read more »
Views: 31922 | Added by: dedesukmana | Date: 07 November 2013 | Comments (0)

============================================
 ncpfs, Multiple Vulnerabilities
 March 5, 2010
 CVE-2010-0788, CVE-2010-0790, CVE-2010-0791
============================================

==Description==

The ncpmount, ncpumount, and ncplogin utilities, installed as part of the ncpfs
package, contain several vulnerabilities.

1. ncpmount, ncpumount, and ncplogin are vulnerable to race conditions that
allow a local attacker to unmount arbitrary mountpoints, causing
denial-of-service, or mount Netware shares to arbitrary directories,
potentially leading to root compromise.  This issue was formerly assigned
CVE-2009-3297, but has since been re-assigned CVE-2010-0788 to avoid overlap
with related bugs in other packages.

2. ncpumount is vulnerable to an information disclosure vulnerability that
allows a local attacker to verify the existence of arbitrary files, ... Read more »
Views: 52725 | Added by: b1zz4rd | Date: 06 March 2010 | Comments (31)

# Title: [SQL injection vulnerability in Natychmiast CMS]
# Date: [03.03.2010]
# Author: [Ariko-Security]
# Software Link: [http://www.natychmiast-cms.pl/]
# Version: [ALL]


============ { Ariko-Security - Advisory #2/3/2010 } =============

      SQL injection and XSS vulnerability in NATYCHMIAST CMS



Vendor's Description of Software:
# http://www.natychmiast-cms.pl/Natychmiast+CMS.html [Polish]

Dork:
# N/A

Application Info:
# Name: NATYCHMIAST CMS
Vulnerability Info:
# Type: SQL injection and XSS Vulnerability
# Risk: medium

Fix:
# N/A

Time Table:
# 03/03/2010 - Vendor notified.

Input passed via the "id_str" parameter to index.php and a_index.php is not properly sanitised before being used ... Read more »
Views: 25201 | Added by: b1zz4rd | Date: 06 March 2010 | Comments (1)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

o PROBLEM DETAILS

The Juniper Secure Access (SA) web interface allows users to manage the
bookmarks on their landing page. This bookmark management functionality
does not filter user input properly and can allow cross site scripting
attacks.

Upon modification or creation of a bookmark, the editbk.cgi script is
requested with a parameter named "row".  This parameter identifies the
bookmark in question and its value is used in the server response.  It is a
flaw in the input handling of this "row" parameter that makes the appliance
vulnerable to a cross site scripting attack.

Successful exploitation could allow a remote attacker to hijack an
authenticated session between a victim and the Juniper SA web interface.

Usage of the Single Sign-On (SSO) feature will severely increase the impact
as SSO automatically grants the hijacked session access to ot ... Read more »
Views: 18621 | Added by: b1zz4rd | Date: 06 March 2010 | Comments (0)

Open redirection vulnerability in the Drupal API function drupal_goto
(Drupal 6.15 and 5.21)

Discovered by Martin Barbella <martybarbella@gmail.com>

Description of Vulnerability:
-----------------------------
Drupal is a free software package that allows an individual or a
community of users to easily publish, manage and organize a wide
variety of content on a website (http://drupal.org/about).

The drupal_goto API function is meant to "send the user to a different
Drupal page. This issues an on-site HTTP redirect. The function makes
sure the redirected URL is formatted correctly"
(http://api.drupal.org/api/function/drupal_goto).

This function will also check $_REQUEST['destination'] and
$_REQUEST['edit']['
Views: 19775 | Added by: b1zz4rd | Date: 05 March 2010 | Comments (0)

ZDI-10-023: Multiple Vendor librpc.dll Signedness Error Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-023
March 1, 2010

-- CVE ID:
CVE-2009-2754

-- Affected Vendors:
IBM
EMC

-- Affected Products:
IBM Informix
EMC NetWorker

-- TippingPoint(TM) IPS Customer Protection:
TippingPoint IPS customers have been protected against this
vulnerability by Digital Vaccine protection filter ID 5945.
For further product information on the TippingPoint IPS, visit:

   http://www.tippingpoint.com

-- Vulnerability Details:
This vulnerability allows attackers to execute arbitrary code on
vulnerable installations of both IBM Informix Dynamic Server and EMC
Legato Networker. User interaction is not require ... Read more »
Views: 10009 | Added by: b1zz4rd | Date: 03 March 2010 | Comments (0)

==============================
===========
Yaniv Miron aka "Lament" Advisory Feb 28, 2010
Sparta Systems TrackWise TeamAccess module Multiple Cross Site Scripting Vulnerabilities
=========================================

=====================
I. BACKGROUND
=====================
TrackWise® by Sparta Systems: A Holistic Approach to Enterprise Quality Management

TrackWise by Sparta Systems is an enterprise quality management solution (EQMS)
that optimizes quality, ensures compliance and reduces costs for world-class clients
across a range of industries. TrackWise is the only enterprise quality management solution that offers the flexibility and configurability

to adapt to company-specific business processes,
enabling our world-class clients across a range of industries to define, track, manage
and report on the core activities vital to their success.

... Read more »
Views: 2448 | Added by: b1zz4rd | Date: 03 March 2010 | Comments (0)

==============================
===========
Yaniv Miron aka "Lament" Advisory Feb 27, 2010
Eshbel Priority MarketGate module Cross Site Scripting Vulnerability
=========================================

=====================
I. BACKGROUND
=====================
Priority’s ERP

The features listed below are a selection of some of the functionality
available in a selection of the Priority modules.
BI (Business Intelligence), Purchasing, BPM (Business Process Management),
Manufacturing/Production, GL + Financials, Human Resources,
CRM (Customer Relations Management), Project Management,
Order Processing, System Administration, Service and Customer Support,
SDK (Generators), Inventory Control, User Configuration, WMS

http://www.eshbel.com//ERP-Feature.htm

=====================
II. DESCRIPTION
... Read more »
Views: 9088 | Added by: b1zz4rd | Date: 03 March 2010 | Comments (1)

##########################www.BugReport.ir########################################
#
#        AmnPardaz Security Research Team
#
# Title:                1024CMS Blind SQL Injection Vulnerability
# Vendor:               http://www.1024cms.org/
# Vulnerable Version:   2.1.1 (Latest version till now)
# Exploitation:         Remote with browser
# Fix:                  N/A
##############################
#####################################################

####################
- Description:
####################

1024CMS is a PHP-based CMS which uses MySQL as its backend DBMS. It support forums, downloads,
search capability, BB code capability, gallery, chat ... Read more »
Views: 1543 | Added by: b1zz4rd | Date: 03 March 2010 | Comments (0)


Huawei HG510 is a device offered by the Serbian telecom operator, to provide ADSL Internet connection.
Administration of settings on this device is allowed only from local LAN network but not only from
private IP address (eg 192.168.1.1) then You can access with public IP address (only from local LAN again).

There is no CSRF protection so we can create malicious web pages and create some CSRF attacks.
Is user is logged on his device we can change passwords or some another settings.

POC:

http://PUBLIC_IP_OF_USER/password.cgi?sysPassword=BASE64_NEW_PASSWORD


When I testing this I found one strange behavior with /rebootinfo.cgi (reboot device script).
Normaly for all this CSRF user must be logged into device web interface but if we request:
http ... Read more »
Views: 1549 | Added by: b1zz4rd | Date: 03 March 2010 | Comments (0)

« 1 2 3 4 ... 21 22 »
close