Browser Security Handbook, part 1
Table of Contents |
// Rising0day.cpp : Defines the entry point for the console application. // #include "stdafx.h" #include "windows.h" enum { SystemModuleInformation = 11 }; typedef struct { ULONG Unknown1; ULONG Unknown2; PVOID Base; ULONG Size; ULONG Flags; USHORT Index; USHORT NameLength; USHORT LoadCount; USHORT PathLength; CHAR ImageName[256]; } SYSTEM_MODULE_INFORMATION_ typedef struct { ULONG Count; SYSTEM_MODULE_INFORMATION_ } SYSTEM_MODULE_INFORMATION, *PSYSTEM_MODULE_INFORMATION; HANDLE g_RsGdiHandle = 0 ; void __stdcall WriteKVM(PVOID Address , ULONG Value) { ... Read more » |
PR09-15: XSS injection vulnerability within HP System Management
Homepage (Insight Manager) Vulnerability found: 11th October 2009 Severity: Medium Description: A XSS vulnerability has been found within HP System Management; Arising from insufficient input filtering. By using a specially-crafted link, and tricking the victim into clicking on it, an attacker can perform malicious attacks such as the following: - Hijack user accounts by stealing the victim's cookies that are assigned to the victim's browser by the vulnerable website - Hijack user accounts by injecting a "fake" html form on the html rendered by the victim's web browser - Redirect the victim to a malicious third-party website which would perform a phishing attack to steal the user credentials or exploit a vulnerability (i.e.: buffer overflow) on the victim's web browser in order to compromise the victim's workstation ... Read more » |
ShareTronix - HTML Injection Vulnerability Version Affected: 1.0.4 (newest) Info: Sharetronix Opensource is a multimedia microblogging platform. It helps people in a community, company, or group to exchange short messages over the Web. Credits: MaXe from InterN0T (patched the vulnerability) & Reelix (found the vulnerability) External Links: http://sharetronix.com/ -:: The Advisory ::- The header.php file for showing a single microblog entry does not sanitize the page_title correct. page_title is set by the user when posting an entry to the microblog platform. Files: sharetronix/system/templates/ 00013: <title>= $D->page_title ?></title> ... Read more » |
Hello Bugtraq!
I want to warn you about Cross-Site Scripting vulnerability in 3D Cloud (mod_3dcloud) plugin for Joomla. Which I found and disclosed at 22.01.2010. It is similar to XSS vulnerability in JVClouds3D for Joomla (http://websecurity.com.ua/ tagcloud.swf which are vulnerable to XSS attacks I mentioned in my article XSS vulnerabilities in 34 millions flash files (http://www.webappsec.org/ XSS: http://site/modules/mod_ |
Are you sure you're connecting to the correct machine? To prove it,
sudo/su/login-as-root locally (if you can) confirm the hostname, then touch a file in the /root directory called "this_is_the_CentOS_VPS.0" Next, when you login "as root over SSH", run ls -ltr and look for that file - if you don't see it, then maybe you are into the wrong machine :) eg: $ssh root@109.107.120.17 password: [login banner and motd stuff here] #hostname centos-VPS <---presumably, if not, read on below***** # touch this_is_the_CentOS_VPS.0 this produces the foillowing file #ls -ltr -rw-r--r-- 1 root root 0 2010-01-18 20:04 this_is_the_centos-vps.0 this file proves what machine you are actually SSH-ed into. If not, read on: ***** A common SSH gotcha occurs when the machine you are trying to login to (the CentOS VPS one) is actu ... Read more » |
Hi all;
It has been brought to our attention that a number of security vulnerabilities have been noted in SQL-Ledger. Several of these affect earlier versions of LedgerSMB, and three hotfixes have been released for problems that continue to affect the LedgerSMB codebase. As always, we highly recommend testing all hotfixes before applying them to a production environment. The CVE's mentioned here are the ones attached to SQL-Ledger. Subtle differences as to how these affect LedgerSMB are noted below. These vulnerabilities include: * No Cross-Site-Request-Forgery (XSRF) protection (CVE-2009-3580) * SQL Injection (similar to CVE-2009-3582) * Local File Include (CVE-2009-3583) * Default Administrator Password Weakness (CVE-2009-4402) * No secure flag on cookie when (CVE-2009-3584) All five of have been patched, either in stable versions or in hotfixes. Please read below for more informa ... Read more » |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Silverstripe CMS, <http://silverstripe.org/>, version 2.3.4 and lower (and its unreleased 2.4 branch), is vulnerable to two Cross Site Scripting issues. 1. The comment posting mechanism of Silverstripe ('PostCommentForm') fails to properly sanitize the 'CommenterURL' parameter. This allows for persistent injection of HTML or javascript code within existing HTML tags. 2. The forum module is vulnerable to a reflective XSS issue caused by the search script failing to properly sanitize input to the 'Search' parameter. When invoking this URL: SILVERSTRIPESITE/forums/ trying to reorder the search results will trigger execution of the injected javascript code. According to its quickly responding develo ... Read more » |
=====[ Tempest Security Intelligence - Advisory #01 / 2010 ]============= SQL injection vulnerability in Publique! Framework ------------------------------ Authors: Christophe de la Fuente <christophe *SPAM* tempest.com.br> Gustavo Pimentel Bittencourt <gustavo.pimentel *SPAM* tempest.com.br> =====[ Table of Contents ]============================= 1. Overview 2. Detailed description 3. Additional context & Solutions 4. References 5. Thanks =====[ Overview ]============================= * System affected: Publiqu ... Read more » |