XSS Vulnerability in Drupal's Node Blocks contributed module (6.x-1.3
and 5.x-1.1)

Discovered by Martin Barbella <martybarbella@gmail.com>

Description of Vulnerability:
-----------------------------
Drupal is a free software package that allows an individual or a
community of users to easily publish, manage and organize a wide
variety of content on a website. (From: http://drupal.org/about)

The Node Blocks module allows users to specify content type(s) as
being a block. This allows the content managers of the site to edit
the block text and title without having to access the block
administration page. (From: http://drupal.org/project/nodeblock)

The block title is not properly sanitized when a user displays a block
created from a node, resulti ... Read more »

A new type of vulnerability is described in which publicly available
information from social network sites obtained out of context, can be
used to identify a user in cases where anonymity is taken for granted.

This attack (dubbed Cross Site Identification, or CSID) assumes the
following scenario: A user that is currently logged on to her social
network account visits a 3rd party site, supposedly anonymously, in
another browser tab. The 3rd party site causes her browser to contact
the social network site and exploit the vulnerability resulting in her
identity being disclosed to the attacker. The 3rd party target site is
not necessarily controlled by the attacker. It could also be, for
example, any site allowing user provided content that includes an
image link (basically any forum or blog site). Other possibilities
exist.

While the information that is received by the attacker is technically
publicly available, obtain ... Read more »

XSS Vulnerability in Active Calendar 1.2.0

Discovered by Martin Barbella <martybarbella@gmail.com>

Description of Vulnerability:
-----------------------------
Active Calendar is PHP Class, that generates calendars (year, month or
week view) as a HTML Table (XHTML-Valid). (From:
http://micronetwork.de/activecalendar/index.php)

In the functions enableYearNav, enableMonthNav, enableDayLinks, and
enableDatePicker of the activeCalendar class, certain variables are
assigned the value of $_SERVER['PHP_SELF'] when either no value is
specified for $link, or the value of $link is false. The values of
these variables are not sanitized later, resulting in several cross
site scripting vulnerabilities.

Systems affected:
-----------------
This has been confirmed in version 1.2.0 of Active Calendar. Previous
versions may also be affected.

Impact:
-------
When a user is tricked into clicking on a malicious link or submit ... Read more »

Yesterday I wrote the article XSS vulnerabilities in 34 millions flash files
(http://websecurity.com.ua/3842/), and here is English version of it.

In December in my article XSS vulnerabilities in 8 millions flash files
(http://websecurity.com.ua/3789/) I wrote, that there are up to 34000000
of flashes tagcloud.swf in Internet which are potentially vulnerable to XSS
attacks. Taking into account that people mostly didn't draw attention in
previous article to my mentioning about another 34 millions of vulnerable
flashes, then I decided to write another article about it.

File tagcloud.swf was developed by author of plugin WP-Cumulus for WordPress
(http://websecurity.com.ua/3665/) and it's delivered with this plugin for
WordPress, and also with other plugins, particularly Joomulus
(http://websecurity.com.ua/3801/) and JVClouds3D
(http://websecurity.com.ua/3839/) for Joomla and Blogumus
(http://websecurity.com.ua/3843/) for Blogger. Taking into ... Read more »

It is similar to XSS vulnerability in Joomulus for Joomla (http://websecurity.com.ua/3801/). About millions of flash files tagcloud.swf which are vulnerable to XSS attacks I mentioned in my article XSS vulnerabilities in 8 millions flash files (http://websecurity.com.ua/3789/).

XSS:

http://site/modules/mod_jvclouds3D/jvclouds3D/tagcloud.swf?mode=tags&tagcloud=%3Ctags%3E%3Ca+href='javascript:alert(document.cookie)'+style='font-size:+40pt'%3EClick%20me%3C/a%3E%3C/tags%3E

Code will execute after click. It's strictly social XSS.

Also it's possible to conduct (like in WP-Cumulus and Joomulus) HTML
Injection attack, including in those flash files which have protection (in
flash files or via WAF) against javascript and vbscript URI in parameter
tagcloud.

HTML Injection:

http://site/modules/mod_jvclouds3D/jvclouds3D/tagcloud.swf?mode=tags&tagcloud=%3Ctags%3E%3Ca+href='http://websecurity.com.ua'+style='font-size:+40pt'%3EClick%20me%3C/a ... Read more »

In sports, it's pretty much accepted wisdom that home teams have the advantage; that's why teams with winning records on the road do so well in the playoffs. But for some reason we rarely think about "the home field advantage" when we look at defending our networks. After all, the best practice in architecting a secure network is a layered, defense-in-depth strategy. We use firewalls, DMZs, VPNs, and configure VLANs on our switches to control the flow of traffic into and through the perimeter, and use network and host-based IDS technology as sensors to alert us to intrusions.

About F-Secure Exploit Shield

-----------------------------

F-Secure Exploit Shield is an application that protects users from web-based malicious exploits and stops malware at the first point of infection. All malicious, exploit-hosting URLs it detects are automatically reported back to F-Secure's Real-time Protection Network, which helps our Security Labs discover new exploits on the Internet and react to protect all our existing customers.

F-Secure Exploit Shield features

--------------------------------

* Zero Day Protection: Protects unpatched machines even before patches are available from the software vendor.

* Patch-equivalent Protection: One 'shield' update per vulnerability stops all exploits targeting it.

* Proactive Measures: Heuristic detection techniques block exploits even for unknown vulnerabilities.

* Protects against both malicious websites and good websites that have been hacked.

* Autom ... Read more »

SyScan'10 CALL FOR TRAINING

ABOUT SYSCAN'10
This year, SyScan'10 will be held in the 4 exciting cities of Singapore, Shanghai, Taipei and Ho chi Minh City (Vietnam). Details are as follows:

SyScan'10 Singapore
date: 15 - 18 June 2010

SyScan'10 Shanghai
date: 8 - 11 July 2010

SyScan'10 Taipei
date: 19 - 22 August 2010

SyScan'10 Ho Chi Minh City (Vietnam)
date: 23 - 26 September 2010

TRAINING TOPICS
SyScan’10 training topics will focus on the following areas:

Web Applications
Networks
Securing Windows/Linux Systems
Databases
Storage
Secure Programming/Development
Cloud Computing
Virtualization
Malware Analysis
Penetration Testing
Exploit Development
Reverse Code Engineering
Languages (Assembly, Python, Ruby etc)

PRIVILEGES
Trainers’ Privileges:
• 50% of net profit of class.
• Complimentary entry to SyScan'10 conference
• Tr ... Read more »

LineWeb it's a web-app to manage Lineage 2 private severs, a very known mmorpg, and allows to do action such as:

Main Features:
- Register
- Login
- Quick Login Function
- Quick statistics function (server status, game server status, online players)
- Statistics (login server status, game server status, players online, total accounts, total characters, total gm characters, total clans)

Administrator Features:
- (NEW) New administrator skin
- (NEW) New server settings (Edit server settings, server rates, specs etc)
- (NEW) New website settings (Title, Note from the management, Contact Email, Rankings Limit)
- (NEW) Ads Management (Add, Edit & Delete)
- News management (add, edit & delete)
- Download management (add, edit & delete)
- Login
- Add administrator
- Logout (of course)

Member Panel Features:
- Automaticly views all your current characters when you login (name, level, kills etc) ... Read more »