|
|---|
|
Dans la PresseSecuriteamWelcome to the SecuriTeam RSS Feed - sponsored by Beyond Security. Know Your Vulnerabilities! Visit BeyondSecurity.com for your web site, network and code security audit and scanning needs.
It has been brought to our attention that a number of security vulnerabilities have been noted in SQL-Ledger. Several of these affect earlier versions of LedgerSMB, and three hotfixes have been released for problems that continue to affect the LedgerSMB codebase. Insecure permissions have been detected in the multiple Kaspersky Lab antivirus products. Piwik unserializes() user input which allows an attacker to send a carefully crafted cookie that when unserialized utilizes Piwik's classes to upload arbitrary files or execute arbitrary PHP code. Invision Power Board has a PHP file inclusion vulnerability that is trivial to exploit with a web browser and a known location of a php file residing on the target system. Authorisation is not required. The SQL injection vulnerability is somewhat tricky to exploit as there are quite a few restrictions that make creating a successful sql attack vector difficult. Nevertheless a crafty attacker might issue a series of requests that might allow him to gain some information about the target system or even read files from the disk depending on permissions granted to the db account that is used by the forum. The U.S. Defense Information Systems Agency (DISA) publishes Security Readiness Review scripts (SRRs) to ensure systems and software meet security baselines required by the Department of Defense. Unprivileged local users can obtain root access on Unix systems where the DISA SRR scripts are run. Milw0rmmilw0rm.com's latest exploit rss feed
|
Mozilla Thunderbird : Remote Code Execution & Denial of Service
//----- Advisory Program : Mozilla Thunderbird Homepage : http://www.mozilla.com/thunderbird/ Tested version : <= 1.0.7 Found by : nono2357 at sysdream dot com This advisory : nono2357 at sysdream dot com Discovery date : 2006/01/28 //----- Application description
Full-Featured Email
Simple to use, powerful, and customizable, Thunderbird is a full-featured
email application. Thunderbird supports IMAP and POP mail protocols, as well
as HTML mail formatting. Easily import your existing email accounts and
messages. Built-in RSS capabilities, powerful quick search, spell check as you
type, global inbox, deleting attachments and advanced message filtering round
out Thunderbird's modern feature set.
//----- Description of vulnerability
Thunderbird's WYSIWYG rendering engine insufficiently filter javascript
scripts. It is possible to write javascript in the SRC attribute of the IFRAME
tag. This lead to execution when the email is edited (for instance when
replying to the email), even if javascript is disabled in the preferences.
//----- Proof Of Concept
* Javascript execution :
<iframe src="javascript:alert('Found by www.sysdream.com !')">
* Denial of service (application crash) :
<iframe src="javascript:parent.document.write('Found by www.sysdream.com !')" />
//----- Solution
Upgrade to version 1.5.
Download page : http://www.mozilla.com/thunderbird/all.html
Direct link : http://ftp.mozilla.org/pub/mozilla.org/thunderbird/releases/1.5/
//----- Impact
Successful exploitation may lead to information disclosure (application
version, platform, user emails, user preferences, ...) or could crash the
application.
//----- Credits
http://www.sysdream.com
nono2357 at sysdream dot com
//----- Greetings
crashfr & the hackademy ...
<< Mozilla Thunderbird : Multiple Information Disclosure Vulnerabilities | | Connectix Boards: Multiple XSS #2 >> Liens Relatifs--> |
Presse Sécurité Informatique
US-CERTNational Vulnerability DatabaseThis feed contains the most recent fully analyzed CVE cyber vulnerabilities published within the National Vulnerability Database.
The default configuration of Oracle OpenSolaris snv_91 through snv_131 allows attackers to have an unspecified impact via vectors related to using kclient to join a Windows Active Directory domain. The default configuration of Oracle OpenSolaris snv_77 through snv_131 allows attackers to have an unspecified impact via vectors related to using smbadm to join a Windows Active Directory domain. IBM Cognos Express 9.0 allows attackers to obtain unspecified access to the Tomcat Manager component, and cause a denial of service, by leveraging hardcoded credentials. Cross-site scripting (XSS) vulnerability in proxy/smhui/getuiinfo in HP System Management Homepage (SMH) before 6.0 allows remote attackers to inject arbitrary web script or HTML via the servercert parameter. IBM WebSphere Commerce 7.0 does not properly encrypt data in a database, which makes it easier for local users to obtain sensitive information by defeating cryptographic protection mechanisms. IBM WebSphere Commerce 7.0 uses the same cryptographic key for session attributes and merchant data encryption, which has unspecified impact and remote attack vectors. Cross-site scripting (XSS) vulnerability in LoganPro allows remote attackers to inject arbitrary web script or HTML via a crafted User-Agent HTTP header. Cross-site scripting (XSS) vulnerability in WebExpert allows remote attackers to inject arbitrary web script or HTML via a crafted User-Agent HTTP header. Cross-site scripting (XSS) vulnerability in WebLogExpert allows remote attackers to inject arbitrary web script or HTML via a crafted client domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue. Cross-site scripting (XSS) vulnerability in SurfStats allows remote attackers to inject arbitrary web script or HTML via a crafted client domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue. |
| 2008 - 2009 © Sysdream - N° d'agrément 11921542792 - Mentions Légales - CGV | Accueil | Produits & Services | Presse | Contact |
