| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 10 Oct 2007 15:01:09 -0400
From: <full-disclosure@...hmail.com>
To: <bugtraq@...urityfocus.com>, <full-disclosure@...ts.grok.org.uk>,
<3apa3a@...urity.nnov.ru>
Subject: Re: Vulnerabilities digest
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
SHUT UP VLADIS
On Wed, 10 Oct 2007 14:19:25 -0400 3APA3A <3APA3A@...URITY.NNOV.RU>
wrote:
>Dear bugtraq@...urityfocus.com,
>
> Vulnerabilities reported by different Russian speaking
>authors to
> http://securityvulns.ru
>
>1. Elekt(Antichat.ru) reports protection bypass vulnerability in
>PHP 4
>and 5.
>
>disable_functions feature can be bypassed by using functions
>alias. A
>list of aliases is given in http://php.net/aliases/. For
>example,
>ini_alter() may be used instead of ini_set() and vice versa.
>
>SecurityVulns issue: http://securityvulns.com/news/PHP/alias-
>pb.html
>Original message (in Russian):
>http://securityvulns.ru/Sdocument67.html
>
>2. MustLive reports Crossite-Cripting vulnerability in
>WordPress
>MultiUser 1.0
>
>XSS is possible via Username form field.
>
>Additional information (in Ukranian):
>http://websecurity.com.ua/1269/
>Original message (in Russian):
>http://securityvulns.ru/Rdocument875.html
>
>3. durito [NGH Group] reports multiple SQL injections in ActiveKB
>1.5
>
>Example:
>
>
>http://www.example.com/activekb/index.php?ToDo=browse&catId=[SQL]
>
>http://www.example.com/activekb/admin/index.php?ToDo=hideQuestion&q
>uestId=[SQL]
>
>Original message (in Russian):
>http://securityvulns.ru/Rdocument901.html
>
>4. MustLive reports Cross-Site Scripting vulnerability in Joomla!
><= 1.0.13
>
>An example of vulnerability is
>
>http://site/index.php?option=com_search&searchword=';alert('XSS')//
>
>
>Additional information (in Ukranian):
>http://websecurity.com.ua/1203/
>Original message (in Russian):
>http://securityvulns.ru/Rdocument919.html
>
>5. durito [NGH Group] reports crossite-scripting
>vulnerability in
>ActiveKB NX 2.5.4
>
>Example: http://www.example.com/activekb/ActiveKB/?page=[XXS]
>
>Original message (in Russian):
>http://securityvulns.ru/Rdocument956.html
>
>6. "noname indexed" reports vulnerability in UMI CMS (http://uni-
>cms.ru)
>
>Vulnerability example:
>
>http://example.com/search/search_do/?search_string=%22%20onmouseove
>r=%22javacript:alert();
>
>Original message (in Russian):
>http://securityvulns.ru/Rdocument957.html
>
>7. MustLive reports cross-site scripting vulnerability in Nucleus.
>
>Example: http://site/index.php?blogid=1&archive=2007-01-
>01%3Cscript%3Ealert(document.cookie)%3C/script%3E
>
>Additional information (in Ukranian):
>http://websecurity.com.ua/1347/
>Original message (in Russian):
>http://securityvulns.ru/Sdocument3.html
>
>8. durito [NGH Group] reports
>
> 8.1 multiple SQL injections in Stride v1.0 Content Management
>System,
> Merchant, Courses. Examples:
>
> Content Management System
>
> http://www.example.com/main.php?p=[SQL]
>
> Merchant
>
> http://www.example.com/shop.php?cmd=sto&id=[SQL]
>
> Courses
>
> http://www.example.com/detail.php?course=[SQL]
> http://www.example.com/detail.php?provider=[SQL]
>
> 8.2 Information leak (FTP access account) with MyFTPUploader
>within
> same applications. Example:
>
> http://www.example.com/include/imageupload.js
>
> contains
>
> document.writeln('<param name="uploadDirectory"
>value="/public_html/dbimages/process">');
> document.writeln('<param name="successURL"
>value="admin_imagemulti.php?action=process">');
> document.writeln('<param name="host" value="www.target.com">');
> document.writeln('<param name="userName" value="target">');
> document.writeln('<param name="password" value="target">');
>
> 8.3 Default administrator's password for same applications.
>
>Original message (in Russian):
>http://securityvulns.ru/Sdocument4.html
>
>9. MustLive reports multiple crossite scripting
>vulnerabilities in
>Site-Up <= 2.64
>
>Via "search" and "search mask" fields of
>http://site/siteuprus/index.cgi:
>
>Additional information (in Ukranian):
>http://websecurity.com.ua/1210/
>Original message: (in Russian):
>http://securityvulns.ru/Sdocument12.html
>
>10. MustLive reports crossite scripting in Google Search
>Appliance.
>
>Example:
>http://site/search?ie=%22%3E%3Cscript%3Ealert(document.cookie)%3C/s
>cript%3E&site=x&output=xml_no_dtd'&client=x&proxystylesheet=x'
>
>Additional information (in Ukranian):
>http://websecurity.com.ua/1368/
>Original message (in Russian):
>http://securityvulns.ru/Sdocument32.html
>
>10. MustLive reports crossite scripting in PRO-search
>
>Example:
>http://site/?q=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3
>E
>
>Additional information (in Ukranian):
>http://websecurity.com.ua/1224/
>Original message (in Russian):
>http://securityvulns.ru/Sdocument68.html
>
>10. MustLive reports multiple vulnerabilities in Urchin Web
>Analytics
>5.7.03.
>In addition to re-discovered XSS vulnerability, there is
>also
>authentication bypass (access without username/password).
>
>Example:
>http://site:10000/report.cgi?profile=x&rid=42&prefs=x&n=10&vid=1301
>&bd=20070703&ed=20070703&dt=4>ype=5
>
>Additional information (in Ukranian):
>http://websecurity.com.ua/1283/
>Original message: (in Russian):
>http://securityvulns.ru/Sdocument90.html
>
>11. MustLive reports crossite scripting vulnerability in Mozilla
>Firefox
><= 2.0 with gopher: protocol URL if UTF-7 if page content is
>displayed as
>UTF-7. Examples:
>
>For Firefox before 2.0:
>
>gopher:///1+ADw-SCRIPT+AD4-alert('XSS')+ADw-/SCRIPT+AD4-
>
>gopher:///1Turn%20on%20UTF-7%20to%20view%20this%20message%20+ADw-
>SCRIPT+AD4-alert('XSS')+ADw-/SCRIPT+AD4-
>
>For Firefox 2.0:
>
>gopher:///1+ADw-SCRIPT+AD4-alert(/XSS/)+ADw-/SCRIPT+AD4-
>
>gopher:///1Turn%20on%20UTF-7%20to%20view%20this%20message%20+ADw-
>SCRIPT+AD4-alert(/XSS/)+ADw-/SCRIPT+AD4-
>
>According to author, it's possible to execute script in both
>local zone
>and context of gopher site.
>
>12. ShAnKaR reports PHP Zend Hash vulnerability exploitation
>vector
>with Drupal <= 5.2.
>
>Example:
>http://www.example.com/drupal/?_menu[callbacks][1][callback]=drupal
>_eval&_menu[items][][type]=-1&-312030023=1&q=1/<?phpinfo();
>
>Original message (in Russian):
>http://securityvulns.ru/Sdocument137.html
>
>13. ShAnKaR reports PHP injection vulnerability in TikiWiki 1.9.8.
>
>Example: http://www.example.com/tikiwiki/tiki-
>graph_formula.php?w=1&h=1&s=1&min=1&max=2&f[]=x.tan.phpinfo()&t=png
>&title=
>
>Original message (in Russian):
>
>http://securityvulns.ru/Sdocument162.html
>
>Also, multiple vulnerabilities were reported in English by
>
>:: iNs @ uNkn0wn.eu :: http://securityvulns.com/source26994.html
>and
>r0t: http://securityvulns.com/source12948.html
>
>
>
>
>
>
>
>
>
>
>
>
>--
>http://securityvulns.com/
> /\_/\
> { , . } |\
>+--oQQo->{ ^ }<-----+ \
>| ZARAZA U 3APA3A } You know my name - look up my number (The
>Beatles)
>+-------------o66o--+ /
> |/
>
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>Hosted and sponsored by Secunia - http://secunia.com/
-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Charset: UTF8
Version: Hush 2.5
wpwEAQECAAYFAkcNIXUACgkQ+dWaEhErNvSx3AP8CerSijQ2isO5LY36fadxrILLiQok
XJi0X3Sa+AooEb2m9if9CdMhel7A3a4yyBMqVOWfWF1hbxccpeNS0Fi1OKXNoYwMpRIe
PKST+uLl+dMxMKicDIMkRo4xyVc76+X/uq5b5IAk4vrR27CX/4yFHBboDK3cDptsQ9C6
6LtRXXA=
=tavm
-----END PGP SIGNATURE-----
--
Discount Online Trading - Click Now!
http://tagline.hushmail.com/fc/Ioyw6h4dPYvcpmGb9tTkWB5jLIFiSCd0JeGTaxcz8UO3dwnuZGxWsg/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists