[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <1063115627.20070821233643@SECURITY.NNOV.RU>
Date: Tue, 21 Aug 2007 23:36:43 +0400
From: 3APA3A <3APA3A@...URITY.NNOV.RU>
To: bugtraq@...urityfocus.com
Cc: full-disclosure@...ts.grok.org.uk
Subject: Vulnerabilities digest
Dear bugtraq@...urityfocus.com,
there is a number of vulnerabilities unpublished in English yet
1. Dmitry Zubov reports Planet VC-200M VDSL2 router administration
interface DoS vulnerability.
HTTP request with missed Host: header prevents administration
interface access until reboot. Vendor was reportedly contacted, but
failed to react.
SecurityVulns issue: http://securityvulns.com/news/Planet/VC-200M/DoS.html
Original message (in Russian): http://securityvulns.ru/Rdocument847.html
2. MustLive reports low-risk (requires social engineering), yet
interesting example of crossite scripting in Internet Explorer. Local
zone scripting is possible on accessing saved page with original URL
in the form of
http://site/-->[script]alert("XSS")[/script]
Internet Explorer 6.0 was tested.
SecurityVulns Issue: http://securityvulns.com/news/Microsoft/IE/saved-css.html
Additional Information (in Ukranian): http://websecurity.com.ua/1241/
Original message (in Russian): http://securityvulns.ru/Rdocument865.html
3. MustLive reports crossite scripting vulnerability in Search Engine
Builder.
Request
http://site/search/search.html?searWords=%3Cscript%3Ealert(document.cookie)%3C/script%3E
leads to crossite scripting.
Additional information (in Ukranian): http://websecurity.com.ua/1159/
Original message (in Russian): http://securityvulns.ru/Rdocument843.html
4. MustLive reports vulnerability in Sirius 1.0, Blix 0.9.1 and Blix
0.9.1 Rus, Pool 1.0.7 themes for WordPress and also WordPress Classic
1.5 theme, last one is already fixed in WordPress 2.1.3.
Insuficcient filtering of PHP_SELF variable leads to crossite
scripting with request like
http://site/index.php/%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
Additional information (in Ukranian):
http://websecurity.com.ua/1252/
http://websecurity.com.ua/1248/
http://websecurity.com.ua/1238/
http://websecurity.com.ua/1234/
Original messages (in Russian):
http://securityvulns.ru/Rdocument839.html
http://securityvulns.ru/Rdocument825.html
http://securityvulns.ru/Rdocument771.html
http://securityvulns.ru/Rdocument751.html
5. MustLive reports crossite scripting in coWiki
with request
http://site/?cmd=srchdoc&q=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
Additional information: http://websecurity.com.ua/1131/
Original message: http://securityvulns.ru/Rdocument692.html
6. Ivan Niiiil (http://uNkn0wn.eu) reports vulnerabilities in
Linkliste 1.2, Butterfly online vistors counter 1.08, mcLinksCounter
1.2, My_REFERER 1.08.
Original messages in English are available from
http://securityvulns.com/source26994.html
7. Okan Alp (http://www.expw0rm.com) reports vulnerabilities in
different Web applications.
Original messages in English are available from
http://securityvulns.com/source13951.html
--
http://securityvulns.com/
/\_/\
{ , . } |\
+--oQQo->{ ^ }<-----+ \
| ZARAZA U 3APA3A } You know my name - look up my number (The Beatles)
+-------------o66o--+ /
|/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists