| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <48e5fbd8.06a0100a.429c.536b@mx.google.com>
Date: Fri, 3 Oct 2008 12:02:46 +0100
From: Jim Woodcock <jim.woodcock@...il.com>
To: <full-disclosure@...ts.grok.org.uk>
Subject: Re: Full-Disclosure Digest, Vol 44, Issue 4
-----Original Message-----
From: full-disclosure-request@...ts.grok.org.uk
Sent: 02 October 2008 12:00
To: full-disclosure@...ts.grok.org.uk
Subject: Full-Disclosure Digest, Vol 44, Issue 4
Send Full-Disclosure mailing list submissions to
full-disclosure@...ts.grok.org.uk
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.grok.org.uk/mailman/listinfo/full-disclosure
or, via email, send a message with subject or body 'help' to
full-disclosure-request@...ts.grok.org.uk
You can reach the person managing the list at
full-disclosure-owner@...ts.grok.org.uk
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Full-Disclosure digest..."
Note to digest recipients - when replying to digest posts, please trim your post appropriately. Thank you.
Today's Topics:
1. Layered Defense Research Advisory: Juniper Netscreen Firewall
Cross-Site-Scripting (XSS) event log injection (Deral Heiland)
----------------------------------------------------------------------
Message: 1
Date: Wed, 01 Oct 2008 21:57:05 -0400
From: Deral Heiland <dh@...ereddefense.com>
Subject: [Full-disclosure] Layered Defense Research Advisory: Juniper
Netscreen Firewall Cross-Site-Scripting (XSS) event log injection
To: ull-disclosure@...ts.grok.org.uk
Message-ID: <20081002025713.93F76328@...ts.grok.org.uk>
Content-Type: text/plain; charset="us-ascii"; format=flowed
==================================================
Layered Defense Research Advisory 1 October 2008
==================================================
1) Affected Product
Juniper Netscreen Firewall
ScreenOS version 5.4.0r9.0
==================================================
2) Severity Rating:
Low - Moderate
Impact: Potential system compromises but requires user interaction.
==================================================
3) Description of Vulnerability
A Cross-Site Scripting (XSS) Injection vulnerability was discovered
within the Juniper Netscreen firewall NetOS version 5.4.0r9.0. The
vulnerability is caused by failure to validate input from the web
interface login, and telnet session login. This makes it possible for
an attacker to inject ja
[The entire original message is not included]
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists