Multiple Cross-Site-Scripting vulnerabilities in x3cms
Advisory: Multiple Cross-Site-Scripting vulnerabilities in x3cms Advisory ID:INFOSERVE-ADV2011-04 Author: Stefan Schurtz Contact:secur...@infoserve.de Affected Software: Successfully tested on x3cms 0.4.3 other versions may also be affected Vendor URL: http://www.x3cms.net/ Vendor Status: Partial Fix Secunia-ID: SA46748 == Vulnerability Description == x3cms 0.4.3 is prone to multiple XSS vulnerability == PoC-Exploit == tested on IE8 http://target/x3cms-0.4.3-STABLE/admin/login?'/scriptscriptalert(document.cookie)/script tested IE8 / FF 3.6.23 http://target/x3cms-0.4.3-STABLE/admin/login - 'Username' field - '/scriptscriptalert(document.cookie)/script http://target/x3cms-0.4.3-STABLE/admin/login - 'Password' field - '/scriptscriptalert(document.cookie)/script = Solution: = Partial Fix in Version 0.4.3.1 Disclosure Timeline: 08-Nov-2011 - Secunia SVCRP (v...@secunia.com) 11-Jan-2012 - release date of this security advisory Credits: Vulnerabilities found and advisory written by the INFOSERVE Security Team === References: === http://secunia.com/advisories/46748/ http://x3cms.bzr.sourceforge.net/bzr/x3cms/revision/977 http://www.infoserve.de/system/files/advisories/INFOSERVE-ADV2011-04.txt
VUPEN Security Research - Adobe Acrobat and Reader Image Processing Integer Overflow (APSB12-01)
VUPEN Security Research - Adobe Acrobat and Reader Image Processing Integer Overflow Vulnerability (APSB12-01) Website : http://www.vupen.com/english/research.php Twitter : http://twitter.com/vupen I. BACKGROUND - Adobe Acrobat and Reader are the global standards for electronic document sharing. They are used to create, view, search, digitally sign, verify, print, and collaborate on Adobe PDF files. II. DESCRIPTION - VUPEN Vulnerability Research Team discovered a critical vulnerability in Adobe Acrobat and Reader. The vulnerability is caused by an integer overflow error when processing malformed image data within a PDF document, which could be exploited by attackers to compromise a vulnerable system by tricking a user into opening a specially crafted PDF file. III. AFFECTED PRODUCTS --- Adobe Acrobat and Reader X (10.1.1) and prior Adobe Acrobat and Reader 9.4.7 and prior IV. Binary Analysis Exploits/PoCs --- In-depth technical analysis of the vulnerability and a proof-of-concept code are available through the VUPEN Binary Analysis Exploits portal: http://www.vupen.com/english/services/ba-index.php VUPEN Binary Analysis Exploits Service provides private exploits and in-depth technical analysis of the most significant public vulnerabilities based on disassembly, reverse engineering, protocol analysis, and code audit. The service allows governments and major corporations to evaluate risks, and protect infrastructures and assets against new threats. The service also allows security vendors (IPS, IDS, AntiVirus) to supplement their internal research efforts and quickly develop both vulnerability-based and exploit-based signatures to proactively protect their customers from attacks and emerging threats. V. VUPEN Threat Protection Program --- Governments and major corporations which are members of the VUPEN Threat Protection Program (TPP) have been proactively alerted about the vulnerability when it was discovered by VUPEN in advance of its public disclosure, and have received a detailed attack detection guidance to protect national and critical infrastructures against potential 0-day attacks exploiting this vulnerability: http://www.vupen.com/english/services/tpp-index.php VI. SOLUTION Upgrade to Adobe Acrobat and Reader X version 10.1.2 or Adobe Acrobat and Reader version 9.5. VII. CREDIT -- This vulnerability was discovered by Nicolas Joly of VUPEN Security VIII. ABOUT VUPEN Security --- VUPEN is the world leader in vulnerability research for defensive and offensive cyber security. VUPEN solutions enable corporations and governments to measure and manage risks, eliminate vulnerabilities before they can be exploited, and protect critical infrastructures and assets against known and unknown vulnerabilities. VUPEN has been recognized as Company of the Year 2011 in the Vulnerability Research Market by Frost Sullivan. VUPEN solutions include: * VUPEN Binary Analysis Exploits Service (BAE) : http://www.vupen.com/english/services/ba-index.php * VUPEN Threat Protection Program (TPP) : http://www.vupen.com/english/services/tpp-index.php IX. REFERENCES -- http://www.adobe.com/support/security/bulletins/apsb12-01.html http://www.vupen.com/english/research.php X. DISCLOSURE TIMELINE - 2011-07-12 - Vulnerability Discovered by VUPEN and shared with Gov customers 2012-01-11 - Public disclosure
[PT-2011-01] Cross-Site Scripting in Kayako Support Suite
-- (PT-2011-01) Positive Technologies Security Advisory Cross-Site Scripting in Kayako Support Suite -- ---[ Vulnerable software ] Kayako Support Suite Version: 3.70.02-stable and earlier Application link: http://www.kayako.com/ ---[ Severity level ] Severity level: Medium Impact: Cross-Site Scripting Access Vector: Network exploitable CVSS v2: Base Score: 4.3 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) CVE: not assigned ---[ Software description ] Kayako Support Suite is a HelpDesk system. ---[ Vulnerability description ] Positive Research Center has discovered XSS in Kayako Support Suite. Application insufficiently verifies incoming data in Subject parameter in LiveSupport module. An attacker can use the vulnerability to inject and execute HTML code and scripts in a user's browser within the trust relationship between the browser and the server. An attack can be successful if administrator deletes a message created by user via Delete button of Options section of the message. Application insufficiently verifies incoming data in Full Name and Subject parameters in Tickets module. An attacker can use the vulnerability to inject and execute HTML code and scripts in a user's browser within the trust relationship between the browser and the server. An attack can be successful if administrator views task information via popup menu. Application insufficiently verifies incoming data in Full Name parameter in Kayako Support Suite (Tickets, News, Knowledgebase) modules. An attacker can use the vulnerability to inject and execute HTML code and scripts in a user's browser within the trust relationship between the browser and the server. A user can be successfully attacked via Tickets module if the user opens a page with opened tasks and if an attacker creates a task with special characters on behalf of the user. Other modules can execute arbitrary HTML code in a user's browser while viewing comments to any articles if an attacker manages to modify Full Name value for the current user. ---[ How to fix ] Update your software up to the v4 ---[ Advisory status ] 25.11.2011 - Vendor is notified 25.11.2011 - Vendor gets vulnerability details 25.08.2011 - Vendor releases fixed version and details 29.12.2011 - Public disclosure ---[ Credits ] The vulnerability was discovered by Yuri Goltsev, Positive Research Center (Positive Technologies Company) ---[ References ] http://en.securitylab.ru/lab/PT-2011-01 Reports on the vulnerabilities previously discovered by Positive Research: http://www.ptsecurity.com/advisory1.aspx http://en.securitylab.ru/lab/ ---[ About Positive Technologies ] Positive Technologies www.ptsecurity.com is among the key players in the IT security market in Russia. The principal activities of the company include the development of integrated tools for information security monitoring (MaxPatrol); providing IT security consulting services and technical support; development of the Securitylab leading Russian information security portal. Among the clients of Positive Technologies, there are more than 40 state enterprises, more than 50 banks and financial organizations, 20 telecommunication companies, more than 40 plant facilities, as well as IT, service and retail companies from Russia, the CIS countries, the Baltic States, China, Ecuador, Germany, Great Britain, Holland, Iran, Israel, Japan, Mexico, the Republic of South Africa, Thailand, Turkey, and the USA. Positive Technologies is a team of highly skilled developers, advisers and experts with years of vast hands-on experience. The company specialists possess professional titles and certificates; they are the members of various international societies and are actively involved in the IT security field development.
[PT-2011-02] PHP code Injection in Kayako Support Suite
- (PT-2011-02) Positive Technologies Security Advisory PHP code Injection in Kayako Support Suite - ---[ Vulnerable software ] Kayako Support Suite Version: 3.70.02-stable and earlier Application link: http://www.kayako.com/ ---[ Severity level ] Severity level: High Impact: Arbitrary PHP code execution Access Vector: Network exploitable CVSS v2: Base Score: 6.5 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:P) CVE: not assigned ---[ Software description ] Kayako Support Suite is a HelpDesk system. ---[ Vulnerability description ] Positive Research Center has discovered PHP code injection vulnerability in Kayako Support Suite. Application insufficiently verifies incoming data received via template editing form. An attacker with administration privileges can inject arbitrary PHP code via template editing feature with an expression like: ??arbitary_php_code?? Here is an example of URL script used for template editing: http://example.com/support/admin/index.php?_m=core_a=edittemplatetemplateid=11templateupdate=register The code is executed as user reqests from the page with modified template. ---[ How to fix ] Update your software up to the v4 ---[ Advisory status ] 25.11.2011 - Vendor is notified 25.11.2011 - Vendor gets vulnerability details 25.08.2011 - Vendor releases fixed version and details 29.12.2011 - Public disclosure ---[ Credits ] The vulnerability was discovered by Alexander Zaitsev, Positive Research Center (Positive Technologies Company) ---[ References ] http://en.securitylab.ru/lab/PT-2011-02 Reports on the vulnerabilities previously discovered by Positive Research: http://www.ptsecurity.com/advisory1.aspx http://en.securitylab.ru/lab/ ---[ About Positive Technologies ] Positive Technologies www.ptsecurity.com is among the key players in the IT security market in Russia. The principal activities of the company include the development of integrated tools for information security monitoring (MaxPatrol); providing IT security consulting services and technical support; development of the Securitylab leading Russian information security portal. Among the clients of Positive Technologies, there are more than 40 state enterprises, more than 50 banks and financial organizations, 20 telecommunication companies, more than 40 plant facilities, as well as IT, service and retail companies from Russia, the CIS countries, the Baltic States, China, Ecuador, Germany, Great Britain, Holland, Iran, Israel, Japan, Mexico, the Republic of South Africa, Thailand, Turkey, and the USA. Positive Technologies is a team of highly skilled developers, advisers and experts with years of vast hands-on experience. The company specialists possess professional titles and certificates; they are the members of various international societies and are actively involved in the IT security field development.
Multiple XSS in KnowledgeTree Community Edition
Advisory ID: HTB23065 Reference: https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_knowledgetree_community_edition.html Product: KnowledgeTree Commercial and Community Editions Vendor: KnowledgeTree Inc. ( http://knowledgetree.org ) Vulnerable Version: 3.7.0.2 and probably prior Tested Version: 3.7.0.2 Vendor Notification: 21 December 2011 Vendor Patch: 23 December 2011 Vulnerability Type: XSS Status: Fixed by Vendor Risk Level: Medium Credit: High-Tech Bridge SA Security Research Lab ( https://www.htbridge.ch/advisory/ ) Advisory Details: High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in KnowledgeTree Community Edition, which can be exploited to perform cross-site scripting attacks. Input appended to the URL after multiple files is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site The following PoC code is available: http://[host]/login.php/%22onmouseover=alert%28document.cookie%29;%3E http://[host]/admin.php/%22onmouseover=alert%28document.cookie%29;%3E http://[host]/admin.php/%22onmouseover=alert%28document.cookie%29;%3E http://[host]/preferences.php/%22onmouseover=alert%28document.cookie%29;%3E Successful exploitation of this vulnerabilities requires that Apache's directive AcceptPathInfo is set to on or default (default value is default). Solution: Apply Vendor patch: http://www.knowledgetree.org/Security_advisory:_URL_Manipulation Disclaimer: Details of this Advisory may be updated in order to provide as accurate information as possible. The latest version of the Advisory is available on the web page in Reference field.
[PT-2011-03] Information disclosure in Kayako Support Suite
- (PT-2011-03) Positive Technologies Security Advisory Information disclosure in Kayako Support Suite - ---[ Vulnerable software ] Kayako Support Suite Version: 3.70.02-stable and earlier Application link: http://www.kayako.com/ ---[ Severity level ] Severity level: Low Impact: Information disclosure Access Vector: Network exploitable CVSS v2: Base Score: 5.0 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N) CVE: not assigned ---[ Software description ] Kayako Support Suite is a HelpDesk system. ---[ Vulnerability description ] Positive Research Center has discovered an installation path disclosure vulnerability in Kayako Support Suite. Application insufficiently verifies incoming data while handling HTTP GET request to /staff/index.php script. An attacker can get application installation path via the following URL: http://example.com/support/staff/index.php?_m=_a= ---[ How to fix ] Update your software up to the v4 ---[ Advisory status ] 25.11.2011 - Vendor is notified 25.11.2011 - Vendor gets vulnerability details 25.08.2011 - Vendor releases fixed version and details 29.12.2011 - Public disclosure ---[ Credits ] The vulnerability was discovered by Alexander Zaitsev, Positive Research Center (Positive Technologies Company) ---[ References ] http://en.securitylab.ru/lab/PT-2011-03 Reports on the vulnerabilities previously discovered by Positive Research: http://www.ptsecurity.com/advisory1.aspx http://en.securitylab.ru/lab/ ---[ About Positive Technologies ] Positive Technologies www.ptsecurity.com is among the key players in the IT security market in Russia. The principal activities of the company include the development of integrated tools for information security monitoring (MaxPatrol); providing IT security consulting services and technical support; development of the Securitylab leading Russian information security portal. Among the clients of Positive Technologies, there are more than 40 state enterprises, more than 50 banks and financial organizations, 20 telecommunication companies, more than 40 plant facilities, as well as IT, service and retail companies from Russia, the CIS countries, the Baltic States, China, Ecuador, Germany, Great Britain, Holland, Iran, Israel, Japan, Mexico, the Republic of South Africa, Thailand, Turkey, and the USA. Positive Technologies is a team of highly skilled developers, advisers and experts with years of vast hands-on experience. The company specialists possess professional titles and certificates; they are the members of various international societies and are actively involved in the IT security field development.
[PT-2011-03] Information disclosure in Kayako Support Suite
- (PT-2011-03) Positive Technologies Security Advisory Information disclosure in Kayako Support Suite - ---[ Vulnerable software ] Kayako Support Suite Version: 3.70.02-stable and earlier Application link: http://www.kayako.com/ ---[ Severity level ] Severity level: Low Impact: Information disclosure Access Vector: Network exploitable CVSS v2: Base Score: 5.0 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N) CVE: not assigned ---[ Software description ] Kayako Support Suite is a HelpDesk system. ---[ Vulnerability description ] Positive Research Center has discovered an installation path disclosure vulnerability in Kayako Support Suite. Application insufficiently verifies incoming data while handling HTTP GET request to /staff/index.php script. An attacker can get application installation path via the following URL: http://example.com/support/staff/index.php?_m=_a= ---[ How to fix ] Update your software up to the v4 ---[ Advisory status ] 25.11.2011 - Vendor is notified 25.11.2011 - Vendor gets vulnerability details 25.08.2011 - Vendor releases fixed version and details 29.12.2011 - Public disclosure ---[ Credits ] The vulnerability was discovered by Alexander Zaitsev, Positive Research Center (Positive Technologies Company) ---[ References ] http://en.securitylab.ru/lab/PT-2011-03 Reports on the vulnerabilities previously discovered by Positive Research: http://www.ptsecurity.com/advisory1.aspx http://en.securitylab.ru/lab/ ---[ About Positive Technologies ] Positive Technologies www.ptsecurity.com is among the key players in the IT security market in Russia. The principal activities of the company include the development of integrated tools for information security monitoring (MaxPatrol); providing IT security consulting services and technical support; development of the Securitylab leading Russian information security portal. Among the clients of Positive Technologies, there are more than 40 state enterprises, more than 50 banks and financial organizations, 20 telecommunication companies, more than 40 plant facilities, as well as IT, service and retail companies from Russia, the CIS countries, the Baltic States, China, Ecuador, Germany, Great Britain, Holland, Iran, Israel, Japan, Mexico, the Republic of South Africa, Thailand, Turkey, and the USA. Positive Technologies is a team of highly skilled developers, advisers and experts with years of vast hands-on experience. The company specialists possess professional titles and certificates; they are the members of various international societies and are actively involved in the IT security field development.
[PT-2011-04] Cross-Site Scripting in Kayako Support Suite
- (PT-2011-04) Positive Technologies Security Advisory Cross-Site Scripting in Kayako Support Suite - ---[ Vulnerable software ] Kayako Support Suite Version: 3.70.02-stable and earlier Application link: http://www.kayako.com/ ---[ Severity level ] Severity level: Medium Impact: Cross-Site Scripting Access Vector: Network exploitable CVSS v2: Base Score: 4.3 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) CVE: not assigned ---[ Software description ] Kayako Support Suite is a HelpDesk system. ---[ Vulnerability description ] Positive Research Center has discovered multiple XSS vulnerabilties in Kayako Support Suite. Application insufficiently verifies subscriberdata incoming parameter in /staff/index.php?_m=news_a=importexport script. An attacker with staff privileges can use the vulnerabilty to inject and execute arbitrary HTML code and scripts in a user's browser within the trust relationship between the browser and the server. To use the vulnerability an attacker should convince a user with staff privileges to open URL like: http://example.com/support/staff/index.php?_m=news_a=managesubscribersimportsub=1resultdata=YTo0OntzOjEzOiJzdWNjZXNzZW1haWxzIjtpOjA7czoxMjoiZmFpbGVkZW1haWxzIjtpOjE7czoxMToidG90YWxlbWFpbHMiO2k6MTtzOjk6ImVtYWlsbGlzdCI7czo5MDoiPHNjcmlwdD5hbGVydCgneHNzJyk8L3NjcmlwdD5APHNjcmlwdD5hbGVydCgneHNzJyk8L3NjcmlwdD4uPHNjcmlwdD5hbGVydCgneHNzJyk8L3NjcmlwdD4gIjt9 Application insufficiently verifies subject incoming parameter in /staff/index.php?_m=news_a=insertnews script. An attacker with staff privileges can use the vulnerabilty to inject and execute arbitrary HTML code and scripts in a user's browser within the trust relationship between the browser and the server. An attacker should trick a user with staff privileges to open URL like: http://example.com/support/staff/index.php?_m=news_a=managenews to exploit the vulnerability. Application insufficiently verifies description incoming parameter in /staff/index.php?_m=troubleshooter_a=insertcategory script. An attacker with staff privileges can use the vulnerabilty to inject and execute arbitrary HTML code and scripts in a user's browser within the trust relationship between the browser and the server. To use the vulnerability an attacker should convince a user with staff privileges to open URL like: http://example.com/support/staff/index.php?_m=troubleshooter_a=managecategories to exploit the vulnerability. Application insufficiently verifies title incoming parameter in /staff/index.php?_m=downloads_a=insertfile script. An attacker with staff privileges can use the vulnerabilty to inject and execute arbitrary HTML code and scripts in a user's browser within the trust relationship between the browser and the server. An attacker should trick a user with staff privileges to open URL like: http://example.com/support/staff/index.php?_m=downloads_a=managefiles to exploit the vulnerability. Application insufficiently verifies fullname, jobtitle, email1address, email2address, email3address, customerid, mobiletelephonenumber incoming parameters in /staff/index.php?_m=teamwork_a=insertcontact script. An attacker with staff privileges can use the vulnerabilty to inject and execute arbitrary HTML code and scripts in a user's browser within the trust relationship between the browser and the server. An attacker should trick a user with staff privileges to open URL like: http://example.com/support/staff/index.php?_m=teamwork_a=editcontactcontactid=[added contact ID] to exploit the vulnerability. Application insufficiently verifies redirecturl incoming parameter in /staff/index.php?_m=livesupport_a=insertcampaign script. An attacker with staff privileges can use the vulnerabilty to inject and execute arbitrary HTML code and scripts in a user's browser within the trust relationship between the browser and the server. An attacker should trick a user with staff privileges to open URL like: http://example.com/support/staff/index.php?_m=livesupport_a=adtracking to exploit the vulnerability. Application insufficiently verifies title incoming parameter in /staff/index.php?_m=livesupport_a=insertcannedresponse script. An attacker with staff privileges can use the vulnerabilty to inject and execute arbitrary HTML code and scripts in a user's browser within the trust relationship between the browser and the server. An attacker should trick a user with staff privileges to open URL like: http://example.com/support/staff/index.php?_m=livesupport_a=managecannedresponses to exploit the vulnerability. Application insufficiently verifies title incoming parameter in /staff/index.php?_m=tickets_a=insertalert script. An attacker with staff privileges can use the vulnerabilty to inject and execute arbitrary HTML code and scripts in a user's browser within the trust
Secunia Research: NTR ActiveX Control Four Buffer Overflow Vulnerabilities
== Secunia Research 11/01/2012 - NTR ActiveX Control Four Buffer Overflow Vulnerabilities - == Table of Contents Affected Software1 Severity.2 Description of Vulnerability.3 Solution.4 Time Table...5 Credits..6 References...7 About Secunia8 Verification.9 == 1) Affected Software * NTR ActiveX Control version 1.1.8. NOTE: Other versions may also be affected. == 2) Severity Rating: Highly critical Impact: System compromise Where: Remote == 3) Description of Vulnerability Secunia Research has discovered four vulnerabilities in NTR ActiveX control, which can be exploited by malicious people to compromise a user's system. 1) A boundary error in the handling of the StartModule() method can be exploited to cause a stack-based buffer overflow via an overly long bstrUrl parameter. 2) A boundary error when constructing an url can be exploited to cause a stack-based buffer overflow via e.g. an overly long, specially crafted bstrParams parameter passed to the Check() method. 3) A boundary error when constructing the path to a .ntr file can be exploited to cause a limited stack-based buffer overflow via an overly long, specially crafted bstrUrl parameter passed to the Download() or DownloadModule() methods. 4) A boundary error when constructing an url can be exploited to cause a stack-based buffer overflow via an overly long, specially crafted bstrUrl parameter passed to the Download() or DownloadModule() methods. Successful exploitation of the vulnerabilities allows execution of arbitrary code. == 4) Solution Upgrade to version 2.0.4.8. == 5) Time Table 25/07/2011 - Vendor notified. 25/07/2011 - Vendor response. 27/12/2011 - Vendor releases fixed version. 11/01/2012 - Public disclosure. == 6) Credits Discovered by Carsten Eiram, Secunia Research. == 7) References The Common Vulnerabilities and Exposures (CVE) project has assigned CVE-2012-0266 for the vulnerabilities. == 8) About Secunia Secunia offers vulnerability management solutions to corporate customers with verified and reliable vulnerability intelligence relevant to their specific system configuration: http://secunia.com/advisories/business_solutions/ Secunia also provides a publicly accessible and comprehensive advisory database as a service to the security community and private individuals, who are interested in or concerned about IT-security. http://secunia.com/advisories/ Secunia believes that it is important to support the community and to do active vulnerability research in order to aid improving the security and reliability of software in general: http://secunia.com/secunia_research/ Secunia regularly hires new skilled team members. Check the URL below to see currently vacant positions: http://secunia.com/corporate/jobs/ Secunia offers a FREE mailing list called Secunia Security Advisories: http://secunia.com/advisories/mailing_lists/ == 9) Verification Please verify this advisory by visiting the Secunia website: http://secunia.com/secunia_research/2012-1/ Complete list of vulnerability reports published by Secunia Research: http://secunia.com/secunia_research/ ==
Secunia Research: NTR ActiveX Control StopModule() Input Validation Vulnerability
== Secunia Research 11/01/2012 - NTR ActiveX Control StopModule() Input Validation Vulnerability - == Table of Contents Affected Software1 Severity.2 Description of Vulnerability.3 Solution.4 Time Table...5 Credits..6 References...7 About Secunia8 Verification.9 == 1) Affected Software * NTR ActiveX Control version 1.1.8. NOTE: Other versions may also be affected. == 2) Severity Rating: Highly critical Impact: System compromise Where: Remote == 3) Description of Vulnerability Secunia Research has discovered a vulnerability in NTR ActiveX control, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by missing input validation in the handling of the StopModule() method and can be exploited via a specially crafted lModule parameter to reference an expected module structure at an arbitrary memory address. This can be exploited to dereference an arbitrary value in memory as a function pointer. Successful exploitation allows execution of arbitrary code. == 4) Solution Upgrade to version 2.0.4.8. == 5) Time Table 25/07/2011 - Vendor notified. 25/07/2011 - Vendor response. 27/12/2011 - Vendor releases fixed version. 11/01/2012 - Public disclosure. == 6) Credits Discovered by Carsten Eiram, Secunia Research. == 7) References The Common Vulnerabilities and Exposures (CVE) project has assigned CVE-2012-0267 for the vulnerability. == 8) About Secunia Secunia offers vulnerability management solutions to corporate customers with verified and reliable vulnerability intelligence relevant to their specific system configuration: http://secunia.com/advisories/business_solutions/ Secunia also provides a publicly accessible and comprehensive advisory database as a service to the security community and private individuals, who are interested in or concerned about IT-security. http://secunia.com/advisories/ Secunia believes that it is important to support the community and to do active vulnerability research in order to aid improving the security and reliability of software in general: http://secunia.com/secunia_research/ Secunia regularly hires new skilled team members. Check the URL below to see currently vacant positions: http://secunia.com/corporate/jobs/ Secunia offers a FREE mailing list called Secunia Security Advisories: http://secunia.com/advisories/mailing_lists/ == 9) Verification Please verify this advisory by visiting the Secunia website: http://secunia.com/secunia_research/2012-2/ Complete list of vulnerability reports published by Secunia Research: http://secunia.com/secunia_research/ ==
[SECURITY] [DSA 2387-1] simplesamlphp security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2387-1 secur...@debian.org http://www.debian.org/security/ Thijs Kinkhorst January 11, 2012 http://www.debian.org/security/faq - - Package: simplesamlphp Vulnerability : insufficient input sanitation Problem type : remote Debian-specific: no timtai1 discovered that simpleSAMLphp, an authentication and federation platform, is vulnerable to a cross site scripting attack, allowing a remote attacker to access sensitive client data. The oldstable distribution (lenny) does not contain a simplesamlphp package. For the stable distribution (squeeze), this problem has been fixed in version 1.6.3-3. For the unstable distribution (sid), this problem has been fixed in version 1.8.2-1. We recommend that you upgrade your simplesamlphp packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBAgAGBQJPDdkuAAoJEOxfUAG2iX57HB0H/jMz8Q0ihRk45qfXlJoOYZK9 QlpCWWB0U3bYTMHI0xAMXYa46+iSoD1he+xnsiXjuqBWox0XuRjDWItIjz71W7nQ oMG5j288dwo8euyo+wnaAEPSUcJBAEMH3b7ZGYLh/AF1Bp2thZ0I4o29irmynZY/ eKIx7Hukwsony1m+czw0ouUv47ZfRchFtQUyDNBqMOIWhDdpf5JNPP22QBPWL+hQ UWQEUDygvNx8dsUMyv5XsWg8//ErC55a7wjzPgCM/ekC5960QLxPFTZgmXWkNO0e S5MfXkiFY78cV184gbulDmeZ3cSgJCX9f0hehP4JNvuslJXRBWrY6NgFx1wEVaA= =JllB -END PGP SIGNATURE-