Axis VoIP Manager v2.1.5.7 - Multiple Web Vulnerabilities
Title: == Axis VoIP Manager v2.1.5.7 - Multiple Web Vulnerabilities Date: = 2012-09-09 References: === http://www.vulnerability-lab.com/get_content.php?id=686 VL-ID: = 686 Common Vulnerability Scoring System: 2.3 Introduction: = Feel free to create Schedules (in PBX Features), Inbound Routes, User Extensions (individually or using Bulk Generator in Extensions Directory), Feature Dial Codes (in PBX Features - Feature Dial Codes), IVR Menus (in PBX Features), ACD Queues, etc. (Copy of the Vendor Homepage: http://www.axint.net/voip/ ) Abstract: = The Vulnerability Laboratory Research Team discovered multiple cross site scripting vulnerabilities in the Axis VoIP Manager v2.1.5.7. Report-Timeline: 2011-09-07: Public Disclosure Status: Unpublished Affected Products: == Axis Product: VoIP Manager v2.1.5.7 Exploitation-Technique: === Remote Severity: = Medium Details: Multiple non persistent cross site scripting vulnerabilities are detected in the Axis VoIP Manager User Portal v2.1.5.7. The vulnerability allows an attackers (remote) to hijack website customer, moderator or admin sessions with medium or high required user inter action. The bugs are located on client side in the contact_chooser.cgi and contacts.cgi files with the bound vulnerable lastname, firstname, department, contact or manageg_usr application parameters. Successful exploitation result in application account steal, client side phishing client-side content request manipulation. Exploitation requires medium or high user inter action without privileged web application user account. Vulnerable Module(s): [+] contact_chooser.cgi [+] contacts.cgi Vulnerable Parameter(s): [+] lastname, firstname department [+] contact [+] managed_usr Proof of Concept: = The client side cross site scripting vulnerabilities can be exploited by remote attackers with medium or high required user inter action and without privileged application user account. For demonstration or reproduce ... Selection Filter https://voip01.127.0.0.1:5999/asterisk/contacts.cgi?usr=demo-100type=1type_selector=2lastname=lastname_match=1firstname= firstname_match=1department=%22%3E%3Ciframe%20src=a%20onload=alert%28%22HI%22%29%20%3Cdepartment_match=1action=Select https://voip01.127.0.0.1:5999/asterisk/contacts.cgi?usr=demo-100type=1type_selector=2lastname= lastname_match=1firstname=%22%3E%3Ciframe%20src=a%20onload=alert%28%22HI%22%29%20%3Cfirstname_match= 1department=department_match=1action=Select https://voip01.127.0.0.1:5999/asterisk/contacts.cgi?usr=demo-100type=1type_selector=2; lastname= %22%3E%3Ciframe%20src=a%20onload=alert%28%22HI%22%29%20%3Clastname_match=1firstname=firstname_match= 1department=department_match=1action=Select Contact Chooser https://voip01.127.0.0.1:5999/asterisk/contact_chooser.cgi?contact=%22%3E %3Ciframe%20src=a%20onload=alert%28%22HI%22%29%20%3C managed_usr - listing https://voip01.127.0.0.1:5999/asterisk/contacts.cgi?type=2usr=demo-100managed_usr=%22%3E%3Ciframe%20src= a%20onload=alert%28%22HI%22%29%20%3Ctype_selector=2lastname=lastname_match=1firstname= firstname_match=1department=department_match=1action=Select+ Risk: = The security risk of the non persistent (client side) cross site scripting vulnerabilities are estimated as low(+)|(-)medium. Credits: Vulnerability Laboratory [Research Team] -Benjamin Kunz Mejri (b...@vulnerability-lab.com) Disclaimer: === The information provided in this advisory is provided as it is without any warranty. Vulnerability-Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability- Lab or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business profits or special damages, even if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. We do not approve or encourage anybody to break any vendor licenses, policies, deface websites, hack into databases or trade with fraud/stolen material. Domains:www.vulnerability-lab.com - www.vuln-lab.com - www.vulnerability-lab.com/register Contact:ad...@vulnerability-lab.com - supp...@vulnerability-lab.com - resea...@vulnerability-lab.com Section:video.vulnerability-lab.com - forum.vulnerability-lab.com -
SonicWALL EMail Security 7.3.5 - Multiple Vulnerabilities
Title: == SonicWALL EMail Security 7.3.5 - Multiple Vulnerabilities Date: = 2012-08-14 References: === http://www.vulnerability-lab.com/get_content.php?id=543 VL-ID: = 543 Common Vulnerability Scoring System: 3.5 Introduction: = While most businesses now have some type of anti-spam protection, many must deal with cumbersome management, frustrated users, inflexible solutions, and a higher-than-expected total cost of ownership. SonicWALL® Email Security can help. Elegantly simple to deploy, manage and use, award-winning SonicWALL Email Security solutions employ a variety of proven and patented technology designed to block spam and other threats effectively, easily and economically. With innovative protection techniques for both inbound and outbound email plus unique management tools, the Email Security platform delivers superior email protection today—while standing ready to stop the new attacks of tomorrow. SonicWALL Email Security can be flexibly deployed as a SonicWALL Email Security Appliance, as a software application on a third party Windows® server, or as a SonicWALL Email Security Virtual Appliance in a VMW® environment. The SonicWALL Email Security Virtual Appliance provides the same powerful protection as a traditional SonicWALL Email Security appliance, only in a virtual form, to optimize utilization, ease migration and reduce capital costs. (Copy of the Vendor Homepage: http://www.sonicwall.com/us/products/Anti-Spam_Email_Security.html) Abstract: = Vulnerability Laboratory Research Team discovered multiple Web Vulnerabilities in SonicWalls UTM Email Security v7.3.5.6379 Virtual Appliance. Report-Timeline: 2012-05-02: Researcher Notification Coordination 2012-05-03: Vendor Notification 2012-05-10: Vendor Response/Feedback 2012-08-14: Public or Non-Public Disclosure (90 Days passed) 2012-09-17: Vendor Fix/Patch Status: Published Affected Products: == SonicWall Product: AntiSpam EMail Security Appliance Application v7.3.5.6379 Exploitation-Technique: === Remote Severity: = Medium Details: 1.1 Multiple persistent input validation vulnerabilities are detected in SonicWalls UTM Email Security v7.3.5.6379 Virtual Appliance. The vulnerability allows an remote attacker or local low privileged user account to inject/implement malicious persistent script code on application side of the email security appliance application. The vulnerabilities are located on the Compliance Virus protection procedures module when processing to load unsanitized inputs as output listing of a configuration. Vulnerable values are floodMsgThreshold, zombieNoOfQuarantine, zombieNoOfMessageFromOneUser, safeModeNoOfQuarantine, safeModeNoOfMessageFromOneUser, zombieAllowEmailAddrs floodMsgThresholdShadow. Successful exploitation of the vulnerability result in session hijacking, persistent phishing requests stable persistent module context manipulation. Vulnerable Module(s): [+] Virenschutzverfahren [-] Ausgehend (Outgoing) - Listing Exceptions [+] Compliance Module [-] Approval Ordner Add new Approval Folder 1.2 Multiple client side cross site scripting vulnerabilities are detected in SonicWalls UTM Email Security v7.3.5.6379 Virtual Appliance. The vulnerability allows an remote attacker to manipulate client side appliance requests with medium required user inter action. Successful exploitation results in sessio hijacking, account steal, client side phishing requests or manipulated context exection on client side requests. The vulnerabilities are located on the `from`- `row` page listing values. Successful exploitation of the vulnerability result in client side session hijacking, non-persistent phishing requests non-persistent module context manipulation. Vulnerable Module(s): [+] Listing Page (?from ?row) Proof of Concept: = 1.1 The persistent input validation vulnerabilities can be exploited by remote attackers with low privileged user accounts. For demonstration or reproduce ... PoC: Ausgehend (Outgoing) - Listing Exceptions input disabled=disabled id=floodMsgThreshold name=floodMsgThreshold value= type=hiddeniframe src=virus_config-Dateien/a.htm [EXECUTE/INJECT PERSISTENT CODE!]' = input type=hidden id=floodInterval name=floodInterval value=1/ ... or input type=text name=zombieNoOfQuarantine size=3 value=iframe src=a [EXECUTE/INJECT PERSISTENT CODE!]) id=zombieNoOfQuarantine ... or amp;lt;input type=text name=zombieNoOfMessageFromOneUser size=3 value=iframe src=a [EXECUTE/INJECT PERSISTENT CODE!]) id=zombieNoOfMessageFromOneUser ... or input type=text
Fortigate UTM WAF Appliance - Multiple Web Vulnerabilities
Title:
==
Fortigate UTM WAF Appliance - Multiple Web Vulnerabilities
Date:
=
2012-09-06
References:
===
http://www.vulnerability-lab.com/get_content.php?id=557
VL-ID:
=
557
Common Vulnerability Scoring System:
5
Introduction:
=
The FortiGate series of multi-threat security systems detect and eliminate the
most damaging, content-based threats from email
and Web traffic such as viruses, worms, intrusions, inappropriate Web content
and more in real time - without degrading
network performance.
Ranging from the FortiGate-30 series for small offices to the FortiGate-5000
series for large enterprises, service providers and
carriers, the FortiGate line combines the FortiOS™ security operating system
with FortiASIC processors and other hardware to provide
a comprehensive and high-performance array of security and networking functions
including:
* Firewall, VPN, and Traffic Shaping
* Intrusion Prevention System (IPS)
* Antivirus/Antispyware/Antimalware
* Web Filtering
* Antispam
* Application Control (e.g., IM and P2P)
* VoIP Support (H.323. and SCCP)
* Layer 2/3 routing
* Multiple WAN interface options
FortiGate appliances provide cost-effective, comprehensive protection against
network, content, and application-level threats - including
complex attacks favored by cybercriminals - without degrading network
availability and uptime. FortiGate platforms incorporate sophisticated
networking features, such as high availability (active/active, active/passive)
for maximum network uptime, and virtual domain (VDOM)
capabilities to separate various networks requiring different security policies.
Since 2009 Fortigate appliance series got certified by the U.S. Army and is now
listed in the
Information Assurance Approved Products List (IA APL). The military provides
high security
standards to secure outdoor camps, air base, offices with fortigate hardware.
(Copy from the Vendor Homepage: http://www.fortinet.com/products/fortigate )
Abstract:
=
Vulnerability-Lab Research Team discovered multiple persistent Web
Vulnerabilities in the FortiGate UTM Appliance Application.
Report-Timeline:
2012-05-06: Researcher Notification Coordination
2012-05-10: Vendor Notification
2012-06-11: Vendor Response/Feedback
2012-08-25: Vendor Fix/Patch ( Fixed in FortiOS v4.3.8 B0537 Fixed in
FortiOS v5.0 )
2012-09-06: Public or Non-Public Disclosure
Status:
Published
Affected Products:
==
Fortigate
Product: UTM Appliance Application vFortiGate-5000 Series;FortiGate-3950
Series;FortiGate-3810A;
Exploitation-Technique:
===
Remote
Severity:
=
High
Details:
Multiple input validation vulnerabilities(persistent) are detected in the
FortiGate UTM Appliance Application. Remote attackers
low privileged user accounts can inject (persistent) own malicious script
code to manipulate specific customer/admin requests.
The vulnerability allows an local low privileged attacker to manipulate the
appliance(application) via persistent script code
inject. The vulnerability is locaed in the Add or Tags module category listing
with the bound vulnerable applied tags tags display parameters.
Successful exploitation results in content module request manipulation,
execution of persistent malicious script code, session
hijacking, account steal persistent phishing.
Vulnerable Module(s): (Persistent)
[+] Tags - Applied tags
[+] Add - Tags Display
Interface - UTM WAF Web Application [Appliance]
FortiGate-5000 Series;FortiGate-3950
Series;FortiGate-3810A;FortiGate-3600A;FortiGate-3016B;FortiGate-1240B
FortiGate-800;FortiGate-620B;FortiGate-311B;FortiGate-310B;FortiGate-300A;FortiGate-224B;FortiGate-200B
Series
Proof of Concept:
=
The persistent vulnerabilities can be exploited by remote attackers with low
required user inter action or low
privileged user account. For demonstration or reproduce ...
Code Review:Tags - Applied tags [Box] Listing
URL:
http://appliance.127.0.0.1:1337/firewall/policy/policy6?expanded=#
name=``addr_dlg`` action=``/firewall/address/add`` onsubmit=``if
(!fwad_form_check('Please choose one address/group.',
'Please choose one interface to connect.')) return false; if
(document.forms[0].submitFlag) return false; document.forms[0].
submitFlag = true;``
tabletbodytr
td align=``left`` width=``150``nobrAddress Name/nobr/td
td align=``left``input
name=``name`` size=``64`` maxlength=``63`` value=``all`` type=``text``
/td
/tr
tr
tdColor/td
tdspan colorclassprefix=``addr_ipv6_
`` class=``icon_fw addr_ipv6_13`` id=``addressIcon``/span a href=``#``
id=``addressColor`` cscolorvalue=``0``[Change]input value=``13``
name=``csColor1``
[security bulletin] HPSBMU02813 SSRT100712 rev.1 - HP Operations Orchestration, Remote Execution of Arbitrary Code
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c03490339 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03490339 Version: 1 HPSBMU02813 SSRT100712 rev.1 - HP Operations Orchestration, Remote Execution of Arbitrary Code NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2012-09-17 Last Updated: 2012-09-17 Potential Security Impact: Remote execution of arbitrary code Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY A potential security vulnerability has been identified with HP Operations Orchestration. The vulnerability could be remotely exploited to allow execution or arbitrary code. References: CVE-2012-3258, ZDI-CAN-1456 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP Operations Orchestration v9.0 BACKGROUND CVSS 2.0 Base Metrics === Reference Base Vector Base Score CVE-2012-3258(AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 === Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 The Hewlett-Packard Company thanks Andrea Micalizzi aka rgod for working with the TippingPoint Zero Day Initiative to report these vulnerabilities to security-al...@hp.com RESOLUTION HP has provided HP Operations Orchestration patch v9.03 which resolves this issue. Note: All patches after v9.03.0001 resolve the vulnerability. The latest available patch for HP Operations Orchestration is v9.05. Obtain HP Operations Orchestration is v9.05 from HP Software Support Online at http://support.openview.hp.com/downloads.jsp . HISTORY Version:1 (rev.1) - 17 September 2012 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-al...@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-al...@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c02964430 Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2012 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided as is without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAlBXmZ8ACgkQ4B86/C0qfVm4egCaA9o9VTtsArBN7k+mEEFN3YOc alYAnAiA9JeGVNTpBzOtAKnFeTQ/WxsE =HNJ8 -END PGP SIGNATURE-
Fortigate UTM WAF Appliance - Cross Site Vulnerabilities
Title: == Fortigate UTM WAF Appliance - Cross Site Vulnerabilities Date: = 2012-09-07 References: === http://www.vulnerability-lab.com/get_content.php?id=559 VL-ID: = 559 Common Vulnerability Scoring System: 3.5 Introduction: = The FortiGate series of multi-threat security systems detect and eliminate the most damaging, content-based threats from email and Web traffic such as viruses, worms, intrusions, inappropriate Web content and more in real time - without degrading network performance. Ranging from the FortiGate-30 series for small offices to the FortiGate-5000 series for large enterprises, service providers and carriers, the FortiGate line combines the FortiOS™ security operating system with FortiASIC processors and other hardware to provide a comprehensive and high-performance array of security and networking functions including: * Firewall, VPN, and Traffic Shaping * Intrusion Prevention System (IPS) * Antivirus/Antispyware/Antimalware * Web Filtering * Antispam * Application Control (e.g., IM and P2P) * VoIP Support (H.323. and SCCP) * Layer 2/3 routing * Multiple WAN interface options FortiGate appliances provide cost-effective, comprehensive protection against network, content, and application-level threats - including complex attacks favored by cybercriminals - without degrading network availability and uptime. FortiGate platforms incorporate sophisticated networking features, such as high availability (active/active, active/passive) for maximum network uptime, and virtual domain (VDOM) capabilities to separate various networks requiring different security policies. Fortigate applainces are Pentagon US Military certified. The military provides high security standards save outdoor camps, air base, offices with fortigate hardware. (Copy from the Vendor Homepage: http://www.fortinet.com/products/fortigate ) Abstract: = Vulnerability-Lab Research Team discovered multiple non-persistent Web Vulnerabilities in the FortiGates UTM Appliance Application. Report-Timeline: 2012-05-07: Researcher Notification Coordination 2012-05-10: Vendor Notification 2012-06-08: Vendor Response/Feedback 2012-08-30: Vendor Fix/Patch ( FortiOS v4.3.8 B0630 FortiOS v5.0 B064 ) 2012-09-07: Public or Non-Public Disclosure Status: Published Affected Products: == Fortigate Product: UTM Firewall Appliance Application vFortiGate-5000 Series;FortiGate-3950 Series;FortiGate-3810A; Exploitation-Technique: === Remote Severity: = Medium Details: Multiple input validation vulnerabilities (non-persistent) are detected in the FortiGates UTM Appliance Application. The vulnerability allows remote attackers to hijack admin/customer sessions with required user inter action (client-side). Successful exploitation allows to phish user accounts, hijacking sessions, redirect over client side requests or manipulate website context on client-side browser requests. Vulnerable Module(s): (Non-Persistent) [+] Exception Handling - objusagedlg [+] WiFi-controller SSID - Topic [+] Display Message - Title Message Picture(s): ../1.png ../2.png Interface - UTM WAF Web Application [Appliance] FortiGate-5000 Series;FortiGate-3950 Series;FortiGate-3810A;FortiGate-3600A;FortiGate-3016B;FortiGate-1240B FortiGate-800;FortiGate-620B;FortiGate-311B;FortiGate-310B;FortiGate-300A;FortiGate-224B;FortiGate-200B Series Proof of Concept: = The non-persistent vulnerability can be exploited by remote attackers with medium or high required user inter action. For demonstration or reproduce ... Code Review:Exception Handling - objusagedlg URL:http://appliance.127.0.0.1:137/objusagedlg?type=220mkey= div style=text-align: center;h2WiFi-controller SSID span class=emphasized_msg[EXECUTES NON-PERSISTENT SCRIPTCODE HERE!] /span is used by:/h2divTotal References: span id=total_refcount/span/divdiv class=info_msgspan id=total_unused /span object types that may be configured to use this object have no references (span id=unused_toggle/span)/div form name=search_paramsinput name=type value=220 type=hiddeninput name=mkey value= type=hidden iframe src=objusagedlg-Dateien/hack.htm [EXECUTES NON-PERSISTENT SCRIPTCODE HERE!]' =input type=hidden name=mkey_display value= //formdiv id=reftable-container/div Code Review:Display Message - Title Message URL: https://appliance.127.0.0.1:137/displaymessage?url=/webfilter/profile/dlgtitle= td[EXECUTES NON-PERSISTENT SCRIPTCODE HERE!]' = td= /tr /table/td /tr tr td
APPLE-SA-2012-09-17-1 Apple Remote Desktop 3.5.3
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 APPLE-SA-2012-09-17-1 Apple Remote Desktop 3.5.3 Apple Remote Desktop 3.5.3 is now available and addresses the following: Apple Remote Desktop Available for: Apple Remote Desktop 3.0 or later Impact: Connecting to a third-party VNC server with Encrypt all network data set may lead to information disclosure Description: When connecting to a third-party VNC server with Encrypt all network data set, data is not encrypted and no warning is produced. This issue is addressed by creating an SSH tunnel for the VNC connection in this configuration, and preventing the connection if the SSH tunnel cannot be created. This issue does not affect Apple Remote Desktop 3.5.1 and earlier. CVE-ID CVE-2012-0681 : Mark S. C. Smith studying at Central Connecticut State University Apple Remote Desktop 3.5.3 may be obtained from the Software Update pane in System Preferences, or Apple's Software Downloads web site: http://www.apple.com/support/downloads/ The download file is named: RemoteDesktopAdmin353.dmg Its SHA-1 digest is: 7fd3a92dcd0e495e94a575bd09b333a89049c877 Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJQV6+hAAoJEPefwLHPlZEwd5sP/1K5O7GdP0mQlCi24qh7m/2r rYtk8ZaSOIAWh/qEvyBUSdhukvRTG1i+Dh6L6N9rPBvnCIxJM0MzubrA8zMt N3uSsj1pHwWB9pF6WqOMwMkBzoK76nGfFQqAZ3jSVXub4Nvuiqr2rhadADq2cbf1 ZqJ/1ikdx3k2EmQwhVQnT4svZyGXllLE5YlmIqu/swxHBDnKZS1R1oqUNJBTMsHs XI7Z+KAsPa8OIpaSMwzmW2f8I3d4+Q+KB3sgg2U3D+ujBn67It6LBt/6kcS3y9RO 3J6evTHwfpiDZHE0WZGJHho0vkQoqxFyBo26B4o2FU/UJC9chOeHugll/ywqw8Qg e3pjwqjNP8cHCR8HAFXRQuSgujDEVwgowsBRekk9uTLgfziNQzxTz8Y60QbFPohc BMvnt4JtmfQsp+MDAPWPlKHzwODGlJxIGYj3dyOLOCYnqlGaICkJ8N9d/FMcFy5H 8semGV++Q8nVPC0P9Ck3/OgzRutAtrmtrGsp+7bGDEQjyKQaW+UUFXFWs6rvNsd1 +T5I9VYYwR9jI18xRy7uSFqsXeaU9M66p7TzdtU2foF6G9tLrXoZAO9hdq8d9sSt AIjuQnHgAvO0GwiMDyPvoBVoKHCeMcvg3UZ4ImhcdNdl9gwOn1uHWZhcSUdhh4gB 2TfSvmuSBhXRPwL7LpvX =c/L5 -END PGP SIGNATURE-
NGS00267 Patch Notification: Symantec Messaging Gateway SSH with backdoor user account
High risk vulnerability in Symantec Messaging Gateway 18 September 2012 Ben Williams of NCC Group has discovered a High risk vulnerability in Symantec Messaging Gateway Impact: Unauthorised SSH access Versions affected: Symantec Messaging Gateway 9.5.3-3 An updated version of the software has been released to address the vulnerability: http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisorypvid=security_advisoryyear=2012suid=20120827_00 NCC Group is going to withhold details of this flaw for three months. This three month window will allow users the time needed to apply the patch before the details are released to the general public. This reflects the NCC Group approach to responsible disclosure. NCC Group Research http://www.nccgroup.com For more information please visit a href=http://www.mimecast.com;http://www.mimecast.combr This email message has been delivered safely and archived online by Mimecast. /a
NGS00268 Patch Notification: Symantec Messaging Gateway Out-of-band stored XSS - delivered by email
Critical vulnerability in Symantec Messaging Gateway 18 September 2012 Ben Williams of NCC Group has discovered a critical vulnerability in Symantec Messaging Gateway Impact: Out-of-band stored XSS via email Versions affected: Symantec Messaging Gateway 9.5.3-3 An updated version of the software has been released to address the vulnerability: http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisorypvid=security_advisoryyear=2012suid=20120827_00 NCC Group is going to withhold details of this flaw for three months. This three month window will allow users the time needed to apply the patch before the details are released to the general public. This reflects the NCC Group approach to responsible disclosure. NCC Group Research http://www.nccgroup.com For more information please visit a href=http://www.mimecast.com;http://www.mimecast.combr This email message has been delivered safely and archived online by Mimecast. /a
NGS00263 Patch Notification: Symantec Messaging Gateway - Easy CSRF to add a backdoor-administrator
High risk vulnerability in Symantec Messaging Gateway 18 September 2012 Ben Williams of NCC Group has discovered a high risk vulnerability in Symantec Messaging Gateway Impact: Addition of a backdoor administrator via CSRF Versions affected: Symantec Messaging Gateway 9.5.3-3 An updated version of the software has been released to address the vulnerability: http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisorypvid=security_advisoryyear=2012suid=20120827_00 NCC Group is going to withhold details of this flaw for three months. This three month window will allow users the time needed to apply the patch before the details are released to the general public. This reflects the NCC Group approach to responsible disclosure. NCC Group Research http://www.nccgroup.com For more information please visit a href=http://www.mimecast.com;http://www.mimecast.combr This email message has been delivered safely and archived online by Mimecast. /a
NGS00265 Patch Notification: Symantec Messaging Gateway - Unauthenticated detailed version disclosure
Low risk vulnerability in Symantec Messaging Gateway 18 September 2012 Ben Williams of NCC Group has discovered a low risk vulnerability in Symantec Messaging Gateway Impact: Unauthenticated detailed version disclosure Versions affected: Symantec Messaging Gateway 9.5.3-3 An updated version of the software has been released to address the vulnerability: http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisorypvid=security_advisoryyear=2012suid=20120827_00 NCC Group is going to withhold details of this flaw for three months. This three month window will allow users the time needed to apply the patch before the details are released to the general public. This reflects the NCC Group approach to responsible disclosure. NCC Group Research http://www.nccgroup.com For more information please visit a href=http://www.mimecast.com;http://www.mimecast.combr This email message has been delivered safely and archived online by Mimecast. /a
NGS00266 Patch Notification: Symantec Messaging Gateway Arbitrary file download is possible with a crafted URL
Medium risk vulnerability in Symantec Messaging Gateway 18 September 2012 Ben Williams of NCC Group has discovered a Medium risk vulnerability in Symantec Messaging Gateway Impact: Authenticated arbitrary file download Versions affected: Symantec Messaging Gateway 9.5.3-3 An updated version of the software has been released to address the vulnerability: http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisorypvid=security_advisoryyear=2012suid=20120827_00 NCC Group is going to withhold details of this flaw for three months. This three month window will allow users the time needed to apply the patch before the details are released to the general public. This reflects the NCC Group approach to responsible disclosure. NCC Group Research http://www.nccgroup.com For more information please visit a href=http://www.mimecast.com;http://www.mimecast.combr This email message has been delivered safely and archived online by Mimecast. /a
Vbulletin (blog_plugin_useradmin) v4.1.12 Sql Injection Vulnerability
a bug in Vbulletin (blog_plugin_useradmin) v4.1.12 that allows to us to occur a Sql Injection on a Remote machin. # # # Exploit Title : Vbulletin (blog_plugin_useradmin) v4.1.12 Sql Injection Vulnerability # # Author: IrIsT.Ir # # Discovered By : Am!r # # Home : http://IrIsT.Ir/forum # # Software Link : http://www.Vbulletin.com/ # # Security Risk : High # # Version : All Version # # Tested on : GNU/Linux Ubuntu - Windows Server - win7 # # Dork : intext:Powered By Vbulletin 4.1.12 # # # # Expl0iTs : # # http://target.com/includes/blog_plugin_useradmin.php?do=usercssamp;u=[Sql] # # # # Greats : B3HZ4D - nimaarek - Net.W0lf - Dead.Zone - C0dex - SpooferNinja - TaK.FaNaR - Nafsh - BestC0d3r # # 0x0ptim0us - TaK.FaNaR - m3hdi - F@rid - Siamak.Black - H4x0r - dr.tofan - skote_vahshat - # # d3c0d3r - Samim.S - Mr.Xpr M.R.S.CO Mr.Cicili H-SK33PY All Members In Www.IrIsT.Ir/forum # #
