vulnerability issue for DB2 express
Hello, I got a vulnerability Report and in this report the issue is related to IBM DB2 Universal Database version 6.1 allows users to cause a denial of service via a malformed query and the CVE-2001-0052. i dont know the proper solution or patch file to fix this issue. Kindly help me with the same. Thanks
XSS on Juniper JUNOS 11.4 Embedthis Appweb 3.2.3
Vulnerability Type: (XSS) Cross-Site Scripting - Original release date: November 11th, 2013 - Last revised: November 11th, 2013 - Discovered by: Andrea Bodei - A2SECURE - Severity: 4.3/10 (CVSSv2 Base Scored) Products and affected versions: JUNOS up to 11.4 (probably 12.1 and 12.3 vulnerable) Vulnerability Discovered by: Andrea Bodei - i...@andreabodei.com Company: A2SECURE - España A2Secure Website: http://www.A2secure.com Vendor Website: http://www.juniper.net Application Website: http://freecode.com/projects/appweb == Background == Juniper Networks, Inc. is an American manufacturer of networking equipment founded in 1996 by Mark Burke. It is headquartered in Sunnyvale, California, USA. The company designs and sells high-performance Internet Protocol network products and services. Juniper's main products include T-series, M-series, E-series, MX-series, and J-series families of routers, EX-series Ethernet switches and SRX-series security products. Junos, Juniper's own network operating system, runs on most Juniper products. == Vulnerability Details == JUNOS versions 11.4, 12.1 can be managed by a web login on HTTPS port 443 through EmbedThis AppWeb Webserver 3.2.3 that is prone to (XSS) Cross Site Vulnerability in the index.php error parameter due to insufficient sanitising of special characters that allows to execute arbitrary scripts in the context of the user's browser. This vulnerability could be exploited to manipulate a client session, steal tokens, steal credentials, execute administrative task, impersonate a legitimate user, perform transactions as that user or for phishing. Juniper should try to upgrade it's OS with latest release of EmbedThis 4.4.1 or better and implement a special characters filtering == Proof Of Concepts == This URLs just pop up a custom number/lecter/word/phrase: https://xxx.xxx.xxx.xxx/index.php?name=Your_Accounterror=1%22%3E%3Cscript%3Ealert%281538%29%3C%2Fscript%3Euname=bGF https://xxx.xxx.xxx.xxx/index.php?name=Your_Accounterror=1%22%3E%3Cscript%3Ealert%28HACKED%29%3C%2Fscript%3Euname=bGF == Credits/Author == Andrea Bodei A2Secure.com == Disclaimer == All information is provided without warranty. The intent is to provide information to secure infrastructure and/or systems, not to be able to attack or damage. Therefore A2Secure shall not be liable for any direct or indirect damages that might be caused by using this information.
WebSurgery v1.1 released (Web application security testing suite)
Overview Sunrise is proudly announces WebSurgery v1.1! WebSurgery is a suite of tools for security testing of web applications. It is designed to address the ongoing needs of security auditors so to facilitate them with web application planning and exploitation. Suite currently contains a spectrum of efficient, fast and stable web tools (Crawler, Bruteforcer, Fuzzer, Proxy, Editor) and some extra functionality tools (Scripting Filters, List Generator, External Proxy). Tools - Crawler Crawler is designed to be fast, accurate, stable and completely parameterized using advanced techniques to extract links from HTML, CSS, Javascript and AJAX. - Bruteforcer Bruteforcer for files and directories within the web application which helps to identify the hidden structure. - Fuzzer Fuzzer is a highly advanced tool to create a number of requests based on one initial request. Can be used to exploit (Blind) SQL Injections, Cross Site Scripting (XSS), Denial of Service (DOS), Bruteforce for Username / Password Authentication Login Forms and identification of Improper Input Handling and Firewall / Filtering Rules. - Proxy Proxy is a server running locally and will allow you to analyze, intercept and manipulate HTTP/HTTPS requests coming from your browser or other application which support proxies. - Editor Advanced ASCII/HEX Editor to manipulate individual requests. Extra - Scripting Filters Advanced Scripting Filters to filter specific requests / responses with support of regular expressions and large number of variables. - List Generator List Generator for different list types (File, Charset, Numbers, Dates, IP Addresses, Custom) with additional rules support. - External Proxy External Proxy redirects suite's traffic to another HTTP/SOCKS proxy. Download Documentation == http://sunrisetech.gr/?page=websurgerytab=download Best regards, John Stamatakis Sunrise Technologies
WebSurgery v1.1 released (Web application security testing suite)
Overview Sunrise is proudly announces WebSurgery v1.1! WebSurgery is a suite of tools for security testing of web applications. It is designed to address the ongoing needs of security auditors so to facilitate them with web application planning and exploitation. Suite currently contains a spectrum of efficient, fast and stable web tools (Crawler, Bruteforcer, Fuzzer, Proxy, Editor) and some extra functionality tools (Scripting Filters, List Generator, External Proxy). Tools - Crawler Crawler is designed to be fast, accurate, stable and completely parameterized using advanced techniques to extract links from HTML, CSS, Javascript and AJAX. - Bruteforcer Bruteforcer for files and directories within the web application which helps to identify the hidden structure. - Fuzzer Fuzzer is a highly advanced tool to create a number of requests based on one initial request. Can be used to exploit (Blind) SQL Injections, Cross Site Scripting (XSS), Denial of Service (DOS), Bruteforce for Username / Password Authentication Login Forms and identification of Improper Input Handling and Firewall / Filtering Rules. - Proxy Proxy is a server running locally and will allow you to analyze, intercept and manipulate HTTP/HTTPS requests coming from your browser or other application which support proxies. - Editor Advanced ASCII/HEX Editor to manipulate individual requests. Extra - Scripting Filters Advanced Scripting Filters to filter specific requests / responses with support of regular expressions and large number of variables. - List Generator List Generator for different list types (File, Charset, Numbers, Dates, IP Addresses, Custom) with additional rules support. - External Proxy External Proxy redirects suite's traffic to another HTTP/SOCKS proxy. Download Documentation == http://sunrisetech.gr/?page=websurgerytab=download Best regards, John Stamatakis Sunrise Technologies
