XSS in Elgg 1.8.12, 1.7.16 (core module "Twitter widget")

in the upcoming (?) 1.8.13 release. This was originally reported by Moritz Naumann http://moritz-naumann.com on January 17, to security[at]elgg.org, and got me a prompt vendor reply. Coordination of advisory release is something to improve upon next time. A CVE ID has, to my knowledg

Alice (Telefonica Germany) Modem 1111 DoS + XSS

h, explaining that this does not help any of the clients who are already using this device, were not responded to (other than by confirming receipt). The same ISP has their 'secure' client area accessed via https://www.alice-dsl.de which has obvious implementation flaws: https://www.ss

Re: [SquirrelMail-Security] XSS in Squirrelmail plugin 'Virtual Keyboard' <= 0.9.1

Hi Paul, On 16.10.2010 02:44 Paul Lesniewski wrote: > On Tue, Oct 5, 2010 at 9:28 AM, Moritz Naumann > wrote: >> Squirrelmail plugin 'Virtual Keyboard' version 0.9.1 and lower is >> vulnerable to cross site scripting (XSS). [..] > As a member of the SquirrelMa

[Suspected Spam]XSS in Squirrelmail plugin 'Virtual Keyboard' <= 0.9.1

l team has not yet made it to update this plugin in their repository at http://squirrelmail.org/plugin_view.php?id=159 so far, so this is the first public release I am aware of. Thanks for reading, Moritz Naumann -- Naumann IT Security Consulting Samariterstr. 16 10247 Berlin Germany

XSS in Horde IMP <=4.3.7, fetchmailprefs.php

man/listinfo/announce Credits for this discovery: Moritz Naumann Naumann IT Security Consulting, Berlin, Germany http://moritz-naumann.com Thanks for reading, Moritz -- Naumann IT Security Consulting Samariterstr. 16 10247 Berlin Germany Web http://moritz-naumann.com GPG http://mo

XSS in Horde Application Framework <=3.3.8, icon_browser.php

take place) I have delayed publication - admittedly too much. Credits for this discovery: Moritz Naumann Naumann IT Security Consulting, Berlin, Germany http://moritz-naumann.com Moritz

Silverstripe <= v2.3.4: two XSS vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Silverstripe CMS, , version 2.3.4 and lower (and its unreleased 2.4 branch), is vulnerable to two Cross Site Scripting issues. 1. The comment posting mechanism of Silverstripe ('PostCommentForm') fails to properly sanitize

Cacti 0.8.7e: Multiple security issues

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Cacti 0.8.7e and earlier versions are affected by multiple security issues. Issues 1-4 are cross site scripting issues, issue 5 is a priviledge escalation issue. 1. XSS 1 A HTTP GET request against the following URL will, on a web browser with J

Executing arbitrary PHP code on OpenX <= 2.8.1

eleased in October to fix this issue and can be downloaded from http://www.openx.org/ad-server/download Moritz Naumann Naumann IT Security Consulting Berlin, Germany http://www.moritz-naumann.com/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) iEYEAR

PHP APC vulnerable to local attacks

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 PHP APC is an opcode cache for PHP, or, as the developers say: "APC is a free, open, and robust framework for caching and optimizing PHP intermediate code." http://pecl.php.net/package/APC While at least some of its developers do not consider this

Tikiwiki 1.9.8 exploit ITW

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi, there's a tikiwiki (tikiwiki.org) remote code execution exploit in the wild, targetting v.1.9.8 and earlier. This vulnerability is being exploited by multiple hosts (likely a botnet) using multiple payload websites since at least Tue 08:00 PM UT

Update: ViewCVS and ViewVC 'checkout view' content type fixation issue

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi! Moritz Naumann wrote: > This does not impact how much the rest of my report applies. My > findings are now being discussed on the ViewVC developers mailing list > [1]. They apparently also impact ViewVC. Whether and to which degree &g

Horde IMP Webmail Client version H3 (4.1.4) fixes multiple XSS issues

earch function which have been fixed at the same time. Example: [Base_HREF]/horde/imp/search.php?edit_query=%22%3E%3Cscript%3Ealert%28'XSS'%29%3C/script%3E%3Cx=%22 Credit for discovering both issues and providing a patch for the first one goes to Immerda Project Group http://www.imm

Horde 3.1.4 (RC1) fixes XSS issue

nnouncement can be found at: http://lists.horde.org/archives/announce/2007/000315.html General information on this application is available at http://www.horde.org/ Moritz Naumann http://moritz-naumann.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFF+KZ5n6GkvSd/BgwRAvSwA

Re: [Full-disclosure] ViewCVS 0.9.4 issues

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Moritz Naumann wrote: > This was previously considered a HTTP response splitting vulnerability > by Jose Antonio Coret (Joxean Koret) > http://lists.grok.org.uk/pipermail/full-disclosure/2005-January/030514.html > (BID 12112, couldn&

ViewCVS 0.9.4 issues

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi! * Short version for the busy ones: o Security issue on ViewCVS 0.9.4 o Not really exploitable unless malicious users have CVS write access AND victim visits pre-craft

IE7 status: 8 days after release, 3 unfixed issues

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 It's difficult to believe, well, no, actually it's not. CVE-2005-3312, which is based on information released as early as September 2005, is still unfixed in Internet Explorer 7 (and any IE6). POC: http://moritz-naumann.com/tests/xss2.jpg Whoever do

Typo3 v4.x: XSS in extension "Indexed Search" v2.9.0

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 There's a XSS issue in the 'Indexed search' extension 2.9.0 for Typo3. This extension is part of a default Typo3 4.0.x installlation. Typo3 4.0.2 fixes it. http://typo3.org/teams/security/security-bulletins/typo3-20060911-1/ Credits go to Mr. Ekkeha

Mailman 2.1.8 Multiple Security Issues

PUBLISHED AT http://moritz-naumann.com/adv/0013/mailmanmulti/0013.txt http://moritz-naumann.com/adv/0013/mailmanmulti/0013.txt.sig PUBLISHED BY Moritz Naumann IT Consulting & Services Hamburg, Germany http://moritz-naumann.com/ security AT moritz HYPHON naumann D0T com GPG key:

Public Advisory: Horde 3.1.1, 3.0.10 Multiple Security Issues

, 2006 PUBLISHED AT http://moritz-naumann.com/adv/0011/hordemulti/0011.txt http://moritz-naumann.com/adv/0011/hordemulti/0011.txt.gpg PUBLISHED BY Moritz Naumann IT Consulting & Services Hamburg, Germany http://moritz-naumann.com/ SECURITY at MORITZ hyphon NAUMANN d0t COM GPG

Re: VHCS 2.x HTTP Error Cross Site Scripting

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Moritz Naumann schrieb: > SOLUTIONS > Moritz Naumann IT Consulting & Services has crafted a > unified diff patch against VHCS 2.4.6.2 which is available at > http://moritz-naumann.com/adv/0006/vhcsxss/patch/index.php.diff The pat

OTRS 1.x/2.x Multiple Security Issues

://moritz-naumann.com/adv/0007/otrsmulti/0007.txt http://moritz-naumann.com/adv/0007/otrsmulti/0007.txt.sig PUBLISHED BY Moritz Naumann IT Consulting & Services Hamburg, Germany http://moritz-naumann.com/ SECURITY at MORITZ hyphon NAUMANN d0t COM GPG key: http://moritz-naumann.com/

VHCS 2.x HTTP Error Cross Site Scripting

://moritz-naumann.com/adv/0006/vhcsxss/0006.txt http://moritz-naumann.com/adv/0006/vhcsxss/0006.txt.sig PUBLISHED BY Moritz Naumann IT Consulting & Services Hamburg, Germany http://moritz-naumann.com/ SECURITY at MORITZ hyphon NAUMANN d0t COM GPG key: http://moritz-naumann.com/

PmWiki 2.0.12 Cross Site Scripting

://moritz-naumann.com/adv/0005/pmwiki/0005.txt http://moritz-naumann.com/adv/0005/pmwiki/0005.txt.sig PUBLISHED BY Moritz Naumann IT Consulting & Services Hamburg, Germany http://moritz-naumann.com/ SECURITY at MORITZ hyphon NAUMANN d0t COM GPG key: http://moritz-naumann.com/

Antville 1.1 Cross Site Scripting

://moritz-naumann.com/adv/0004/antvxss/0004.txt http://moritz-naumann.com/adv/0004/antvxss/0004.txt.sig PUBLISHED BY Moritz Naumann IT Consulting & Services Hamburg, Germany http://moritz-naumann.com/ info AT moritz HYPHON naumann D0T com GPG key: http://moritz-naumann.com/

Multiple security issues in TikiWiki 1.9.x

://moritz-naumann.com/adv/0003/tikiw/0003.txt http://moritz-naumann.com/adv/0003/tikiw/0003.txt.sig PUBLISHED BY Moritz Naumann IT Consulting & Services Hamburg, Germany http://moritz-naumann.com/ info AT moritz HYPHON naumann D0T com GPG key: http://moritz-naumann.com/keys/0x277F060C