nticated customer to
view or change other cloud user's rules via Direct Object Reference.
E.g.
https://us.emailsec.trendmicro.com/editRule.imss?ruleid=44281
https://us.emailsec.trendmicro.com/editRule.imss?ruleid=44282
https://us.emailsec.trendmicro.com/editRule.imss?ruleid=44283 etc
Credit:
uot;.
VoilĂ ! The account name is "Admin User"
Effective on university websites which have 1+ million end users.
Credit:
Discovered by Patrick Webster
Disclosure timeline:
29-May-2014 - Discovered during audit, reported to tracker.
11-Jul-2014 - Fix committed MDL-45760.
14-Jul-2014 - Patch r
]/ioneview/admin/main.pl?_username=";>alert(document.cookie)
http://[target]/ioneview/admin/main.pl?_password=";>alert(document.cookie)
http://[target]/scdata/ioneview/cgi/restricted/ioneview.pl?mid=alert(document.cookie)
Credit:
Discovered by Patrick Webster
Disclosure timeline:
17-Sep-2
aid an
attacker.
Credit:
Discovered by Patrick Webster
Disclosure timeline:
05-Jan-2016 - Discovered and reported to vendor.
08-May-2016 - Vendor response. Queued to be fixed.
04-Apr-2017 - Public disclosure.
About OSI Security:
OSI Security is an independent network and computer security
taccess.aspx [cmFields parameter]
Credit:
Discovered by Patrick Webster
Disclosure timeline:
14-Jul-2015 - Discovered during audit.
01-Sep-2015 - Reported to vendor.
04-Apr-2017 - Public disclosure.
About OSI Security:
OSI Security is an independent network and computer security auditing
and consul
33-and-CVE-2016-10045-vulnerabilities
Credit:
Discovered by Patrick Webster
Disclosure timeline:
01-Feb-2017 - Discovered during audit. Reported to vendor. Vendor
reports working on patch.
04-Apr-2017 - Public disclosure.
About OSI Security:
OSI Security is an independent network and compute
https://www.silverstripe.org/download/security-releases/ss-2015-001/
Credit:
Discovered by Patrick Webster
Disclosure timeline:
07-Nov-2015 - Discovered during audit and reported to developer.
Developer response.
05-Feb-2016 - Follow up. Patch released
https://github.com/silverstripe/silverstripe
interacting with the HTML content.
2) There is a SQL injection in the user edit form e.g
https://[target]/admin/users/edit.php?id=1
(which is accessible as an "administrator" - exploit unauthenticated
as per above).
Credit:
Discovered by Patrick Webster
Disclosure timeline:
03-Mar-2015 -
ontent-Length: 18991
http://java.sun.com/xml/ns/javaee";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd";
version="3.0">
Layer7 Secure Span Gateway
;alert(document.cookie)
http://[target]/www/html/X-login.asp?intPassedLocationID=";>alert(document.cookie)
Credit:
Discovered by Patrick Webster
Disclosure timeline:
27-Nov-2008 - Discovered during audit. Reported to vendor.
28-Nov-2008 - Vendor response. Unknown if fixed.
04-Apr-2017 - Pub
Filter.doFilter(XFrameFilter.java:38)
Credit:
Discovered by Patrick Webster
Disclosure timeline:
11-Oct-2014 - Discovered during audit.
14-Oct-2014 - Reported to vendor.
18-Feb-2015 - Vendor released patch.
04-Apr-2017 - Public disclosure.
About OSI Security:
OSI Security is an independent netwo
ntire LDAP directory.
Other normal (or syntax invalid LDAP) requests are answered within
seconds.
Credit:
Discovered by Patrick Webster
Disclosure timeline:
20-Aug-2013 - Discovered during audit.
23-Aug-2013 - Reported to vendor.
26-Aug-2013 - Vendor acknowledged report.
09-Sep-2013 - Vendor confirmed.
1
0-Feb-2014 - Vendor patch released.
04-Apr-2017 - Public disclosure.
Credit:
Discovered by Patrick Webster
OSI Security is an independent network and computer security auditing
and consulting company based in Sydney, Australia. We provide internal
and external penetration testing, vulnerability
://www.exploit-db.com/exploits/35588/
Credit:
Discovered by Patrick Webster
Disclosure timeline:
09-Nov-2012 - Exploit released.
04-Apr-2017 - Public advisory.
About OSI Security:
OSI Security is an independent network and computer security auditing
and consulting company based in Sydney, Australia. We
es:
https://[target]/access/accessRoot.asp?page=http://www.osisecurity.com.au/
https://[target]/access/accessRoot.asp?page=javascript:alert(document.cookie);/
References:
http://help.kaseya.com/webhelp/EN/RN/index.asp#30773.htm
Credit:
Vulnerability discovered by Patrick Webster
Disclosure timelin
m=../../../../bin/
Error
mkdir /tmp/netilla-cache/C11N_get_messages/../../../../bin: Permission
denied at /usr/lib/perl5/site_perl/5.8.8/Netilla/CONDA/Cache/Manager.pm
line 43
Back
The portal requires authentication to access "protected" areas but
once you are authenticated, you can HTT
t this time.
Workaround:
N/A.
Credit:
This vulnerability was disclosed by Patrick Webster.
Exploit:
A metasploit module is available here:
http://www.metasploit.com/modules/auxiliary/gather/checkpoint_hostname
Disclosure timeline:
14-Dec-2011 - Discovered during audit.
21-Dec-2011 - Added aux
be used to
inject arbitrary data.
Example:
http://[target]/corporate/webpages/trafficdiscovery/LiveConnectionDetail.jsp?srcip=alert(document.cookie)
Recommendation:
Upgrade to version 10.01.0 Build 0739 or later.
Workaround:
N/A.
Credit:
This vulnerability was discovered by Patrick Webster.
Disclosu
source code to prevent this:
DisplayChart.java line 116:
// Check the file exists
File file = new File(System.getProperty("java.io.tmpdir"), filename);
if (!file.exists()) {
throw new ServletException("File '" + file.getAbsolutePath()
+ "' does not exist&qu
Squiz Matrix - Cross-Site Scripting Vulnerability
http://www.osisecurity.com.au/advisories/squiz-matrix-cross-site-scripting
Release Date:
06-Jun-2011
Software:
Squiz - Matrix
http://www.squiz.net/
"Squiz Matrix delivers highly flexible and robust business integration
engine and application deve
se a WAF / IDS etc.
Credit:
This vulnerability was discovered by Patrick Webster.
Disclosure timeline:
09-Oct-2009 - Discovered during audit.
12-Oct-2009 - Notified vendor. No response.
04-May-2011 - Disclosure.
About OSI Security:
OSI Security is an independent network and computer security audit
respond.
Workaround:
Disable JavaScript, use a WAF / IDS etc.
Credit:
This vulnerability was discovered by Patrick Webster.
Disclosure timeline:
18-Sep-2010 - Discovered during audit.
23-Sep-2010 - Notified vendor. Received automated support ticket.
30-Apr-2011 - Disclosure.
About OS
nsubscribe the user 1 from mailing list 1.
References:
aushack.com advisory
http://www.aushack.com/201006-ignitionsuite.txt
Credit:
Patrick Webster ( patr...@aushack.com )
Disclosure timeline:
16-Jan-2009 - Discovered during audit.
18-Jan-2009 - Notified vendor.
08-Jun-2010 - No response. Disclosure.
EOF
http://www.aushack.com/201006-prtg.txt
Credit:
Patrick Webster ( patr...@aushack.com )
Disclosure timeline:
05-Jan-2009 - Discovered during audit.
06-Jan-2009 - Notified vendor.
08-Jan-2009 - Vendor releases update 6.2.1.963/964.
08-Jun-2010 - Disclosure.
EOF
I agree. Discovering the local path may be considered a risk, but in
most cases the risk is nil.
Consider compiled binaries. They also leak paths of the developer's
compile environment (mainly PDB -
http://support.microsoft.com/kb/121366). E.g. My firefox.exe is:
e:\builds\moz2_slave\win32_build\
ou are trying to reach is unavailable at this
time. Please try again later."
References:
aushack.com advisory
http://www.aushack.com/200905-sonicwall.txt
Credit:
Patrick Webster ( patr...@aushack.com )
Disclosure timeline:
12-Jan-2009 - Discovered during audit.
09-Feb-2009 - 1st email se
shack.com/200904-contentkeeper.txt
Credit:
Patrick Webster (patr...@aushack.com)
Disclosure timeline:
10-Apr-2008 - Discovered during audit.
18-Jul-2008 - Vendor notified.
18-Jul-2008 - Vendor response.
25-Feb-2009 - Vendor confirmed patched version.
03-Apr-2009 - Public disclosure.
EOF
s and protect behind
corporate firewalls, SSL-VPN, web application firewall etc.
References:
aushack.com advisory
http://www.aushack.com/200904-q2solutions.txt
Credit:
Patrick Webster ( patr...@aushack.com )
Disclosure timeline:
30-Oct-2008 - Discovered during audit.
05-Nov-2008 - Notified vendo
ND 1=1 <-- main page (true)
XSS in the 'url' parameter of 'login.asp':
Example:
http://[victim]/webadmin/login.asp?url=";>alert(document.cookie)
References:
aushack.com advisory
http://www.aushack.com/200904-asbru.txt
Credit:
Patrick Webster ( patr.
nformation:
By specifying an overly long Globally Uniquie Identifier (GUID),
it is possible to overwrite the stack and SE Handler.
Example:
msiexec.exe /x {}
References:
aushack.com advisory
http://www.aushack.com/200806-msiexec.txt
Credit:
Patrick Webster ( [EMAIL PROTECTED] )
Disclosur
, false, 80, false, true, true, 420)
Additionally, a Metasploit Framework Module has been written to
demonstrate the vulnerability.
References:
aushack.com advisory
http://www.aushack.com/200708-tumbleweed.txt
Credit:
Patrick Webster ( [EMAIL PROTECTED] )
Disclosure timeline:
13-Aug
ontents of the 'boot.ini' file.
Note that 'c:\boot.ini' is also valid. It may be possible
(but untested) to traverse other volumes.
References:
aushack.com advisory
http://www.aushack.com/advisories/200704-webmethods.txt
Credit:
Patrick Webster ( [EMAIL PROTECTED] )
Di
le to break out, but not yet found. Fuzz anyone?
References:
aushack.com advisory
http://www.aushack.com/advisories/200609-googlemini.txt
Credit:
Patrick Webster ( [EMAIL PROTECTED] )
Disclosure timeline:
22-Sep-2006 - Disclosure.
EOF
his does not necessarily mean
that whitelists are used. Future releases may be proxied via:
http://www.mysource-example.com.au/$page?
sq_content_src=aHR0cDovL3d3dy5nb29nbGUuY29tLmF1
References:
aushack.com advisory
http://www.aushack.com/advisories/200607-mysourcematrix.txt
Credit:
Patrick Webster (
et, do not reuse passwords. Future versions may hash the value.
References:
aushack.com advisory
http://www.aushack.com/advisories/200606-contentkeeper.txt
Credit:
Patrick Webster ([EMAIL PROTECTED])
Disclosure timeline:
15-Mar-2006 - Discovered during quick audit - common design flaw.
08-Jun-2006 - Sen
m/public/eTrust/eTrust_scc/downloads/eTrustscc_updates.asp
3) No solution - use perimeter based firewalls.
References:
aushack.com advisory
http://www.aushack.com/advisories/200608-computerassociates.txt
Credit:
Patrick Webster ( [EMAIL PROTECTED] )
Thanks to the CA Security team for their quick respo
il is talking about the W32.Magistr.24876@mm virus.
By the way, I scanned it (a copy of the self-replacating virus was sent to
our mail server) with a 2 week old NAV signature, so you might want to
actually update yours.
Patrick Webster, IT Security Engineer
SafeComs.com
...the Safety in your .com
37 matches
Mail list logo