to exploit this
vulnerability. Here's looking at you CMS apps!
CREDIT:
This vulnerability was discovered by Adam Baldwin
mailto:adam_bald...@ngenuity-is.commailto:adam_bald...@ngenuity-is.com
REFERENCES:
[1] - http://www.djangoproject.com
[2] - http://www.djangoproject.com/weblog/2010/dec/22/security
of this query.
Credits
This vulnerability was discovered by Adam Baldwin
Original Advisory:
http://ngenuity-is.com/advisories/2010/aug/24/nagios-xi-usersphp-sql-injection/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure
.
Technical Description
Here is a non-malicious example. The input after login.php is inserted
into the permalink_base variable without being sanitized.
http://example.com/nagiosxi/login.php?%22;alert%281%29;//
Credits
This vulnerability was discovered by Adam Baldwin
Original Advisory
http
Advisory Information
Advisory ID: NGENUITY-2010-006
Date published: Aug. 7, 2010
Class: Cross-Site Request Forgery (CSRF)
Software Description
Nagios XI is the commercial / enterprise version of the open source
Nagios project.
Vulnerability Description
Nagios XI 2009R1.2B
Advisory Information
Advisory ID: NGENUITY-2010-005
Date published: 6/9/2010
Vulnerability Information
Class: Reflected Cross-Site Scripting (XSS)
Software Description
McAfee UTM Firewall (Firmware 3.0.0 to 4.0.6) (formerly SnapGear) is the
affected product line. More
On 1/16/10 8:13 AM, A. Ramos wrote:
Hello all,
Just another one: you can access to the configuration backup without
authentication at: /config.xml.sav
If you have the Sprint MiFi with the latest firmware rev (AP 11.47.17
Router 018.0101) The correct path is
/config.xml.savefile
-Adam
nGenuity Information Services - Security Advisory
Advisory ID: NGENUITY-2010-002 - Zenoss Multiple Admin CSRF
Application: Zenoss 2.3.3
Vendor: Zenoss
Vendor website: http://www.zenoss.com
Author: Adam Baldwin (adam_bald...@ngenuity-is.com)
I. BACKGROUND
Zenoss
nGenuity Information Services -- Security Advisory
Advisory ID: NGENUITY-2010-001 - Zenoss getJSONEventsInfo SQL Injection
Application: Zenoss 2.3.3
Vendor: Zenoss
Vendor website: http://www.zenoss.com
Author: Adam Baldwin (adam_bald...@ngenuity-is.com)
Authentication: Valid
nGenuity Information Services – Security Advisory
Advisory ID: NGENUITY-2009-008 - Ticket Subject Persistent XSS in
Kayako SupportSuite
Application: SupportSuite v3.50.06
Vendor: Kayako
Vendor website: http://www.kayako.com
Author: Adam Baldwin (adam_bald...@ngenuity-is.com
nGenuity Information Services - Security Advisory
Advisory ID: NGENUITY-2009-009 - Spiceworks Multiple Vulnerabilities
(XSS CSRF)
Application: Spiceworks 3.6.31847
Vendor: Spiceworks
Vendor website: http://www.spiceworks.com
Author: Adam Baldwin (adam_bald...@ngenuity
nGenuity Information Services - Security Advisory
Advisory ID: NGENUITY-2009-006 - Zabbix Multiple Frontend CSRF
Application: Zabbix 1.6.2
Vendor: Zabbix
Vendor website: http://www.zabbix.com
Author: Adam Baldwin (adam_bald...@ngenuity-is.com)
I. BACKGROUND
ZABBIX
://www.transparent-tech.com/
Author: Adam Baldwin (adam_bald...@ngenuity-is.com)
I. BACKGROUND
ExpressionEngine is a flexible, feature-rich content management system
that empowers thousands of individuals, organizations, and companies
around the world to easily manage their website. [1]
II
nGenuity Information Services - Security Advisory
Advisory ID: NGENUITY-2009-005 - OpenCart Order By Blind SQL Injection
Application: OpenCart 1.1.8
Vendor: OpenCart
Vendor website: http://www.opencart.com http://www.chambermaster.com
Author: Adam Baldwin (adam_bald
13 matches
Mail list logo