Bugtraq (bugtraq) Mailing List

Re: Cross-Site Scripting vulnerabilities in Mozilla, Internet Explorer, Opera and Chrome

Fri, 3 Jul 2009 10:07:20 -0700

Posted by Michal Zalewski on Jul 3

> refresh: 0; URL=javascript:alert(document.cookie)
> The code will work in context of this site.

...which happens to be covered here for half a year or so:
http://code.google.com/p/browsersec/wiki/Part2#Redirection_restrictions

I can't see how this could be a vulnerability per se,...

Cross-Site Scripting vulnerabilities in Mozilla, Internet Explorer, Opera and Chrome

Fri, 3 Jul 2009 01:21:57 +0300

Posted by MustLive on Jul 3

Hello SecurityFocus!

I want to warn you about Cross-Site Scripting vulnerabilities in Mozilla,
Internet Explorer, Opera and Chrome. I wrote about it at my site this Monday
(29.06.2009) and also informed corresponding browsers developers about this
vulnerability.

At 21.04.2009 there was fixed...

[oCERT-2009-007] FCKeditor input sanitization errors

Fri, 3 Jul 2009 16:45:21 +0100

Posted by Andrea Barisani on Jul 3

#2009-007 FCKeditor input sanitization errors

Description:

FCKeditor, a web based open source HTML text editor, suffers from a remote
file upload vulnerability.

The input of several connector modules is not properly verified before being
used, this leads to exposure of the contents of...

[SECURITY] [DSA 1825-1] New nagios2nagios3 packages fix arbitrary code execution

Fri, 3 Jul 2009 17:46:14 +0200

Posted by Nico Golde on Jul 3

--------------------------------------------------------------------------
Debian Security Advisory DSA-1825-1 security_at_debian.org
http://www.debian.org/security/ Nico Golde
July 3rd, 2009 ...

One Click Ownage [White Paper and Scripts]

Fri, 3 Jul 2009 11:50:17 +0100

Posted by Ferruh Mavituna on Jul 3

This is a different and more practical approach to get a reverse shell
or code execution in SQL Injections (particularly in MSSQL). The idea
is simple. Getting a reverse shell from an SQL Injection with one HTTP
request without using an extra channel such as TFTP, FTP to upload the
initial...

Multiple Flaws in Axesstel MV 410R

Thu, 2 Jul 2009 14:49:08 -0600

Posted by filip.palian_at_pjwstk.edu.pl on Jul 2

('binary' encoding is not supported, stored as-is) Multiple Flaws in Axesstel MV 410R

by Filip Palian <filip (dot) palian (at) pjwstk (dot) edu (dot) pl

Description:
Axesstel MV 410R is a device offered by the two leading polish telecom
operators Orange and Polish Telecom to provide...

[ GLSA 200907-02 ] ModSecurity: Denial of Service

Thu, 02 Jul 2009 21:38:32 +0200

Posted by Alex Legler on Jul 02

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200907-02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
...

[ GLSA 200907-01 ] libwmf: User-assisted execution of arbitrary code

Thu, 02 Jul 2009 21:36:57 +0200

Posted by Alex Legler on Jul 02

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200907-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
...

[USN-795-1] Nagios vulnerability

Thu, 02 Jul 2009 14:29:06 -0400

Posted by Marc Deslauriers on Jul 02

===========================================================
Ubuntu Security Notice USN-795-1 July 02, 2009
nagios2, nagios3 vulnerability
CVE-2009-2288
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu...

[USN-794-1] Perl vulnerability

Thu, 02 Jul 2009 14:27:30 -0400

Posted by Marc Deslauriers on Jul 02

===========================================================
Ubuntu Security Notice USN-794-1 July 02, 2009
libcompress-raw-zlib-perl, perl vulnerability
CVE-2009-1391
===========================================================

A security issue affects the following Ubuntu...

[ISecAuditors Security Advisories] Joomla! lt 1.5.12 Multiple XSS vulnerabilities in HTTP Headers

Thu, 02 Jul 2009 17:13:50 +0200

Posted by ISecAuditors Security Advisories on Jul 02

=============================================
INTERNET SECURITY AUDITORS ALERT 2009-007
- Original release date: June 30th, 2009
- Last revised: July 2nd, 2009
- Discovered by: Juan Galiana Lara
- Severity: 6.8/10 (CVSS Base Score)
=============================================

I....

[oCERT-2009-009] CamlImages integer overflows

Thu, 2 Jul 2009 14:01:24 +0100

Posted by Andrea Barisani on Jul 2

#2009-009 CamlImages integer overflows

Description:

CamlImages, an open source image processing library, suffers from several
integer overflows which may lead to a potentially exploitable heap overflow and
result in arbitrary code execution.

The vulnerability is triggered by PNG image...

eAccelerator encoder files backup Vulnerability

2 Jul 2009 03:19:03 -0000

Posted by linuxrootkit2008_at_gmail.com on Jul 2

('binary' encoding is not supported, stored as-is) eAccelerator encoder files backup Vulnerability

1.Description
eAccelerator is a free open-source PHP accelerator, optimizer, and dynamic content cache. It increases the performance of PHP scripts by caching them in their compiled state, so that...

Sourcefire 3D Sensor and DC, privilege escalation vulnerability

Wed, 1 Jul 2009 14:44:41 -0600

Posted by c3rb3r_at_videotron.ca on Jul 1

('binary' encoding is not supported, stored as-is) Affected product
----------------

Sourcefire 3D Sensor and Defense Center 4.8.x

Tested on 4.8.0.3 and 4.8.0.4, 3D Sensor 2500 & DC 1000
All 4.8.x releases, up to and including 4.8.1, confirmed vulnerable by sourcefire.

...

[security bulletin] HPSBUX02431 SSRT090085 rev.1 - HP-UX Running Apache Web Server Suite, Remote Denial of Service (DoS), Execution of Arbitrary Code

Wed, 01 Jul 2009 10:59:01 -0700

Posted by security-alert_at_hp.com on Jul 01

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c01756421
Version: 1

HPSBUX02431 SSRT090085 rev.1 - HP-UX Running Apache Web Server Suite, Remote Denial of Service (DoS), Execution of Arbitrary Code

NOTICE: The information in this Security Bulletin should be acted upon as soon as...