Vulnerabilities digest Aug 21 2007 07:36PM
3APA3A (3APA3A SECURITY NNOV RU) (1 replies)
Dear bugtraq (at) securityfocus (dot) com [email concealed],

there is a number of vulnerabilities unpublished in English yet

1. Dmitry Zubov reports Planet VC-200M VDSL2 router administration
interface DoS vulnerability.

HTTP request with missed Host: header prevents administration
interface access until reboot. Vendor was reportedly contacted, but
failed to react.

SecurityVulns issue: http://securityvulns.com/news/Planet/VC-200M/DoS.html
Original message (in Russian): http://securityvulns.ru/Rdocument847.html

2. MustLive reports low-risk (requires social engineering), yet
interesting example of crossite scripting in Internet Explorer. Local
zone scripting is possible on accessing saved page with original URL
in the form of

http://site/-->[script]alert("XSS")[/script]

Internet Explorer 6.0 was tested.

SecurityVulns Issue: http://securityvulns.com/news/Microsoft/IE/saved-css.html
Additional Information (in Ukranian): http://websecurity.com.ua/1241/
Original message (in Russian): http://securityvulns.ru/Rdocument865.html

3. MustLive reports crossite scripting vulnerability in Search Engine
Builder.

Request
http://site/search/search.html?searWords=%3Cscript%3Ealert(document.cook
ie)%3C/script%3E

leads to crossite scripting.

Additional information (in Ukranian): http://websecurity.com.ua/1159/
Original message (in Russian): http://securityvulns.ru/Rdocument843.html

4. MustLive reports vulnerability in Sirius 1.0, Blix 0.9.1 and Blix
0.9.1 Rus, Pool 1.0.7 themes for WordPress and also WordPress Classic
1.5 theme, last one is already fixed in WordPress 2.1.3.

Insuficcient filtering of PHP_SELF variable leads to crossite
scripting with request like
http://site/index.php/%22%3E%3Cscript%3Ealert(document.cookie)%3C/script
%3E

Additional information (in Ukranian):
http://websecurity.com.ua/1252/
http://websecurity.com.ua/1248/
http://websecurity.com.ua/1238/
http://websecurity.com.ua/1234/
Original messages (in Russian):
http://securityvulns.ru/Rdocument839.html
http://securityvulns.ru/Rdocument825.html
http://securityvulns.ru/Rdocument771.html
http://securityvulns.ru/Rdocument751.html

5. MustLive reports crossite scripting in coWiki

with request
http://site/?cmd=srchdoc&q=%22%3E%3Cscript%3Ealert(document.cookie)%3C/s
cript%3E

Additional information: http://websecurity.com.ua/1131/
Original message: http://securityvulns.ru/Rdocument692.html

6. Ivan Niiiil (http://uNkn0wn.eu) reports vulnerabilities in
Linkliste 1.2, Butterfly online vistors counter 1.08, mcLinksCounter
1.2, My_REFERER 1.08.

Original messages in English are available from
http://securityvulns.com/source26994.html

7. Okan Alp (http://www.expw0rm.com) reports vulnerabilities in
different Web applications.

Original messages in English are available from
http://securityvulns.com/source13951.html

--
http://securityvulns.com/
/\_/ { , . } |+--oQQo->{ ^ }<-----+ | ZARAZA U 3APA3A } You know my name - look up my number (The Beatles)
+-------------o66o--+ /
|/

[ reply ]
Re: Vulnerabilities digest Aug 22 2007 10:16PM
Steven M. Christey (coley linus mitre org)


 

Privacy Statement
Copyright 2010, SecurityFocus