2006 Mayo

Archivo de Mayo de 2006

D-Link DSA-3100 XSS

27 de Mayo de 2006 |

Autor: admin

Version:	Tested on D-Link DSA-3100
Discovered by:	Discovered by: jaime.blasco(at)eazel(dot).es http://www.eazel.es
Description:	D-Link DSA-3100 Airspot Gateway is vulnerable to a security vulnerability that allow Cross-Site Scripting attacks. Due to improper filtering, a remote attacker can cause a cross site scripting in this script: http://accespoint/login_error.shtml?uname=%3CBODY%20ONLOAD=alert(‘www.eazel.es’)%3E keywords: advisory003-D-Link-DSA-3100-Cross-Site-Scripting.php

Version:

Tested on D-Link DSA-3100

Discovered by:

Discovered by: jaime.blasco(at)eazel(dot).es
http://www.eazel.es

Description:

D-Link DSA-3100 Airspot Gateway is vulnerable to a security vulnerability that allow Cross-Site Scripting attacks.
Due to improper filtering, a remote attacker can cause a cross site scripting in this script:

http://accespoint/login_error.shtml?uname=%3CBODY%20ONLOAD=alert(‘www.eazel.es’)%3E

keywords: advisory003-D-Link-DSA-3100-Cross-Site-Scripting.php

Publicado en Security Advisories |

Etiquetas: d-link, dsa, xss |

No hay comentarios »

OpenCms 6.0.X Xml Content Demo search engine xss

22 de Mayo de 2006 |

Autor: admin

Version:	Tested on: - 6.0.0 - 6.0.2 - 6.0.3
Discovered by:	Discovered by: jaime.blasco(at)eazel(dot).es http://www.eazel.es
Description:	Input passed to the search query in the Xml Content Demo search engine isn’t properly sanitised. This can be exploited to conduct cross-site scripting attacks. Example: http://host/opencms/opencms /system/modules/org.opencms .frontend.templateone/pages /search.html?action=search &query=%22%3E%3Cscript%3Ealert %28′www.eazel.es’%29%3C %2Fscript%3E%3C!-&index=Online +project+%28VFS%29&page=1&uri= %2Fxmlcontentdemo%2Fside _element_demo.html&__locale=en &query2=%3Cscript%3Ealert%28a %29%3C%2Fscript%3E Keywords: advisory002-OpenCms-Xml-Content-Demo-search-engine-Cross-site-scripting.php

Version:

Tested on:
- 6.0.0
- 6.0.2
- 6.0.3

Discovered by:

Discovered by: jaime.blasco(at)eazel(dot).es
http://www.eazel.es

Description:

Input passed to the search query in the Xml Content Demo search engine isn’t properly sanitised. This can be exploited to conduct cross-site scripting attacks.
Example:

http://host/opencms/opencms /system/modules/org.opencms .frontend.templateone/pages /search.html?action=search &query=%22%3E%3Cscript%3Ealert %28′www.eazel.es’%29%3C %2Fscript%3E%3C!-&index=Online +project+%28VFS%29&page=1&uri= %2Fxmlcontentdemo%2Fside _element_demo.html&__locale=en &query2=%3Cscript%3Ealert%28a %29%3C%2Fscript%3E

Keywords: advisory002-OpenCms-Xml-Content-Demo-search-engine-Cross-site-scripting.php

Publicado en Security Advisories |

Etiquetas: opemcms, xml, xss |

No hay comentarios »

Mobotix IP Network Cameras Multiple XSS

17 de Mayo de 2006 |

Autor: admin

Version:	Mobotix IP Network Cameras Multiple Cross Site Scripting Tested on M1 and M10 - M10-V2.0.5.2 - M1-V1.9.4.7
Discovered by:	Discovered by: jaime.blasco(at)eazel(dot).es http://www.eazel.es
Description:	Mobotix is vulnerable to multiple security vulnerabilites that allow cross site scripting flaws.Due to improper filtering a remote attacker can cause a cross site scripting in these scripts: http://camera/help/help?%3CBODY%20ONLOAD=alert(‘www.eazel.es’)%3E http://camera/control/events.tar?source_ip=%3CBODY%20ONLOAD=alert(‘www.eazel.es’)%3E&download=egal http://camera/control/eventplayer?get_image_info_abspath=%3CBODY%20ONLOAD=alert(‘www.eazel.es’)%3E
Vendor:	MOBOTIX provides new software versions that include a security patch that prevents cross site scripting flaws. MOBOTIX encourages customers to upgrade to at least software version - V2.2.3.18 (for camera models M10/D10) and - V3.0.3.31 (for camera model M22) or higher (if available). The software is available for download from our website www. mobotix .com : http://www. mobotix .com/service s/software_downloads keywords: advisory001

Publicado en Security Advisories |

Etiquetas: mobotix, xss |

No hay comentarios »