Archivo de la categoría ‘Security Advisories’
Mono XSP ASP.NET Server sourcecode disclosure vulnerability
19 de Diciembre de 2006 | 
Autor: | Version: | Tested on mono 1.2.1 Version: XSP for ASP.NET 1.1 and 2.0 (This is a regression as this issue didn’t exists in Mono 1.0) |
|---|---|
| Discovered by: | José Ramón Palanco: jose.palanco(at)eazel(dot)es |
| Time Line: |
|
| Description: | Attackers use source code disclosure attacks to try to obtain the source code of server-side applications. The basic role of Web servers is to serve files as requested by clients. Files can be static, such as image and HTML files, or dynamic, such as ASPX, ASHX, ASCX, ASAX, webservices like ASMX files and any language supported by Mono like: C#, boo, nemerle, vb files: .cs, .boo, vb, .n, … When the browser requests a dynamic file, the Web server first executes the file and then returns the result to the browser. Hence, dynamic files are actually code executed on the Web server.
Using a source code disclosure attack, an attacker can retrieve the source code of server-side file. Obtaining the source code of server-side files grants the attacker deeper knowledge of the logic behind the Web application, how the application handles requests and their parameters, the structure of the database, vulnerabilities in the code and source code comments. Having the source code, and possibly a duplicate application to test on, helps the attacker to prepare an attack on the application. An attacker can cause source code disclosure using adding %20 (space char) after the uri, for example http://www.server.com/app/Default.aspx%20 Update: is also possible retrieve Web.Config file. This file contains sensible informatin like credentials. |
Publicado en 
Etiquetas: 
GForge Cross Site Scripting vulnerability
| Version: | Tested on GForge 4.5.11 |
|---|---|
| Discovered by: | José Ramón Palanco: jose.palanco(at)eazel(dot)es |
| Description: | GForge is vulnerable to a security vulnerability that allow Cross-Site Scripting attacks. Due to improper filtering, a remote attacker can cause a cross site scripting.
To exploit any attacker may send via GET method the “words” variable to: keywords: advisory006-gforge-cross-site-scripting-vulnerability.html |
D-Link DSL-G624T several vulnerabilities
| Version: | Tested on D-Link DSL-G624T Version: Firmware Version : V3.00B01T01.YA-C.20060616 |
|---|---|
| Discovered by: | José Ramón Palanco: jose.palanco(at)eazel(dot).es |
| Description: | D-Link DSL-G624T ADSL Router is vulnerable to several securities.
Directory transversalhttp://router/cgi-bin/webcm?getpage=/./././././././etc/passwd http://router/cgi-bin/webcm?getpage=/./././././././etc/config.xml Cross Site ScriptingUrl:: http://router/cgi-bin/webcm Url:: http://router/cgi-bin/webcm Url:: http://router/cgi-bin/webcm Directory listingIs possible to list the /cgi-bin directory keywords: advisory005-D-Link-DSL-G624T-directoy-transversal-xss-cross-site-scripting-directory-listing-vulnerabilities.html |
Zyxel Prestige 660H-61 Cross Site Scripting
| Version: | Tested on Zyxel Prestige 660H-61 ZyNOS F/W Version: V3.40(PT.0)b32 | 1/28/2005 Standard:NORMAL |
|---|---|
| Discovered by: | José Ramón Palanco: jose.palanco(at)eazel(dot).es |
| Description: | Zyxel Prestige 660H-61 ADSL Router is vulnerable to a security vulnerability that allow Cross-Site Scripting attacks. Due to improper filtering, a remote attacker can cause a cross site scripting in this script: http://router/Forms/rpSysAdmin?a=%3Cscript%3Ealert(‘www.eazel.es’)%3C/script%3E keywords: advisory004-Zyxel-Prestige-660H-61-Cross-Site-Scripting.php |
Siemens SpeedStream 2624 Denial of Service Vulnerability
CVE Reference: CVE-2006-3907 (Links to External Site)
Updated: Jun 13 2008
Original Entry Date: Jul 26 2006
Impact: Denial of service via network
Version(s): Model 2624; possibly others
Description: A vulnerability was reported in SpeedStream. A remote user can cause denial of service conditions.
A remote user can send a specially crafted packet to the administrative web server to cause the target router to freeze. A reboot is necessary to return to normal operations.
The vendor was notified on May 4, 2006.
Jaime Blasco discovered this vulnerability.
The original advisory is available at:
http://www.digitalarmaments.com/2006310665340982.html
Impact: A remote user can cause the target device to freeze.
Solution: No solution was available at the time of this entry.
Vendor URL: www.siemens.com/ (Links to External Site)
Cause: Exception handling error
Reported By: info@digitalarmaments.com
Message History: None.
Flexwatch Authorization Bypassing and XSS Vulnerability
Description:
Multiple FlexWATCH Network Cameras are vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the built-in Web server. A remote attacker could exploit this vulnerability using unspecified scripts and parameters to execute arbitrary script in a victim’s Web browser within the security context of the affected device, allowing the attacker to steal the victim’s cookie-based authentication credentials.
*CVSS:
| Base Score: | 3.7 |
| Access Vector: | Remote |
| Access Complexity: | High |
| Authentication: | Not Required |
| Confidentiality Impact: | Partial |
| Integrity Impact: | Partial |
| Availability Impact: | None |
| Temporal Score: | 2.7 |
| Exploitability: | Unproven |
| Remediation Level: | Official-Fix |
| Report Confidence: | Confirmed |
Consequences:
Gain Access
Remedy:
Refer to the FlexWATCH Web site for patch information. See References.
References:
- BugTraq Mailing List, Mon Jul 10 2006 – 04:38:31 CDT : Digital Armaments Security Advisory 10.07.2006: Flexwath Authorization Bypassing and XSS Vulnerability.
- FlexWATCH Web site: FlexWATCH – Network Camera Server.
- BID-18936: FlexWATCH Network Camera Cross-Site Scripting Vulnerability
- CVE-2006-3603: Cross-site scripting (XSS) vulnerability in index.php in FlexWATCH Network Camera 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the URL.
- SA20994: FlexWATCH Network Camera FW-3400 Two Vulnerabilities
Leer el resto de esta entrada »
Siemens Speedstream 2624 Password Protection Bypass
CVE Reference: CVE-2006-3344 (Links to External Site)
Updated: Aug 12 2008
Original Entry Date: Jun 29 2006
Impact: User access via network
Exploit Included: Yes
Version(s): Tested on Model 2624
Description: A vulnerability was reported in the SpeedStream wireless router. A remote user can access restricted files.
A remote user can access protected files without having to login to the system by using the UPnP support interface.
The vendor was notified on May 2, 2006, without response.
Jaime Blasco discovered this vulnerability.
The original advisory is available at:
http://www.digitalarmaments.com/2006290674551938.html
Impact: A remote user can access ostensibly protected files on the target device.
Solution: No solution was available at the time of this entry.
Vendor URL: www.siemens.com/ (Links to External Site)
Cause: Access control error
Reported By: info@digitalarmaments.com
Message History: None.
D-Link DSA-3100 XSS
| Version: | Tested on D-Link DSA-3100 |
|---|---|
| Discovered by: | Discovered by: jaime.blasco(at)eazel(dot).es http://www.eazel.es |
| Description: | D-Link DSA-3100 Airspot Gateway is vulnerable to a security vulnerability that allow Cross-Site Scripting attacks. Due to improper filtering, a remote attacker can cause a cross site scripting in this script: http://accespoint/login_error.shtml?uname=%3CBODY%20ONLOAD=alert(‘www.eazel.es’)%3E keywords: advisory003-D-Link-DSA-3100-Cross-Site-Scripting.php |
OpenCms 6.0.X Xml Content Demo search engine xss
| Version: | Tested on: - 6.0.0 - 6.0.2 - 6.0.3 |
|---|---|
| Discovered by: | Discovered by: jaime.blasco(at)eazel(dot).es http://www.eazel.es |
| Description: | Input passed to the search query in the Xml Content Demo search engine isn’t properly sanitised. This can be exploited to conduct cross-site scripting attacks. Example: http://host/opencms/opencms /system/modules/org.opencms .frontend.templateone/pages /search.html?action=search &query=%22%3E%3Cscript%3Ealert %28′www.eazel.es’%29%3C %2Fscript%3E%3C!-&index=Online +project+%28VFS%29&page=1&uri= %2Fxmlcontentdemo%2Fside _element_demo.html&__locale=en &query2=%3Cscript%3Ealert%28a %29%3C%2Fscript%3E Keywords: advisory002-OpenCms-Xml-Content-Demo-search-engine-Cross-site-scripting.php |
Mobotix IP Network Cameras Multiple XSS
| Version: | Mobotix IP Network Cameras Multiple Cross Site Scripting Tested on M1 and M10 - M10-V2.0.5.2 - M1-V1.9.4.7 |
|---|---|
| Discovered by: | Discovered by: jaime.blasco(at)eazel(dot).es http://www.eazel.es |
| Description: | Mobotix is vulnerable to multiple security vulnerabilites that allow cross site scripting flaws.Due to improper filtering a remote attacker can cause a cross site scripting in these scripts:
http://camera/help/help?%3CBODY%20ONLOAD=alert(‘www.eazel.es’)%3E http://camera/control/events.tar?source_ip=%3CBODY%20ONLOAD=alert(‘www.eazel.es’)%3E&download=egal http://camera/control/eventplayer?get_image_info_abspath=%3CBODY%20ONLOAD=alert(‘www.eazel.es’)%3E |
| Vendor: | MOBOTIX provides new software versions that include a security patch that prevents cross site scripting flaws. MOBOTIX encourages customers to upgrade to at least software version keywords: advisory001 |