drupal: Session hijacking vulnerability, CVE-2008-3661
References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3661
http://int21.de/cve/CVE-2008-3661-drupal.html
http://enablesecurity.com/2008/08/11/surf-jack-https-will-not-save-you/
_ _
/ _ \ /\ /\ / _ \ / _ \
| | | | \ \/ / ||_| | | | | |
| | | | \ / \_ | | | | |
| |_| | / \ __\ | | |_| |
\_/ / /\ \ |/ \_/
\/ \/
[~] MapCal - The Mapping Calendar (v. 0.1) Remote
There is a security issue in the blue coat.
The problem lies in the Web Filter, which lets you execute an XSS.
This only affects the Internet Explorer browser.
as a result, could jump the antivirus scan or make spoofing.
POC
http://www.example.com/file.exe?script(1)/script
Juan
Exploit creation The random approach or Playing with random to build
exploits
Sunday, September 21, 2008
By Nelson Brito [EMAIL PROTECTED]
-[ Introduction
It is just a matter of time to get things worse on the Internet. We saw
worms getting more and more sophisticated in last decade, and,
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200809-10
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200809-11
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - -
[MajorSecurity Advisory #53]BLUEPAGE CMS - Cross Site Scripting and Session
Fixation Issues
Details
===
Product: BLUEPAGE CMS
Security-Risk: moderated
Remote-Exploit: yes
Vendor-URL: http://www.bluepage-cms.com/
Vendor-Status: informed
Advisory-Status: published
Credits
[MajorSecurity Advisory #54]xt:Commerce - Cross Site Scripting and Session
Fixation Issues
Details
===
Product: xt:Commerce
Security-Risk: moderated
Remote-Exploit: yes
Vendor-URL: http://www.xtcommerce-shop.com/
Vendor-Status: informed
Advisory-Status: published
Credits
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01556916
Version: 1
HPSBUX02370 SSRT071459 rev.1 - HP-UX Running rpcbind, Remote Denial of Service
(DoS)
NOTICE: The information in this Security Bulletin should be acted upon as soon
as
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-
Debian Security Advisory DSA-1619-2 [EMAIL PROTECTED]
http://www.debian.org/security/ Devin Carraway
September 22, 2008
Cross Site Scripting (XSS) Vulnerabilitiy in fuzzylime (cms) =3.02,
CVE-2008-3098
References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3098
http://cms.fuzzylime.co.uk
http://www.datensalat.eu/~fabian/cve/CVE-2008-3098-fuzzylime-cms.html
Description
Fuzzylime (cms) is a way to
It's not the PHPSESSID parameter - instead it's the XTCsid parameter which
is vulnerable to a session fixation attack.
Workaround:
Update to xt:Commerce 3.0.4 SP 2.1
12 matches
Mail list logo