Ad: Manage updates with the Download App
ie8 fix

Spyware, viruses, & security forum: VULNERABILITIES / FIXES - April 27, 2012

by: Carol~ April 27, 2012 5:10 AM PDT

Like this

0 people like this thread

Staff pick

VULNERABILITIES / FIXES - April 27, 2012

by Carol~ Moderator - 4/27/12 5:10 AM

PHP Volunteer Management Cross-Site Scripting and SQL Injection Vulnerabilities

Release Date : 2012-04-27

Criticality level : Moderately critical
Impact : Cross Site Scripting
Manipulation of data
Where : From remote
Solution Status : Unpatched

Software: PHP Volunteer Management 1.x

Description:
G13 has discovered two vulnerabilities in PHP Volunteer Management, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks.

1) Input passed to the "id" parameter in mods/hours/data/get_hours.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

2) Input passed via the "id" parameter to mods/hours/data/get_hours.php is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

The vulnerabilities are confirmed in version 1.0.2. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
G13

Original Advisory:
http://archives.neohapsis.com/archives/bugtraq/2012-04/0206.html

http://secunia.com/advisories/48988/


Discussion locked
Report offensive post
Email to friend

Joomla! nBill Component "message" Cross-Site Scripting

by Carol~ Moderator - 4/27/12 5:17 AM

In Reply to: VULNERABILITIES / FIXES - April 27, 2012 by Carol~ Moderator

Joomla! nBill Component "message" Cross-Site Scripting Vulnerability

Release Date : 2012-04-27

Criticality level : Less critical
Impact : Cross Site Scripting
Where : From remote
Solution Status : Unpatched

Software: nBill 2.x (component for Joomla)

Description:
A vulnerability has been discovered in the nBill component for Joomla!, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed via the "message" parameter to index.php (when "option" is set to "com_nbill" and "task" is set to "generated-view") is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerability is confirmed in version 2.3.2. Other versions may also be affected.

Solution:
Filter malicious characters and character sequences using a proxy.

Provided and/or discovered by:
Jakub Galczyk.

http://secunia.com/advisories/49004/


Was this reply helpful? (0)   (0)

Staff pick

Discussion locked
Report offensive post
Email to friend

Quest Toad for Data Analysts Insecure Default Directory

by Carol~ Moderator - 4/27/12 5:17 AM

In Reply to: VULNERABILITIES / FIXES - April 27, 2012 by Carol~ Moderator

Quest Toad for Data Analysts Insecure Default Directory Permissions

Release Date : 2012-04-27

Criticality level : Moderately critical
Impact : Privilege escalation
Where : Local system
Solution Status : Unpatched

Software: Quest Toad for Data Analysts 3.x

Description:
Secunia Research has discovered a security issue in Quest Toad for Data Analysts, which can be exploited by malicious, local users to gain escalated privileges.

The problem is that insecure default permissions ("Everyone" group granted "Full Control") are set on the "%CommonProgramFiles%\Quest Shared" directory and some of its child objects. This can be exploited to remove, manipulate, and replace application files.

The security issue is confirmed in version 3.0.1 bundled with Quest Toad Development Suite for Oracle version 11.0R2. Other versions may also be affected.

Solution:
Set proper permissions to prevent unprivileged users from creating or manipulating files in the directory.

Provided and/or discovered by:
Secunia Research

Original Advisory:
Secunia Research:
http://secunia.com/secunia_research/2012-13/

http://secunia.com/advisories/48663/


Was this reply helpful? (0)   (0)

Staff pick

Discussion locked
Report offensive post
Email to friend

HP NonStop Server Java Multiple Vulnerabilities

by Carol~ Moderator - 4/27/12 7:00 AM

In Reply to: VULNERABILITIES / FIXES - April 27, 2012 by Carol~ Moderator

Release Date : 2012-04-27

Criticality level : Highly critical
Impact : Manipulation of data
Exposure of sensitive information
DoS
System access
Where : From remote
Solution Status : Vendor Patch

Operating System: HP NonStop Server 6.x

Description:
HP has acknowledged multiple vulnerabilities in HP NonStop Server, which can be exploited by malicious users to disclose sensitive information and by malicious people to disclose sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system.

Please see the vendor's advisory for a list of affected products.

Solution:
Update to a fixed version (please see the vendor's advisory for more information).

Original Advisory:
HPSBNS02767 SSRT100829:
http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c03289980

http://secunia.com/advisories/48977/


Was this reply helpful? (0)   (0)

Staff pick

Discussion locked
Report offensive post
Email to friend

Ubuntu update for jetty

by Carol~ Moderator - 4/27/12 7:02 AM

In Reply to: VULNERABILITIES / FIXES - April 27, 2012 by Carol~ Moderator

Release Date : 2012-04-27

Criticality level : Less critical
Impact : DoS
Where : From remote
Solution Status : Vendor Patch

Operating System: Ubuntu Linux 10.04
Ubuntu Linux 11.04

Description:
Ubuntu has issued an update for jetty. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).

Solution:
Apply updated packages.

Original Advisory:
USN-1429-1:
http://www.ubuntu.com/usn/usn-1429-1

http://secunia.com/advisories/48981/


Was this reply helpful? (0)   (0)

Staff pick

Discussion locked
Report offensive post
Email to friend

gpEasy CMS "jsoncallback" Cross-Site Scripting Vulnerability

by Carol~ Moderator - 4/27/12 7:02 AM

In Reply to: VULNERABILITIES / FIXES - April 27, 2012 by Carol~ Moderator

Release Date : 2012-04-27

Criticality level : Less critical
Impact : Cross Site Scripting
Where : From remote
Solution Status : Vendor Patch

Software: gpEasy CMS 2.x

Description:
Haunt IT has discovered a vulnerability in gpEasy CMS, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed via the "jsoncallback" parameter to index.php (when "gpreq" is set to "json") is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerability is confirmed in version 2.3.3. Prior versions may also be affected.

Solution:
Update to version 2.4.

Provided and/or discovered by:
Haunt IT

Original Advisory:
http://hauntit.blogspot.com/2012/03/en-gpeasy-233-html-injection-xss.html

http://secunia.com/advisories/48994/


Was this reply helpful? (0)   (0)

Staff pick

Discussion locked
Report offensive post
Email to friend

Debian update for spip

by Carol~ Moderator - 4/27/12 7:02 AM

In Reply to: VULNERABILITIES / FIXES - April 27, 2012 by Carol~ Moderator

Release Date : 2012-04-27

Criticality level : Less critical
Impact : Cross Site Scripting
Where : From remote
Solution Status : Vendor Patch

Operating System: Debian GNU/Linux 6.0

Description:
Debian has issued an update for spip. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks.

Solution:
Apply updated packages via the apt-get package manager.

Original Advisory:
DSA-2461-1:
http://www.debian.org/security/2012/dsa-2461

http://secunia.com/advisories/48975/


Was this reply helpful? (0)   (0)

Staff pick

Discussion locked
Report offensive post
Email to friend

WordPress Zingiri Web Shop Plugin Cross-Site Scripting

by Carol~ Moderator - 4/27/12 7:15 AM

In Reply to: VULNERABILITIES / FIXES - April 27, 2012 by Carol~ Moderator

WordPress Zingiri Web Shop Plugin Cross-Site Scripting and Script Insertion Vulnerabilities

Release Date : 2012-04-27

Criticality level : Moderately critical
Impact : Cross Site Scripting
Where : From remote
Solution Status : Unpatched

Software: WordPress Zingiri Web Shop Plugin 2.x

Description:
Two vulnerabilities have been discovered in the Zingiri Web Shop plugin for WordPress, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct cross-site scripting attacks.

1) Input passed via the "page" parameter to index.php is not properly sanitised before being returned to the user in plugins/zingiri-web-shop/zing.inc.php. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

2) Input passed via the "notes" POST parameter to index.php (when "page" is set to "checkout") is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site if malicious data is viewed.

The vulnerabilities are confirmed in version 2.4.0. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
Mehmet Ince

Original Advisory:
http://www.exploit-db.com/exploits/18787/

http://secunia.com/advisories/48991/


Was this reply helpful? (0)   (0)

Staff pick

Discussion locked
Report offensive post
Email to friend

VMware ESX Server Multiple Vulnerabilities

by Carol~ Moderator - 4/27/12 7:21 AM

In Reply to: VULNERABILITIES / FIXES - April 27, 2012 by Carol~ Moderator

Release Date : 2012-04-27

Criticality level : Highly critical
Impact : Privilege escalation
DoS
System access
Where : From remote
Solution Status : Partial Fix

Operating System: VMware ESX Server 4.x

Description:
VMware has acknowledged some vulnerabilities in VMware ESX Server, which can be exploited by malicious, local users in a guest virtual machine to gain escalated privileges and by malicious people to cause a DoS (Denial of Service) and potentially compromise the vulnerable system.

The vulnerabilities are reported in versions 4.1 and 4.0.

Solution:
Apply patches.

Original Advisory:
VMSA-2012-0008:
http://www.vmware.com/security/advisories/VMSA-2012-0008.html

http://secunia.com/advisories/48959/


Was this reply helpful? (0)   (0)

Staff pick

Discussion locked
Report offensive post
Email to friend

Drupal Ubercart Module Script Insertion and Code Injection

by Carol~ Moderator - 4/27/12 7:29 AM

In Reply to: VULNERABILITIES / FIXES - April 27, 2012 by Carol~ Moderator

Drupal Ubercart Module Script Insertion and Code Injection Vulnerabilities

Release Date : 2012-04-27

Criticality level : Moderately critical
Impact : Cross Site Scripting
System access
Where : From remote
Solution Status : Vendor Patch

Software: Drupal Ubercart Module 6.x
Drupal Ubercart Module 7.x

Description:
Two vulnerabilities have been reported in the Ubercart module for Drupal, which can be exploited by malicious users to conduct script insertion attacks and compromise a vulnerable system.

1) Certain unspecified input related to the product classes is not properly sanitised before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed.

Successful exploitation of this vulnerability requires the "administer product classes" permission.

2) Certain unspecified input passed via the conditional actions functionality is not properly verified before being used and can be exploited to execute arbitrary PHP code.

Successful exploitation of this vulnerability requires the "administer conditional actions" permission.

Note: This vulnerability only affects Ubercart 6.x-2.x.

The vulnerabilities are reported in versions 6.x-2.x prior to 6.x-2.8 and versions 7.x-3.x prior to 7.x-3.1.

Solution:
Update to version 6.x-2.8 or 7.x-3.1.

Provided and/or discovered by:
1) The vendor credits Lee Rowlands
2) Reported by the vendor

Original Advisory:
SA-CONTRIB-2012-064:
http://drupal.org/node/1547674

http://secunia.com/advisories/48935/


Was this reply helpful? (0)   (0)

Staff pick

Discussion locked
Report offensive post
Email to friend

TwonkyServer Directory Traversal Vulnerability

by Carol~ Moderator - 4/27/12 12:26 PM

In Reply to: VULNERABILITIES / FIXES - April 27, 2012 by Carol~ Moderator

Release Date : 2012-04-27

Criticality level : Less critical
Impact : Exposure of sensitive information
Where : From local network
Solution Status : Vendor Patch

Software: TwonkyServer 7.x

Description:
r@b13$ has reported a vulnerability in TwonkyServer, which can be exploited by malicious people to disclose potentially sensitive information.

An input validation error within the web server component can be exploited to disclose arbitrary files via directory traversal attacks.

The vulnerability is reported in versions prior to 7.0.6.

Solution:
Update to version 7.0.6.

Provided and/or discovered by:
r@b13$, Digital Defense, Inc. Vulnerability Research Team

Original Advisory:
http://archives.neohapsis.com/archives/bugtraq/2012-04/0208.html

http://secunia.com/advisories/49015/


Was this reply helpful? (0)   (0)

Staff pick

Discussion locked
Report offensive post
Email to friend

TwonkyManager TwonkyServer Directory Traversal Vulnerability

by Carol~ Moderator - 4/27/12 12:29 PM

In Reply to: VULNERABILITIES / FIXES - April 27, 2012 by Carol~ Moderator

Release Date : 2012-04-27

Criticality level : Less critical
Impact : Exposure of sensitive information
Where : From local network
Solution Status : Vendor Patch

Software: TwonkyManager 3.x

Description:
A vulnerability has been reported in TwonkyManager, which can be exploited by malicious people to disclose potentially sensitive information.

The vulnerability is caused due to a bundled vulnerable version of TwonkyServer.

The vulnerability is reported in version 3.0.

Solution:
Update to the latest version.

Original Advisory:
http://archives.neohapsis.com/archives/bugtraq/2012-04/0208.html

http://secunia.com/advisories/49016/


Was this reply helpful? (0)   (0)

Staff pick

Discussion locked
Report offensive post
Email to friend

HP LaserJet Printers / Digital Senders Unauthorized Firmware

by Carol~ Moderator - 4/27/12 12:38 PM

In Reply to: VULNERABILITIES / FIXES - April 27, 2012 by Carol~ Moderator

HP LaserJet Printers / Digital Senders Unauthorized Firmware Update Security Issue

Release Date: 2011-12-01
Last Update: 2012-04-27

Criticality level: Moderately critical
Impact : Security Bypass
Where: From local network
Solution Status: Partial Fix

Operating System: HP 9200C Digital Sender
HP 9250 Digital Sender
HP CM8000 Color MFP Series
HP Color LaserJet 2800 All-in-One Printer Series
HP Color LaserJet 3000 Series
HP Color LaserJet 3800 Series
HP Color LaserJet 4700 Series
HP Color LaserJet 4730 Series
HP Color LaserJet 5550 Series
HP Color LaserJet 9500 Series
HP Color LaserJet CM1312 Multifunction Printer Series
HP Color LaserJet CM2320 Multifunction Printer series
HP Color LaserJet CM3530 Series
HP Color LaserJet CM4730 Multifunction Printer Series
HP Color LaserJet CM6030/CM6040 MFP Series
HP Color LaserJet CP1210 Printer series
HP Color LaserJet CP1510 Printer Series
HP Color LaserJet CP2025 Printer series
HP Color LaserJet CP3505 Series
HP Color LaserJet CP3525 Series
HP Color LaserJet CP4005 Series
HP Color LaserJet CP4025 / CP 4525 Series
HP Color Laserjet CP5525 Series
HP Color LaserJet CP6015
HP Color LaserJet Enterprise CM4540 Series
HP Color LaserJet Enterprise CP4520 Printer series
HP Color LaserJet Enterprise CP4525
HP Color LaserJet P4014 / P4015 / P4515 Series
HP Color LaserJet Professional CP5225 Printer series
HP LaserJet 2400 Printer Series
HP LaserJet 4240 / 4250 / 4340 Series
HP LaserJet 4345 Series
HP LaserJet 4350 Series
HP LaserJet 5200 Series
HP LaserJet 9040/9050 Series
HP LaserJet Enterprise 500 color M551 Series
HP LaserJet Enterprise 600 Series
HP LaserJet Enterprise M4555 MFP Series
HP LaserJet Enterprise P3015 Series
HP LaserJet M1120 Multifunction Printer Series
HP LaserJet M1319 Multifunction Printer Series
HP LaserJet M2727 Multifunction Printer series
HP LaserJet M3027/3035 MFP
HP LaserJet M3035 MFP Series
HP LaserJet M4345 Multifunction Printer series
HP LaserJet M5025/5035 MFP
HP LaserJet M5035 MFP Series
HP LaserJet M9040/M9050 Multifunction Printer series
HP LaserJet P1500 Printer series
HP LaserJet P2035 Printer series
HP LaserJet P2055 Printer series
HP LaserJet P3005 Series
HP LaserJet P4515
HP Laserjet Printer 5200 Series
HP LaserJet Pro 100 Color M175 Multifunction Printer series
HP LaserJet Pro CM1415 Color Multifunction Printer series
HP LaserJet Pro CP1025 Color Printer Series
HP LaserJet Pro CP1525 Color Printer series
HP LaserJet Pro M1136 Multifunction Printer series
HP LaserJet Pro M1212nf Multifunction Printer series
HP LaserJet Pro M1536 Multifunction Printer series
HP LaserJet Pro P1102 Printer Series
HP LaserJet Pro P1606dn Printer

Description:
A security issue has been reported in various HP LaserJet Printers and HP Digital Senders, which can be exploited by malicious people to bypass certain security restrictions.

The security issue is caused due to an error within the Remote Firmware Update (RFU) mechanism, which does not check for authentication when handling firmware updates. This can be exploited to upload a malicious firmware to device via a specially crafted request to TCP port 9100.

Please see the vendor's advisory for the list of affected products.

Solution:
Apply firmware update. Please see the vendor's advisory for details. As a workaround disable the "Printer Firmware Update" setting.

Provided and/or discovered by:
Salvatore Stolfo and Ang Cui, Columbia University.

Original Advisory:
HPSBPI02728 SSRT100692:
https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03102449

http://secunia.com/advisories/47063


Was this reply helpful? (0)   (0)

Staff pick

Discussion locked
Report offensive post
Email to friend

concrete5 "approveImmediately" Cross-Site Scripting

by Carol~ Moderator - 4/27/12 1:44 PM

In Reply to: VULNERABILITIES / FIXES - April 27, 2012 by Carol~ Moderator

concrete5 "approveImmediately" Cross-Site Scripting Vulnerability

Release Date : 2012-04-27

Criticality level : Less critical
Impact : Cross Site Scripting
Where : From remote
Solution Status : Unpatched

Software: concrete5 5.x

Description:
Jakub Galczyk has discovered a vulnerability in concrete5, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed via the "approveImmediately" parameter to index.php/tools/required/edit_collection_popup.php (when "ctask" is set to "edit_metadata") is not properly sanitised in concrete/elements/collection_metadata.php before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerability is confirmed in version 5.5.2.1. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:Jakub Galczyk.

Original Advisory:
http://hauntit.blogspot.com/2012/04/en-concrete5521-cms-is-vulnerable-to.html

http://secunia.com/advisories/48997/


Was this reply helpful? (0)   (0)

Staff pick

Discussion locked
Report offensive post
Email to friend

Oracle Database Multiple Vulnerabilities

by Carol~ Moderator - 4/27/12 2:05 PM

In Reply to: VULNERABILITIES / FIXES - April 27, 2012 by Carol~ Moderator

Release Date: 2012-04-18
Last Update: 2012-04-27

Criticality level : Moderately critical
Impact : Security Bypass
Manipulation of data
Brute force
Exposure of sensitive information
System access
Where : From remote
Solution Status : Vendor Patch

Software: Oracle Database 10.x
Oracle Database 11.x

Description:
Multiple vulnerabilities have been reported in Oracle Database, which can be exploited by malicious users to compromise a vulnerable system, by malicious users and malicious people to disclose potentially sensitive information and manipulate certain data, and by malicious people to conduct brute force attacks and bypass certain security restrictions.

1) An error in the Oracle Spatial component can be exploited by authenticated users to execute arbitrary code.

Successful exploitation of this vulnerability requires Create session, create index, alter index, and create table privileges.

2) An error in the Core RDBMS component can be exploited by authenticated users to execute arbitrary code.

Successful exploitation of this vulnerability requires create library and create procedure privileges.

3) An error within the OCIPasswordChange API can be exploited to e.g. change the password of locked accounts via brute force attacks.

4) An error within the OCIPasswordChange API when handling locked accounts can be exploited to e.g. guess account passwords via brute force attacks.

Note: Additionally, incorrect log-in attempts are not always correctly logged.

5) Some errors exist within Enterprise Manager Grid Control.

6) An error in the Application Express component can be exploited to manipulate certain data.

7) An error within the RDBMS Core component can be exploited by authenticated users to manipulate certain data.

Successful exploitation of this vulnerability requires Create Session privileges.

The vulnerabilities are reported in the following products and versions:
* Oracle Database 11g Release 2 versions 11.2.0.2 and 11.2.0.3
* Oracle Database 11g Release 1 version 11.1.0.7
* Oracle Database 10g Release 2 versions 10.2.0.3, 10.2.0.4, and 10.2.0.5

Solution:
Apply patches (please see the vendor's advisory for details).

Provided and/or discovered by:
3, 4) Esteban Martinez Fayo, Application Security Inc.

It is currently unclear who reported the remaining vulnerabilities as the Oracle Critical Patch Update for April 2012 only provides a bundled list of credits. This section will be updated when/if the original reporter provides more information.

Original Advisory:
Oracle:
http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html#AppendixDB

Team SHATTER:
https://www.teamshatter.com/topics/general/team-shatter-exclusive/advisory-incomplete-protection-of-oracle-database-locked-accounts/
https://www.teamshatter.com/topics/general/team-shatter-exclusive/advisory-ocipasswordchange-leaks-information-pwdhash/
https://www.teamshatter.com/topics/general/team-shatter-exclusive/advisory-failed-authentication-using-ocipassword-not-recorded/

http://secunia.com/advisories/48855/


Was this reply helpful? (0)   (0)

Staff pick

Discussion locked
Report offensive post
Email to friend

eFront "courses_ID" Path Disclosure Weakness

by Carol~ Moderator - 4/27/12 4:09 PM

In Reply to: VULNERABILITIES / FIXES - April 27, 2012 by Carol~ Moderator

Release Date : 2012-04-27

Criticality level : Not critical
Impact : Exposure of system information
Where : From remote
Solution Status : Unpatched

Software: eFront 3.x

Description:
Haunt IT has discovered a weakness in eFront, which can be exploited by malicious people to disclose certain system information.

The weakness is caused due to the application disclosing the full installation path within an error message when accessing a certain invalid "courses_ID" via the lesson information.

The weakness is confirmed in version 3.6.11 build 15059. Other versions may also be affected.

Solution:
Edit the source code to ensure that no installation path is disclosed.

Provided and/or discovered by:
Haunt IT

Original Advisory:
http://hauntit.blogspot.com/2012/04/en-efront-3610-cms-information.html

http://secunia.com/advisories/49003/


Was this reply helpful? (0)   (0)

Staff pick

Discussion locked
Report offensive post
Email to friend

DiY-CMS Cross-Site Request Forgery Vulnerability

by Carol~ Moderator - 4/27/12 4:10 PM

In Reply to: VULNERABILITIES / FIXES - April 27, 2012 by Carol~ Moderator

Release Date : 2012-04-27

Criticality level : Less critical
Impact : Cross Site Scripting
Where : From remote
Solution Status : Unpatched

Software: DiY-CMS 1.x

Description:
snup has discovered a vulnerability in DiY-CMS, which can be exploited by malicious people to conduct cross-site request forgery attacks.

The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. delete forum categories if a logged-in administrative user visits a malicious web site.

The vulnerability is confirmed in version 1.0. Other versions may also be affected.

Solution:
Do not browse untrusted sites or follow untrusted links while being logged-in to the application.

Provided and/or discovered by:
snup via Vulnerability Research Laboratory.

Original Advisory:
http://www.vulnerability-lab.com/get_content.php?id=518

http://secunia.com/advisories/49011/


Was this reply helpful? (0)   (0)

Staff pick

Discussion locked
Report offensive post
Email to friend

Car Portal CMS Cross-Site Request Forgery Vulnerability

by Carol~ Moderator - 4/27/12 5:29 PM

In Reply to: VULNERABILITIES / FIXES - April 27, 2012 by Carol~ Moderator

Release Date : 2012-04-27

Criticality level : Less critical
Impact : Cross Site Scripting
Where : From remote
Solution Status : Unpatched

Software: Car Portal 3.x

Description:
the_storm has reported a vulnerability in Car Portal CMS, which can be exploited by malicious people to conduct cross-site request forgery attacks.

The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. delete user accounts by tricking a logged-in administrator into visiting a malicious web site.

The vulnerability is reported in version 3.0. Other versions may also be affected.

Solution:
Do not browse untrusted sites or follow untrusted links while being logged-in to the application.

Provided and/or discovered by:
the_storm via Vulnerability Laboratory Research.

Original Advisory:
http://www.vulnerability-lab.com/get_content.php?id=502

http://secunia.com/advisories/49010/


Was this reply helpful? (0)   (0)

Staff pick

Discussion locked
Report offensive post
Email to friend

Forum Icon Legend

  • UnreadUnread
  • ReadRead
  • Locked threadLocked thread
  •   
  •   
  •   
  •   
  •   
  •   
  •   
  • ModeratorModerator
  • CNET StaffCNET Staff
  • Samsung StaffSamsung Staff
  • Norton Authorized Support TeamNorton Authorized Support Team
  • AVG StaffAVG Staff
  • avast! Staffavast! Staff
  • Webroot Support TeamWebroot Support Team
  • Acer Customer Experience TeamAcer Customer Experience Team
  • Windows Outreach TeamWindows Outreach Team
  • DISH staffDISH staff
  • Dell StaffDell Staff
  • Intel StaffIntel Staff
  • QuestionQuestion
  • Resolved questionResolved question
  • General discussionGeneral discussion
  • TipTip
  • Alert or warningAlert or warning
  • PraisePraise
  • RantRant

You are e-mailing the following post: Post Subject

Your e-mail address is used only to let the recipient know who sent the e-mail and in case of transmission error. Neither your address nor the recipient's address will be used for any other purpose.

Sorry, there was a problem emailing this post. Please try again.

Submit Email Cancel

Thank you. Sent email to

Close

Thank you. Sent email to

Close

You are reporting the following post: Post Subject

If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.

Offensive: Sexually explicit or offensive language

Spam: Advertisements or commercial links

Disruptive posting: Flaming or offending other users

Illegal activities: Promote cracked software, or other illegal content

Sorry, there was a problem submitting your post. Please try again.

Submit Report Cancel

Your message has been submitted and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.

Close

Your message has been submitted and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.

Close

You are posting a reply to: Post Subject

The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to the CNET Forums policies for details. All submitted content is subject to CBS Interactive Site Terms of Use.

You are currently tracking this discussion. Click here to manage your tracked discussions.

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

Sorry, there was a problem submitting your post. Please try again.

Sorry, there was a problem generating the preview. Please try again.

Duplicate posts are not allowed in the forums. Please edit your post and submit again.

Submit Reply Preview Cancel

Thank you, , your post has been submitted.

> Click here to view your post. > Manage your tracked discussions. > Track this discussion. Close

Thank you, , your post has been submitted and will appear on our site shortly.

Close