Ad: Manage updates with the Download App
ie8 fix

Spyware, viruses, & security forum: VULNERABILITIES / FIXES - January 03, 2013

by: Carol~ January 3, 2013 9:36 AM PST

Like this

0 people like this thread

Staff pick

VULNERABILITIES / FIXES - January 03, 2013

by Carol~ Moderator - 1/3/13 9:36 AM

e107 Cross-Site Request Forgery Vulnerability

Release Date : 2013-01-03

Criticality level : Less critical
Impact : Cross Site Scripting
Where : From remote
Solution Status : Unpatched

Software: e107 1.x

Description:
Joshua Reynolds has discovered a vulnerability in e107, which can be exploited by malicious people to conduct cross-site request forgery attacks.

The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. create downloads hosted by the application if a logged-in administrator visits a malicious web site.

The vulnerability is confirmed in version 1.0.2. Other versions may also be affected.

Solution:
No official solution is currently available.

Provided and/or discovered by:
Joshua Reynolds

Original Advisory
http://infosec4breakfast.blogspot.com/2013/01/e107-csrf-vulnerabilities.html

http://secunia.com/advisories/51687/


Reply
Report offensive post
Email to friend

Ruby on Rails Method Parameters SQL Injection Vulnerability

by Carol~ Moderator - 1/3/13 9:38 AM

In Reply to: VULNERABILITIES / FIXES - January 03, 2013 by Carol~ Moderator

Release Date : 2013-01-03

Criticality level Moderately critical
Impact : Manipulation of data
Where : From remote
Solution Status Vendor Patch

Software: Ruby on Rails 2.3.x
Ruby on Rails 3.0.x
Ruby on Rails 3.1.x
Ruby on Rails 3.2.x

Description:
joernchen has reported a vulnerability in Ruby on Rails, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the Active Record interface via method parameters is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

The vulnerability is reported in versions prior to 3.0.18, prior to 3.1.9, and prior to 3.2.10.

Solution:
Update to version 3.2.10, 3.1.9, or 3.0.18 or apply patch.

Provided and/or discovered by:
joernchen, Phenoelit

Original Advisory:
http://groups.google.com/group/rubyonrails-security/t/c2353369fea8c53

http://secunia.com/advisories/51697/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

CubeCart global.inc.php File Backup Security Issue

by Carol~ Moderator - 1/3/13 9:40 AM

In Reply to: VULNERABILITIES / FIXES - January 03, 2013 by Carol~ Moderator

Release Date : 2013-01-03

Criticality level Less critical
Impact : Exposure of sensitive information
Where : From remote
Solution Status Vendor Patch

Software: CubeCart 5.x

Description:
Aung Khant has discovered a security issue in CubeCart, which can potentially be exploited by malicious people to gain knowledge of sensitive information.

The security issue is caused due to application creating a backup of the includes/global.inc.php file with appended timestamp inside webroot when handling an upgrade or re-installation of the application. This can potentially be exploited to gain knowledge of database access credentials by guessing the file name of a backup file.

The security issue is confirmed in version 5.0.7. Prior versions may also be affected.

Solution:
Update to version 5.0.8.

Provided and/or discovered by:
Aung Khant, YGN Ethical Hacker Group

Original Advisory:
CubeCart:
http://forums.cubecart.com/topic/45457-cubecart-508-free-cubecart-lite-released/

Aung Khant:
http://yehg.net/lab/pr0js/advisories/%5Bcubecart_5.0.7%5D_insecure-backup

http://secunia.com/advisories/51665/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

CubeCart Multiple Vulnerabilities

by Carol~ Moderator - 1/3/13 9:41 AM

In Reply to: VULNERABILITIES / FIXES - January 03, 2013 by Carol~ Moderator

Release Date : 2013-01-03

Criticality level : Moderately critical
Impact : Cross Site Scripting
Where : From remote
Solution Status : Unpatched

Software: CubeCart 5.x

Description:
Aung Khant has discovered multiple vulnerabilities in CubeCart, which can be exploited by malicious people to conduct cross-site request forgery and script insertion attacks.

1) The application allows users to perform certain actions via HTTP requests without performing proper validity checks to verify the requests. This can be exploited to e.g. delete a document, a download, a product, and a customer when a logged-in administrative user visits a specially crafted web page.

2) Input passed via the "review[name]" and "review[title]" POST parameter to index.php (when posting a review) is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in an administrative user's browser session in context of an affected site if malicious data is viewed when editing the review.

The vulnerabilities are confirmed in version 5.1.5. Other versions may also be affected.

Solution:
No official solution is currently available.

Provided and/or discovered by:
Aung Khant, YGN Ethical Hacker Group

Original Advisory:
http://yehg.net/lab/pr0js/advisories/%5Bcubecart_5x%5D_csrf
http://yehg.net/lab/pr0js/advisories/%5Bcubecart_5x%5D_xss

http://secunia.com/advisories/51703/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

RuggedCom Rugged Operating System Web UI Two Vulnerabilities

by Carol~ Moderator - 1/3/13 9:49 AM

In Reply to: VULNERABILITIES / FIXES - January 03, 2013 by Carol~ Moderator

Release Date: 2013-01-03

Criticality level : Less critical
Impact : Hijacking
Security Bypass
Where : From local network
Solution Status : Vendor Patch

Operating System : Rugged Operating System (ROS) 3.x

Description:
A security issue and a vulnerability have been reported in RuggedCom Rugged Operating System, which can be exploited by malicious users to bypass certain security restrictions and by malicious people to hijack a user's session.

1) The security issue is caused due to predictable generation of the user ID session identifier, which can be exploited to hijack an administrative session.

2) The application does not properly verify access restrictions, which can be exploited to perform certain administrative actions.

The security issue and the vulnerability are reported in versions prior to 3.12.1.

Solution:
Update to version 3.12.1.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
http://www.ruggedcom.com/pdfs/soft_history/ros_history/ros-cf52_main_v3-12-1.pdf

http://secunia.com/advisories/51718/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

NVIDIA Graphics Drivers for Windows "nvsr" Named Pipe Buffer

by Carol~ Moderator - 1/3/13 9:50 AM

In Reply to: VULNERABILITIES / FIXES - January 03, 2013 by Carol~ Moderator

NVIDIA Graphics Drivers for Windows "nvsr" Named Pipe Buffer Overflow Vulnerability

Release Date : 2013-01-03

Criticality level Less critical
Impact: System access
Where : From local network
Solution Status: Unpatched

Software: NVIDIA Graphics Drivers for Windows 310.x

Description:
A vulnerability has been reported in NVIDIA Graphics Drivers for Windows, which can be exploited by malicious users to compromise a vulnerable system.

The vulnerability is caused due to a boundary error when processing data received in the "nvsr" named pipe and can be exploited to cause a stack-based buffer overflow via specially crafted requests.

The vulnerability is reported in NVIDIA Graphics Drivers for Windows version 310.70. Other versions may also be affected.

Solution:
No official solution is currently available.

Provided and/or discovered by:
Peter Winter-Smith

Original Advisory:
Peter Winter-Smith:
http://packetstormsecurity.com/files/119107/NVidia-Display-Driver-Buffer-Overflow.html

http://secunia.com/advisories/51629/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Asterisk Two Denial of Service Vulnerabilities

by Carol~ Moderator - 1/3/13 1:19 PM

In Reply to: VULNERABILITIES / FIXES - January 03, 2013 by Carol~ Moderator

Release Date : 2013-01-03

Criticality level Moderately critical
Impact : DoS
Where : From remote
Solution Status Vendor Patch

Software: Asterisk 1.x
Asterisk 10.x
Asterisk 11.x

Description:
Two vulnerabilities have been reported in Asterisk, which can be exploited by malicious users and malicious people to cause a DoS (Denial of Service).

1) An error when handling TCP sessions can be exploited to cause a stack overflow and crash the service.

2) An error when handling device state caches can be exploited to consume excessive system resources.

The vulnerabilities are reported in versions 1.8.x, 10.x, and 11.x.

Solution:
Update to version 1.8.19.1, 10.11.1, or 11.1.1.

Provided and/or discovered by:
The vendor credits:
1) Walter Doekes
2) Russell Bryant

Original Advisory:
http://downloads.asterisk.org/pub/security/AST-2012-014.html
http://downloads.asterisk.org/pub/security/AST-2012-015.html

http://secunia.com/advisories/51689/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

WordPress Google Doc Embedder Plugin Arbitrary File

by Carol~ Moderator - 1/3/13 1:19 PM

In Reply to: VULNERABILITIES / FIXES - January 03, 2013 by Carol~ Moderator

WordPress Google Doc Embedder Plugin Arbitrary File Disclosure Vulnerability

Release Date : 2013-01-03

Criticality level Moderately critical
Impact : Exposure of sensitive information
Where : From remote
Solution Status Vendor Patch

Software: WordPress Google Doc Embedder Plugin 2.x

Description:
Charlie Eriksen has discovered a vulnerability in the Google Doc Embedder plugin for WordPress, which can be exploited by malicious people to disclose sensitive information.

Input passed to the "file" parameter in wp-content/plugins/google-document-embedder/libs/pdf.php (when "fn" is set to a valid value) is not properly verified before being used to display files. This can be exploited to disclose the contents of arbitrary files via directory traversal sequences.

The vulnerability is confirmed in version 2.4.6. Other versions may also be affected.

Solution:
Update to version 2.5.4.

Provided and/or discovered by:
Charlie Eriksen via Secunia

http://secunia.com/advisories/50832/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

osTicket Cross-Site Request Forgery and SQL Injection

by Carol~ Moderator - 1/3/13 3:05 PM

In Reply to: VULNERABILITIES / FIXES - January 03, 2013 by Carol~ Moderator

osTicket Cross-Site Request Forgery and SQL Injection Vulnerabilities

Release Date : 2013-01-03

Criticality level : Less critical
Impact : Cross Site Scripting
Manipulation of data
Where : From remote
Solution Status : Unpatched

Software: osTicket 1.x

Description:
Two vulnerabilities have been discovered in osTicket, which can be exploited by malicious users to conduct SQL injection attacks and by malicious people to conduct cross-site request forgery attacks.

1) Input passed via the "canned[]" parameter to scp/kb.php is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Successful exploitation of this vulnerability requires access rights to modify knowledge base articles.

2) The application allows users to perform certain actions via HTTP requests without performing proper validity checks to verify the requests. This can be exploited to e.g. add an administrative user when a logged-in administrative user visits a specially crafted web page.

The vulnerabilities are confirmed in version 1.6. Other versions may also be affected.

Solution:
No official solution is currently available.

Provided and/or discovered by:
AkaStep

Original Advisory:
http://packetstormsecurity.com/files/119209/osTicket-1.6-ST-CSRF-SQL-Injection.html

http://secunia.com/advisories/51710/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Forum Icon Legend

  • UnreadUnread
  • ReadRead
  • Locked threadLocked thread
  •   
  •   
  •   
  •   
  •   
  •   
  •   
  • ModeratorModerator
  • CNET StaffCNET Staff
  • Samsung StaffSamsung Staff
  • Norton Authorized Support TeamNorton Authorized Support Team
  • AVG StaffAVG Staff
  • avast! Staffavast! Staff
  • Webroot Support TeamWebroot Support Team
  • Acer Customer Experience TeamAcer Customer Experience Team
  • Windows Outreach TeamWindows Outreach Team
  • DISH staffDISH staff
  • Dell StaffDell Staff
  • Intel StaffIntel Staff
  • QuestionQuestion
  • Resolved questionResolved question
  • General discussionGeneral discussion
  • TipTip
  • Alert or warningAlert or warning
  • PraisePraise
  • RantRant

You are e-mailing the following post: Post Subject

Your e-mail address is used only to let the recipient know who sent the e-mail and in case of transmission error. Neither your address nor the recipient's address will be used for any other purpose.

Sorry, there was a problem emailing this post. Please try again.

Submit Email Cancel

Thank you. Sent email to

Close

Thank you. Sent email to

Close

You are reporting the following post: Post Subject

If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.

Offensive: Sexually explicit or offensive language

Spam: Advertisements or commercial links

Disruptive posting: Flaming or offending other users

Illegal activities: Promote cracked software, or other illegal content

Sorry, there was a problem submitting your post. Please try again.

Submit Report Cancel

Your message has been submitted and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.

Close

Your message has been submitted and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.

Close

You are posting a reply to: Post Subject

The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to the CNET Forums policies for details. All submitted content is subject to CBS Interactive Site Terms of Use.

You are currently tracking this discussion. Click here to manage your tracked discussions.

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

Sorry, there was a problem submitting your post. Please try again.

Sorry, there was a problem generating the preview. Please try again.

Duplicate posts are not allowed in the forums. Please edit your post and submit again.

Submit Reply Preview Cancel

Thank you, , your post has been submitted.

> Click here to view your post. > Manage your tracked discussions. > Track this discussion. Close

Thank you, , your post has been submitted and will appear on our site shortly.

Close