|
 |
| SecurityReason | ||
| WLB | ||
| RSS | ||
| Corporate | ||
| Services | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
| Details : SecurityAlert | ||||
 SecurityAlert : 3280 CVE : CVE-2007-5190 SecurityRisk : Low  (About) Remote Exploit : Yes Local Exploit : No Exploit Given : Yes Credit : S21sec Labs Published : 23.10.2007
Advisory Text : ############################################################## - S21Sec Advisory - ############################################################## Title: Alcatel Omnivista 4760 Cross-Site Scripting ID: S21SEC-038-en Severity: Medium - History: 10.Jun.2007 Vulnerability discovered 20.Jun.2007 Vendor contacted 19.Oct.2007 Advisory released Authors: Juan de la Fuente Costa (jfuente (at) s21sec (dot) com [email concealed]) Pablo Seijo Cajaraville (pseijo (at) s21sec (dot) com [email concealed]) URL: http://www.s21sec.com/avisos/s21sec-038-en.txt Release: Public [ SUMMARY ] Alcatel-Lucent OmniVista 4760 is an innovative, modular platform that provides a suite of network management applications. This powerful Java-based tool, accessed through a Web browser, provides centralized management for the OmniPCX Enterprise. The platform's open architecture enables today's IT managers and administrators to effectively monitor and maintain the network, while lowering the company's total cost of ownership. This suite of network management applications includes: * LDAP Directory * Configuration * Accounting/Performance Management * Alarm Notification * Network Topology [ AFFECTED VERSIONS ] This vulnerability has been tested in Alcatel Omnivista 4760. [ DESCRIPTION ] S21sec has discovered a vulnerability in Alcatel Omnivista 4760 that allows injecting JavaScript code in text variables. This issue allows javascript code execution in the user browser. The identified parameters are: "action" and "Langue" Parameter: action URL: http://www.somesite.com/php-bin/Webclient.php? action=<script>alert("xss")</script> Parameter: Langue URL: http://www.somesite.com/?Langue="><script>alert("xss")</script><"; [ WORKAROUND ] Alcatel-Lucent has released a patch to address this vulnerability. More info at: http://www1.alcatel-lucent.com/psirt/statements/2007003/4760xss.htm [ ACKNOWLEDGMENTS ] This vulnerability has been discovered and researched by: - Juan de la Fuente Costa <jfuente (at) s21sec (dot) com [email concealed]> S21Sec - Pablo Seijo Cajaraville <pseijo (at) s21sec (dot) com [email concealed]> S21Sec With special thanks to: - Miguel Angel Aguilar Bermejo [ REFERENCES ] * S21Sec http://www.s21sec.com http://blog.s21sec.com Feedback : If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com. |
||||
| Alert | ||
*BSD libc (strfmon) Multiple vulnerabilities
Maksymilian Arciemowicz discovered a Integer Overflow vulnerability in the libc library "strfmon()" function.A vulnerability could allow an attacker who successfully exploits this vulnerability to take control of the affected *BSD systems. |
||
| Apache |  |
|
» Apache Tomcat <= |
||
| PHP | |
|
» PHP 5.2.5 and prior : |
||
- 2008-03-25| Copyright © SecurityReason. All Rights Reserved. |