|
 |
| SecurityReason | ||
| WLB | ||
| Services | ||
| RSS | ||
| Corporate | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
Home  SecurityAlert Database |
||||
SecurityAlert : 4176 CVE : CVE-2008-3758 CVE : CVE-2008-3874 CWE : CWE-79 SecurityRisk : Low  (About) Remote Exploit : Yes Local Exploit : No Victim interaction required : Yes Exploit Available : No Credit : GulfTech Security Research Published : 23.08.2008
Advisory Content : ########################################################## # GulfTech Security Research August 19, 2008 ########################################################## # Vendor : Mark O'Sullivan # URL : http://www.getvanilla.com/ # Version : Vanilla <= 1.1.4 # Risk : Multiple Vulnerabilities ########################################################## Description: Vanilla is an open-source, standards-compliant, multi-lingual, fully extensible web based discussion forum. Unfortunately there are a couple of issues within Vanilla that allow for a malicious user to steal client based credentials such as cookies. These issues include both script injection and cross site scripting. An updated version of Vanilla has been released and users should upgrade their Vanilla installation as soon as possible. Cross Site Scripting: There is a Cross Site Scripting issue in Vanilla that allow for theft of client side credentials such as cookies. An example can be found in people.php. This issue is a result of unsanitized GPC variables being displayed to the end user. /people.php?PostBackAction=Apply&NewPassword='"><script>alert (document.cookie)%3B<%2Fscript> The above example link would display the end users cookie to them. Of course this can also be used to steal the cookie data as mentioned earlier in this advisory. Script Injection: There is a script injection issue within Vanilla that may allow for a malicious user to gain admin credentials via cookie theft. The problem is a result of the "Picture", "Icon", and Label => Value pairs within the user account information not being properly escaped. It seems that only strip_tags is used, which is not sufficient. All developers need not forget that if the user supplied data is being placed within a tag, as parameters, then the htmlspecialchars function or a similar equivalent must be used so that quotes are properly escaped. Otherwise we can inject additional parameters in to the affected tag like in the example shown below. test" onclick=alert(document.cookie); " By entering the above text in to one of the previously mentioned vulnerable fields an attacker can successfully have the javascript execute in the context of the admin's browser whenever the affected field is clicked. Solution: The Vanilla developers have released an updated version of Vanilla which resolves the previously mentioned. Vanilla 1.1.5 RC 1 can be found at the following url http://lussumo.com/community/discussion/8559/vanilla-115-release-candida te-1/ Credits: James Bercegay of the GulfTech Security Research Team Related Info: The original advisory can be found at the following location http://www.gulftech.org/?node=research&article_id=00126-08192008 References : http://lussumo.com/community/discussion/8559/vanilla-115-release-candidate-1/
http://www.securityfocus.com/bid/30748
http://www.securityfocus.com/archive/1/archive/1/495577/100/0/threaded
http://www.gulftech.org/?node=research&article_id=00126-08192008
http://secunia.com/advisories/31527
http://lussumo.com/docs/doku.php?id=vanilla:releasenotes  Feedback : If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com. |
||||
| Alert | ||
libc:fts_*() Multiple Denial of Service
The fts functions are provided for traversing UNIX file hierarchies... |
||
| Apache |  |
|
» Apache Tomcat 6.0.20 and |
||
» Apache Tomcat 6.0.20 and |
||
» Apache Tomcat 6.0.20 and |
||
| PHP | |
|
- 2009-10-02| Copyright © SecurityReason.com. All Rights Reserved. |