|
Advisory:
|
Meditate Web Content Editor ‘username_input’ SQL-Injection vulnerability
|
|
Advisory ID:
|
SSCHADV2011-039
|
|
Author:
|
Stefan Schurtz
|
|
Affected Software:
|
Successfully tested on Meditate 1.2
|
|
Vendor URL:
|
|
|
Vendor Status:
|
fixed
|
|
EDB-ID:
|
18202
|
======================
Vulnerability Description:
======================
Meditate Web Content Editor is prone to a SQL-Injection vulnerability
Continue reading "SSCHADV2011-039 - Meditate Web Content Editor 'username_input' SQL-Injection vulnerability"
Well, here is my next article for the German HAKIN9 IT Security Magazin. This time it’s about Web-Security and it holds three examples (XSS, SQL-Injection and Blind SQL-Injection) about, how to identify and fix vulnerabilites in web applications. Tools used for this one are Netsparker Community Edition from mavitunasecurity, Arachni and sqlmap.
And of course not to forget, a big special THANKS to Dr. Philip Walter for his great support!
Enjoy yourself!
|
Advisory:
|
Ariadne 2.7.6 Multiple XSS vulnerabilities
|
|
Advisory ID:
|
SSCHADV2011-038
|
|
Author:
|
Stefan Schurtz
|
|
Affected Software:
|
Successfully tested on Ariadne 2.7.6
|
|
Vendor URL:
|
|
|
Vendor Status:
|
informed
|
|
CVE-ID:
|
CVE-2011-4938 (thx to Henri Salo)
|
======================
Vulnerability Description:
======================
Ariadne 2.7.6 is prone to multiple Cross-Site scripting vulnerabilities
Continue reading "SSCHADV2011-038 - Ariadne 2.7.6 Multiple XSS vulnerabilities"
|
Advisory:
|
Achievo 1.4.5 Multiple XSS vulnerabilities
|
|
Advisory ID:
|
SSCHADV2011-037
|
|
Author:
|
Stefan Schurtz
|
|
Affected Software:
|
Successfully tested on Achievo 1.4.5
|
|
Vendor URL:
|
|
|
Vendor Status:
|
informed
|
|
CVE-ID:
|
-
|
======================
Vulnerability Description:
======================
Achievo 1.4.5 is prone to multiple Cross-Site scripting vulernabilities
Continue reading "SSCHADV2011-037 - Achievo 1.4.5 Multiple XSS vulnerabilities"
Check Point Endpoint Security Client – Disconnect after 20 seconds
After connecting with the new Endpoint Security Client E75.20 or E75.10 to a R75.10 Security Gateway, the client disconnects after 20 seconds when no traffic is made.
Continue reading "Check Point Endpoint Security Client - Disconnect after 20 seconds"
|
Advisory:
|
Tiki Wiki CMS Groupware Multiple XSS vulnerabilities
|
|
Advisory ID:
|
INFOSERVE-ADV2011-01
|
|
Author:
|
Stefan Schurtz
|
|
Contact:
|
|
|
Affected Software:
|
Successfully tested on Tiki 7.2 & 8.0 RC1
|
|
Vendor URL:
|
|
|
Vendor Status:
|
fixed for Tiki 7 (New Tiki 6 LTS release in progress)
|
|
CVE-ID:
|
CVE-2011-4454, CVE-2011-4455
|
======================
Vulnerability Description
======================
All versions of Tiki 6 and Tiki 7 and version Tiki 8.0RC1 are prone to multiple XSS vulnerabilities
Continue reading "INFOSERVE-ADV2011-01 - Tiki Wiki CMS Groupware Multiple XSS vulnerabilities"