Thursday, April 19, 2012

HTB23084: Newscoop multiple vulnerabilities (RFI, SQL Injection, XSS)

Newscoop version 3.5.3 and probably prior, partially 4.0 RC3 suffers from remote file inclusion (RFI), cross site scripting (XSS), SQL injection vulnerabilities:
1. Remote File Inclusion (RFI): Input passed via the "GLOBALS[g_campsiteDir]" GET parameter to "include/phorum_load.php", "GLOBALS[g_campsiteDir]" GET parameter to "conf/install_conf.php", "GLOBALS[g_campsiteDir]" GET parameter to "conf/liveuser_configuration.php" scripts are not properly verified before being used in require_once() function and can be exploited to include arbitrary remote files.
Successful exploitation of these vulnerabilities requires that "register_globals" is enabled.
2. SQL Injection: Input passed via the "f_country_code" GET parameter to "admin/country/edit.php" is not properly sanitised before being used in SQL query (requires attacker to be registered and logged-in and to have permission to manage countries; "magic_quotes_gpc" should be disabled).
3. Cross-Site Scripting (XSS): Input passed via the "Back" GET parameter to "admin/ad.php", "f_user_name" GET parameter to "admin/login.php", "token" and "f_email" GET parameters to "admin/password_check_token.php" scripts are not properly sanitised before being returned to the user.

Vulnerability ID: HTB23084
Vendor Notification / Patch / Public Disclosure Dates: 28 March / 5 April / 18 April
Vulnerabilities Type: Remote file inclusion (RFI), Cross-site scripting (XSS), SQL injection
Risk level: High
Solution Status: Fixed by Vendor
Solution: Upgrade to Newscoop 3.5.5, make sure that "register_globals" is set to off (fix for RFI).

Read full information and details about this advisory: High-Tech Bridge Advisory HTB23084: Multiple vulnerabilities in Newscoop.

Posted by at No comments:
Labels:

HTB23062: XOOPS multiple XSS vulnerabilities

XOOPS version 2.5.4 and probably prior suffers from multiple cross-site scripting (XSS) vulnerabilities:
Input passed via the "to_userid" POST parameter to "modules/pm/pmlite.php", "current_file" POST parameter to "class/xoopseditor/tinymce/tinymce/jscripts/tiny_mce/plugins/xoopsimagemanager/xoopsimagebrowser.php", "imgcat_id" POST parameter to "class/xoopseditor/tinymce/tinymce/jscripts/tiny_mce/plugins/xoopsimagemanager/xoopsimagebrowser.php", "target" POST parameter to "class/xoopseditor/tinymce/tinymce/jscripts/tiny_mce/plugins/xoopsimagemanager/xoopsimagebrowser.php" scripts are not properly sanitised before being returned to the user.

Vulnerability ID: HTB23062
Vendor Notification / Patch / Public Disclosure Dates: 7 December 2011 / 22 February 2012 / 18 April 2012
Vulnerabilities Type: Cross-Site Scripting (XSS)
Risk level: Medium
Solution: Fixed by Vendor, Upgrade to 2.5.5 version
Credit: High-Tech Bridge SA Security Research Lab

About XOOPS
XOOPS is a web application platform written in PHP for the MySQL database. Its object orientation makes it an ideal tool for developing small or large community websites, intra company and corporate portals, weblogs and much more.

About High-Tech Bridge SA Security Research Lab
High-Tech Bridge SA Security Research Lab is a unit of High-Tech Bridge's Research & Development Department. Security Advisories are provided on a non-profit base in accordance to Corporate Social Responsibility, with the aim of helping various software vendors to improve security of their products.

Posted by at No comments:
Labels:

Thursday, April 12, 2012

HTB23083: CMS Tree Page View Plugin for WordPress XSS vulnerability

CMS Tree Page View (WordPress plugin) version 0.8.8 suffers from cross-site scripting (XSS) vulnerabilities:
Input passed via the "cms_tpv_view" GET parameter to "wp-admin/options-general.php" script is not properly sanitised before being returned to the user.

Vulnerability ID: HTB23083
Vendor Notification / Patch / Public Disclosure Dates: 21 March / 26 March / 11 April
Vulnerabilities Type: Cross-Site Scripting (XSS)
Solution Status: Fixed by Vendor
Risk level: Medium
Solution: Upgrade to 0.8.9 or later version

Posted by at No comments:
Labels: ,

HTB23082: All-in-One Event Calendar Plugin for WordPress multiple XSS vulnerabilities

All-In-One Event Calendar (WordPress plugin) version 1.4 suffers from multiple cross-site scripting (XSS) vulnerabilities:
Input passed via the "title" GET parameter to "wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget-form.php", "args", "title", "before_title", "after_title" GET parameters to "wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget.php", "button_value" GET parameter to "wp-content/plugins/all-in-one-event-calendar/app/view/box_publish_button.php", "msg" GET parameter to "wp-content/plugins/all-in-one-event-calendar/app/view/save_successful.php" scripts are not properly sanitised before being returned to the user.

Vulnerability ID: HTB23082
Public Disclosure: April 11, 2012
Vulnerabilities Type: Cross-Site Scripting (XSS)
Risk level: Medium

Posted by at No comments:
Labels: ,

Friday, April 6, 2012

"ThinkSwiss: Genève Meets New York": Breaking Through Internet Censorship (Video)

Video from Breaking Through Internet Censorship event, held in New York City as part of the week-long festival "ThinkSwiss: Genève Meets New York" on March 12, 2012. Panelists: Stéphane Koch, Vice-President for High-Tech Bridge SA / Founder of intelligentzia.net, E.Mubarak, T.Obrecht, A.Qtiesh.

Panel held in New York City as part of the week-long festival "ThinkSwiss: Genève Meets New York" on March 12, 2012.

Posted by at No comments:
Labels:

Thursday, April 5, 2012

HTB23081: osCMax multiple vulnerabilities

osCMax version 2.5.0 suffers from a cross-site scripting (XSS) and SQL injection vulnerabilities:
1. Cross-site scripting (XSS): Input passed via the "username" POST parameter to "admin/login.php", "pageTitle" GET parameter to "admin/new_attributes_include.php", "sb_id", "sb_key", "gc_id", "gc_key" and "path" POST parameters to "admin/htaccess.php", "title" GET parameter to "admin/information_form.php", "search" GET parameter to "admin/xsell.php", "gross" and "max" GET parameters to "admin/stats_products_purchased.php", "status" GET parameter to "admin/stats_monthly_sales.php", "sorted" GET parameter to "admin/stats_customers.php", "information_id" GET parameter to "admin/information_manager.php", "zID" GET parameter to "admin/geo_zones.php", "current_product_id" and "cPath" GET parameters to "admin/new_attributes_include.php" scripts are not properly sanitised before being returned to the user.
2. SQL Injection: Input passed via the "status" GET parameter to "admin/stats_monthly_sales.php", "country" POST parameter to "admin/create_account_process.php", "username" POST parameter to "admin/login.php" scripts are not properly sanitised before being used in SQL query.

Vulnerability ID: HTB23081
Vendor Notification / Patch / Public Disclosure Dates: 14 March / 30 March / 4 April
Vulnerabilities Type: Cross-Site Scripting (XSS), SQL Injection
Solution Status: Fixed by Vendor
Risk level: High
Solution: Upgrade to osCMax v2.5.1 or later version

Posted by at No comments:
Labels:

Tuesday, April 3, 2012

InfoSurance: High-Tech Bridge is a new member

High-Tech Bridge is proud to announce it's new membership at InfoSurance, a Swiss information security association founded in 1999.

Through the Swiss Security Day as well as by providing training to schools and businesses the InfoSurance association promotes the awareness of information security. Swiss Security Day event aims to bring awareness on how to securely use a computer, from emailing to social networking.

As a new member of InfoSurance, High-Tech Bridge will promote the importance of information security.

Source: High-Tech Bridge: Member of InfoSurance

Posted by at No comments:
Labels: ,
Subscribe to: Posts (Atom)