headers
research@vulnerability-lab.com | 9 Feb 19:02
Favicon

[Suspected Spam] eFront Community++ v3.6.10 - Multiple Web Vulnerabilities

Title:
======
eFront Community++ v3.6.10 - Multiple Web Vulnerabilities

Date:
=====
2012-02-09

References:
===========
http://www.vulnerability-lab.com/get_content.php?id=421

VL-ID:
=====
421

Introduction:
=============
Tailored with larger organizations in mind, eFront Community ++ offers solutions for the management of
companies most 
valued asset - the people. Based on a coherent approach to human capital management which keeps the
workforce actively 
engaged, the eFront Community ++ platform offers the means of aligning learning programs with business
goals to cultivate 
employee skills and knowledge associated with business performance. eFront Community ++ builds on top of
eFront Educational.

(Copy of the Vendor Homepage: http://efrontlearning.net/product/efront-Community ++.html)

Abstract:
(Continue reading)

Permalink | Reply | 0 comments |
headers
security | 9 Feb 14:58

[ MDVSA-2012:015 ] wireshark


 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2012:015
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : wireshark
 Date    : February 9, 2012
 Affected: 2011.
 _______________________________________________________________________

 Problem Description:

 Multiple file parser and NULL pointer vulnerabilities including a
 RLC dissector buffer overflow was found and corrected in Wireshark.

 This advisory provides the latest version of Wireshark (1.6.5 )
 which is not vulnerable to these issues.
 _______________________________________________________________________

 References:

 http://www.wireshark.org/security/wnpa-sec-2012-01.html
 http://www.wireshark.org/security/wnpa-sec-2012-02.html
 http://www.wireshark.org/security/wnpa-sec-2012-03.html
 _______________________________________________________________________

 Updated Packages:
(Continue reading)

Permalink | Reply | 0 comments |
headers
Florian Weimer | 9 Feb 14:05
Picon

[SECURITY] [DSA 2407-1] cvs security update


-------------------------------------------------------------------------
Debian Security Advisory DSA-2407-1                   security <at> debian.org
http://www.debian.org/security/                            Florian Weimer
February 09, 2012                      http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package        : cvs
Vulnerability  : heap overflow
Problem type   : remote
Debian-specific: no
CVE ID         : CVE-2012-0804

It was discovered that a malicious CVS server could cause a heap
overflow in the CVS client, potentially allowing the server to execute
arbitrary code on the client.

For the stable distribution (squeeze), this problem has been fixed in
version 1:1.12.13-12+squeeze1.

For the unstable distribution (sid), this problem has been fixed in
version 2:1.12.13+real-7.

We recommend that you upgrade your cvs packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: debian-security-announce <at> lists.debian.org
(Continue reading)

Permalink | Reply | 0 comments |
headers
security-alert | 8 Feb 18:14
Picon
Favicon

[security bulletin] HPSBMU02742 SSRT100740 rev.1 - HP System Management Homepage (SMH) for Linux and Windows, Remote Unauthorized Disclosure of Information


SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c03164351
Version: 1

HPSBMU02742 SSRT100740 rev.1 - HP System Management Homepage (SMH) for Linux and Windows, Remote
Unauthorized Disclosure of Information

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2012-02-08
Last Updated: 2012-02-08

Potential Security Impact: Remote unauthorized disclosure of information

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY
A potential security vulnerability has been identified with HP System Management Homepage (SMH) for
Linux and Windows. The vulnerability could be exploited remotely resulting in unauthorized disclosure
of information.

References: CVE-2011-3389, CERT VU#864643

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.

HP System Management Homepage for Linux and Windows, all versions

BACKGROUND
(Continue reading)

Permalink | Reply | 0 comments |
headers
advisory | 8 Feb 12:59
Picon

Multiple vulnerabilities in ZENphoto

Advisory ID: HTB23070
Product: ZENphoto
Vendor: www.zenphoto.org
Vulnerable Version: 1.4.2 and probably prior
Tested Version: 1.4.2
Vendor Notification: 18 January 2012 
Vendor Patch: 19 January 2012 
Public Disclosure: 8 February 2012 
Vulnerability Type: PHP Code Execution, SQL Injection, XSS
Solution Status: Fixed by Vendor
Risk Level: High 
Credit: High-Tech Bridge SA Security Research Lab ( https://www.htbridge.ch/advisory/ ) 

-----------------------------------------------------------------------------------------------

Advisory Details:

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in ZENphoto, which
can be exploited to perform arbitrary PHP code execution, sql injection and cross site scripting attacks.

1) Arbitrary PHP Code Execution in ZENphoto: CVE-2012-0993

Input passed via "viewer_size_image_saved" COOKIE parameter is not properly sanitised before being
used in an "eval()" call. 
This can be exploited to execute arbitrary PHP code.

The following PoC is available:

GET /[album_name]/[image.jpg].php HTTP/1.1
Cookie: viewer_size_image_saved=phpinfo()
(Continue reading)

Permalink | Reply | 0 comments |
headers
research@vulnerability-lab.com | 8 Feb 00:25
Favicon

Cyberoam Central Console v2.00.2 - File Include Vulnerability

Title:
======
Cyberoam Central Console v2.00.2 - File Include Vulnerability

Date:
=====
2012-02-08

References:
===========
http://www.vulnerability-lab.com/get_content.php?id=405

VL-ID:
=====
405

Introduction:
=============
Cyberoam Central Console (CCC) appliances offer the flexibility of hardware CCC appliances and virtual
CCC 
appliances to provide centralized security management across distributed Cyberoam UTM appliances,
enabling 
high levels of security for MSSPs and large enterprises. With Layer 8 Identity-based policies and
centralized 
reports and alerts, CCC hardware and virtual appliances provide granular security and visibility into
remote 
and branch offices across the globe. 

(Copy of the Vendor Homepage: http://www.cyberoam.com/ccc.html)
(Continue reading)

Permalink | Reply | 0 comments |
headers
security-alert | 7 Feb 22:33
Picon
Favicon

[security bulletin] HPSBUX02741 SSRT100728 rev.1 - HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass


SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c03183543
Version: 1

HPSBUX02741 SSRT100728 rev.1 - HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service
(DoS), Access Restriction Bypass

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2012-02-06
Last Updated: 2012-02-06

 ------------------------------------------------------------------------------

Potential Security Impact: Remote Denial of Service (DoS), access restriction bypass

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified with HP-UX Apache Running Tomcat Servlet
Engine. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS) or to
perform an access restriction bypass. The Tomcat-based Servlet Engine is contained in the HP-UX Apache
Web Server Suite.

References: CVE-2006-7243, CVE-2011-4858, CVE-2011-4885, CVE-2012-0022

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP-UX B.11.23, B.11.31 running HP-UX Apache Web Server Suite v3.21 or earlier
(Continue reading)

Permalink | Reply | 0 comments |
headers
roberto.paleari | 8 Feb 14:14
Gravatar

Unauthenticated remote code execution on D-Link ShareCenter products

Unauthenticated remote code execution on D-Link ShareCenter products
====================================================================

[ADVISORY INFORMATION]
Title:		Unauthenticated remote code execution on D-Link ShareCenter products
Release date: 	08/02/2012
Last update: 	08/02/2012
Credits: 	Roberto Paleari, Emaze Networks S.p.A (roberto.paleari <at> emaze.net)

[VULNERABILITY INFORMATION]
Class: 	        Authentication bypass, remote code execution

[AFFECTED PRODUCTS]
We confirm the presence of the security vulnerabilities on the following
products/firmware versions:

   * DNS-320, firmware version 2.00.1217.2010
   * DNS-320, firmware version 2.01.0512.2011
   * DNS-320, firmware version 2.02.0901.2011
   * DNS-320, firmware version 2.02.0923.2011
   * DNS-325, firmware version 1.01.1217.2010

Other models and firmware versions are probably also vulnerable, but they were
not checked.

[VULNERABILITY DETAILS]
D-Link ShareCenter devices suffer from a publicly-known authentication bypass
issue that, according to an existing advisory[1], can be exploited to cause a
Denial-of-Service.
(Continue reading)

Permalink | Reply | 0 comments |
headers
research@vulnerability-lab.com | 7 Feb 17:34
Favicon

eFronts Community++ v3.6.10 - Cross Site Vulnerability

Title:
======
eFronts Community++ v3.6.10 - Cross Site Vulnerability

Date:
=====
2012-02-07

References:
===========
http://www.vulnerability-lab.com/get_content.php?id=423

VL-ID:
=====
423

Introduction:
=============
Tailored with larger organizations in mind, eFront Community ++ offers solutions for the management of
companies most 
valued asset - the people. Based on a coherent approach to human capital management which keeps the
workforce actively 
engaged, the eFront Community ++ platform offers the means of aligning learning programs with business
goals to cultivate 
employee skills and knowledge associated with business performance. eFront Community ++ builds on top of
eFront Educational.

(Copy of the Vendor Homepage: http://efrontlearning.net/product/efront-Community ++.html)

Abstract:
(Continue reading)

Permalink | Reply | 0 comments |
headers
security-alert | 7 Feb 17:28
Picon
Favicon

[security bulletin] HPSBMU02736 SSRT100699 rev.2 - HP Business Availability Center (BAC) and Business Service Management (BSM), Remote Unauthorized Access to Sensitive Information


SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c03127140
Version: 2

HPSBMU02736 SSRT100699 rev.2 - HP Business Availability Center (BAC) and Business Service Management
(BSM), Remote Unauthorized Access to Sensitive Information

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2011-12-18
Last Updated: 2012-02-06

Potential Security Impact: Remote unauthorized access to sensitive information

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified with HP Business Availability Center (BAC) and
Business Service Management (BSM) . The vulnerabilities could be remotely exploited to allow
unauthorized access to sensitive information.

References: CVE-2010-1428, CVE-2010-1429, CVE-2008-3273

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
Business Availability Center (BAC) v8.07 and earlier on Windows and Solaris
Business Service Management (BSM) v9.12 and earlier on Windows and Solaris

BACKGROUND
(Continue reading)

Permalink | Reply | 0 comments |
headers
The Dark Tangent | 6 Feb 22:20
Favicon
Gravatar

DEF CON 20 Capture the Flag Announcement

The 20th anniversary of DEF CON is almost on us!

To help make this year even more memorable I have been working with DDTEK
and other CTF organizers to continue to grow the contest on a number of
levels.

Thinking of competing in the pre-qualifiers? Planning to seriously compete
this year? This announcement is to get you up to speed on what we have been
thinking.

First - Grow the CTF.
This year there will be more teams battling it out. 20 teams for DEF CON 20!
This is up from last year's 12. There will be more teams that pre-qual, as
well as more teams that get seated automatically by winning other well-known
and respected CTF contests around the world.
Here is the breakdown:

11 teams pre-qualify online - The announcement will be April 1st, 2012 at
DDTEK http://www.ddtek.biz/
7 winning teams from other CTF events - See below
1 The returning champions from DEF CON 19 CTF - The European Nopsled Team

What other CTF contests you ask?

    UCSB iCTF 2011 winner - We_0wn_You - http://ictf.cs.ucsb.edu/
    CodeGate 2012 Winner - Feb 24-26 2012 Online quals -
http://www.codegate.org/Eng/
    NCCDC winner - April 20 - 22, 2012 - http://www.nationalccdc.org/
    Hack In The Box 2012 Amsterdam - May 21-25, 2012 Amsterdam -
(Continue reading)

Permalink | Reply | 0 comments |

Gmane