Recognize-Security

cPanel HTTP Response Splitting Vulnerability

Posted by Trancer on Jan 21 2010

cPanel Security Advisory for cPanel and WHM (WebHost Manager) versions 11.25.
Vulnerabilities found:

HTTP Response Splitting vulnerability
Open Redirection vulnerability

cPanel HTTP Response Splitting Vulnerability – Security Advisory (PDF).
cPanel HTTP Response Splitting Vulnerability – Security Advisory (TXT).

I’d like to point out the lame work of the cPanel Security Team on these vulnerabilities. Usually when I report a vulnerability, I get some kind of interaction with the vendor developers and/or the security team, most of the times I enjoy working with the people involved. In this case, the cPanel Security Team were unresponsive. Eventually I was forced to release the security advisory even though one of the vulnerabilities (the Open Redirection vulnerability) is still unpatched.

References:
BID 37902
OSVDB 61954
exploit-db 11211

Categories: Advisories • Web Application Security

3 Comments | Comments RSS | TrackBack URL

Caucho Resin UTF-7 Cross-Site Scripting Vulnerability

Posted by Trancer on Oct 05 2008

Security Advisory for Caucho Resin Application Server version 3.2 and below.
Vulnerabilities found:

UTF-7 Cross-Site Scripting

PDF version.
TXT version.

This actually mean that every web application hosted on a Caucho Resin application server is vulnerable to Cross-Site Scripting… If you have one, I seriously recommend you patch your server :-)

References:
Caucho Resin 3.2.1 Release Notes
Caucho bug ID 2965

Categories: Advisories

0 Comments | Comments RSS | TrackBack URL

OpenNMS Multiple Vulnerabilities

Posted by Trancer on Oct 05 2008

Security Advisory for OpenNMS version 1.5.93-1 and below.
Vulnerabilities found:

HTTP Response Splitting
Cross-Site Scripting

PDF version.
TXT version.

Also on:
BID 31577
milw0rm 6676
exploit-database #6676

Categories: Advisories

0 Comments | Comments RSS | TrackBack URL

JSPWiki Multiple Vulnerabilities

Posted by Trancer on Jan 15 2008

JSPWiki Security Advisory for JSPWiki versions 2.4.104 (latest stable release), 2.5.139 (latest beta version) and below.
Vulnerabilities found:

.jsp Local File Inclusion
Cross-Site Scripting

JSPWiki allow users to upload (attach) files to entry pages. Combined with the LFI vulnerability, an attacker can use the information disclosed by the installation file to upload a malicious .jsp file and locally execute it.
By executing malicious server-side code, an attacker may be able to compromise the server.

Actually, this is the only published file inclusion vulnerability I’ve ever seen on a Java based web application.
Well, there’s more out there :-)

PDF version.
TXT version.

Also on:
BID 27785
milw0rm 5112
exploit-database #5112

Categories: Advisories

0 Comments | Comments RSS | TrackBack URL

MediaWiki Cross-Site Scripting Vulnerabilities

Posted by Trancer on Feb 18 2007

Security Advisory for MediaWiki versions:
1.6.x branch before 1.6.10
1.7.x branch before 1.7.3
1.8.x branch before 1.8.4
1.9.x branch before 1.9.3

Vulnerabilities found:

Cross-Site Scripting
UTF-7 Cross-Site Scripting

TXT version.

Also on:
BID 21956
MediaWiki patch announcement
RSnake expand the MediaWiki 1.9.2 UTF-7 XSS exploit

Categories: Advisories

0 Comments | Comments RSS | TrackBack URL

Recognize-Security Welcome to the Machine Advisories

cPanel HTTP Response Splitting Vulnerability Posted by Trancer on Jan 21 2010 Security Advisory for cPanel and WHM (WebHost Manager) versions 11.25. Vulnerabilities found: HTTP Response Splitting vulnerability Open Redirection vulnerability cPanel HTTP Response Splitting Vulnerability – Security Advisory (PDF). cPanel HTTP Response Splitting Vulnerability – Security Advisory (TXT). I’d like to point out the lame work of the cPanel Security Team on these vulnerabilities. Usually when I report a vulnerability, I get some kind of interaction with the vendor developers and/or the security team, most of the times I enjoy working with the people involved. In this case, the cPanel Security Team were unresponsive. Eventually I was forced to release the security advisory even though one of the vulnerabilities (the Open Redirection vulnerability) is still unpatched. References: BID 37902 OSVDB 61954 exploit-db 11211 Categories: Advisories • Web Application Security 3 Comments \| Comments RSS \| TrackBack URL Caucho Resin UTF-7 Cross-Site Scripting Vulnerability Posted by Trancer on Oct 05 2008 Security Advisory for Caucho Resin Application Server version 3.2 and below. Vulnerabilities found: UTF-7 Cross-Site Scripting PDF version. TXT version. This actually mean that every web application hosted on a Caucho Resin application server is vulnerable to Cross-Site Scripting… If you have one, I seriously recommend you patch your server :-) References: Caucho Resin 3.2.1 Release Notes Caucho bug ID 2965 Categories: Advisories 0 Comments \| Comments RSS \| TrackBack URL OpenNMS Multiple Vulnerabilities Posted by Trancer on Oct 05 2008 Security Advisory for OpenNMS version 1.5.93-1 and below. Vulnerabilities found: HTTP Response Splitting Cross-Site Scripting PDF version. TXT version. Also on: BID 31577 milw0rm 6676 exploit-database #6676 Categories: Advisories 0 Comments \| Comments RSS \| TrackBack URL JSPWiki Multiple Vulnerabilities Posted by Trancer on Jan 15 2008 Security Advisory for JSPWiki versions 2.4.104 (latest stable release), 2.5.139 (latest beta version) and below. Vulnerabilities found: .jsp Local File Inclusion Cross-Site Scripting JSPWiki allow users to upload (attach) files to entry pages. Combined with the LFI vulnerability, an attacker can use the information disclosed by the installation file to upload a malicious .jsp file and locally execute it. By executing malicious server-side code, an attacker may be able to compromise the server. Actually, this is the only published file inclusion vulnerability I’ve ever seen on a Java based web application. Well, there’s more out there :-) PDF version. TXT version. Also on: BID 27785 milw0rm 5112 exploit-database #5112 Categories: Advisories 0 Comments \| Comments RSS \| TrackBack URL MediaWiki Cross-Site Scripting Vulnerabilities Posted by Trancer on Feb 18 2007 Security Advisory for MediaWiki versions: 1.6.x branch before 1.6.10 1.7.x branch before 1.7.3 1.8.x branch before 1.8.4 1.9.x branch before 1.9.3 Vulnerabilities found: Cross-Site Scripting UTF-7 Cross-Site Scripting TXT version. Also on: BID 21956 MediaWiki patch announcement RSnake expand the MediaWiki 1.9.2 UTF-7 XSS exploit Categories: Advisories 0 Comments \| Comments RSS \| TrackBack URL	Categories Advisories Articles Exploitation Exploits LOLz Malware Metasploit Presentations Rec-Sec Security News Tools Vulnerabilities Web Application Security Archives September 2010 March 2010 January 2010 December 2009 November 2009 October 2009 September 2009 August 2009 July 2009 June 2009 May 2009 April 2009 March 2009 February 2009 December 2008 November 2008 October 2008 September 2008 August 2008 January 2008 June 2007 May 2007 April 2007 March 2007 February 2007 Pages About Links Aviv Raff BinaryVision BSDeamon Chris Evans DC9723 Didier Stevens Digital Whisper Exploit Database Exploit KB Extraexploit Julien Tinnes Michal Zalewski NiX IRC Network Nmap NullByte Pankaj Kohli Peter Van Eeckhoutte Piotr Bania rgod SkullSecurity Skypher Tavis Ormandy The Metasploit Project TryThis0ne Uninformed xorl eax, eax Yam Mesicka Meta RSS 2.0 ATOM 1.0 RDF 1.0 Links OPML OpenSearch
W3C Unicorn \| Valid XHTML \| Valid CSS \| RSS \| Comments RSS Copyright © 2007 - 2012 Recognize-Security. Some rights reserved. ~~Security~~ Hacking, However, is an art, not a science.