[SA23169] Online-Bookmarks Multiple Vulnerabilities

SecuToolBox : Bluetooth Stack Smasher v0.6 / Bluetooth Stack Smasher v0.8 / Slides Bluetooth Eurosec 2006 / Exposé vidéo Windows Shellcode - Kostya Kortchinsky / Exposé audio Reverse Engineering - Nicolas Brulez / Exposé vidéo Securitech - Pierre Betouin / WEP + Aircrack + Ubiquiti (MadWifi) 530 mW + Yagi / Secure WIFI WPA + EAP-TLS + Freeradius / Audit Windows / Captive Password Windows / USBDumper / USBDumper 2 / Hacking Hardware / WishMaster backdoor / DNS Auditing Tool / Ettercap SSL MITM / Exploit vulnérabilités Windows / Memory Dumper Kernel Hardening / Reverse Engineering / Scapy / SecUbuLIVE CD / Metasploit / eEye Blink Sec Center / eEye Retina Scanner

[Message Precedent sur la mailing][Message Suivant sur la mailing][Precedent dans le fil][Prochain dans le fil][Index par Date][Index par fil] [SA23169] Online-Bookmarks Multiple Vulnerabilities

To improve our services to our customers, we have made a number of additions to the Secunia Advisories and have started translating the advisories to German.

The improvements will help our customers to get a better understanding of how we reached our conclusions, how it was rated, our thoughts on exploitation, attack vectors, and scenarios.

This includes: * Reason for rating * Extended description * Extended solution * Exploit code or links to exploit code * Deep links Read the full description: link://[click] Contact Secunia Sales for more information: link://[click]

TITLE: Online-Bookmarks Multiple Vulnerabilities

SECUNIA ADVISORY ID: SA23169

VERIFY ADVISORY: link://[click]

CRITICAL: Moderately critical

IMPACT: Cross Site Scripting, Manipulation of data

WHERE: From remote SOFTWARE: Online-Bookmarks 0.x link://[click]

DESCRIPTION: Some vulnerabilities have been reported in Online-Bookmarks, which can be exploited by malicious people to conduct SQL injection and cross-site scripting attacks.

1) Input passed to the "username" and "password" parameter is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

2) Input passed to unspecified parameters is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerabilities are reported in version 0.6.12. Other versions may also be affected.

SOLUTION: Edit the source code to ensure that input is properly sanitised.

PROVIDED AND/OR DISCOVERED BY: Vigilon

ORIGINAL ADVISORY: link://[click]

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: link://[click]

Definitions: (Criticality, Where etc.) link://[click]

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link.

Secunia NEVER sends attached files with advisories.

Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Precedent par Date: [SA23116] cPanel Multiple Cross-Site Scripting Vulnerabilities
Suivant par Date: [SA23185] JustSystems Multiple Products Buffer Overflow Vulnerability
Precedent par fil : [SA23116] cPanel Multiple Cross-Site Scripting Vulnerabilities
Suivant par fil : [SA23185] JustSystems Multiple Products Buffer Overflow Vulnerability
Index(s):
- Date
- Fil

Archives de la liste de diffusion Secunia
Archives de la liste de diffusion BugTraq
Archives de la liste de diffusion DailyDave
Archives de la liste de diffusion FunSec
Archives de la liste de diffusion Full Disclosure
Archives de la liste de diffusion Focus-IDS (FD)
Archives de la liste de diffusion Webappsec (FD)
Archives de la liste de diffusion Security-basics (FD)
Archives de la liste de diffusion Vulndiscuss
Archives de la liste de diffusion Vulnwatch

Mini-Tagwall des articles publiés sur SecuObs :

sécurité, windows, exploit, réseau, vulnérabilité, système, attaque, microsoft, virus, audit, internet, présentation, fonction, données, linux, outil, bluetooth, shell, gestion, vista, trames, wishmaster, sysun, paquets, metasploit, téléphone, engineering, fonctions + de mots clés avec l'annuaire des articles publiés sur SecuObs

Archives Failles Secunia :

- SA32774 Citrix XenServer Ext2/Ext3 Processing Security Bypass Vulnerability - SA32761 No-IP Linux Dynamic Update Client Buffer Overflow Vulnerability - SA32778 Ubuntu update for firefox, firefox-3.0, and xulrunner-1.9 - SA32659 E-topbiz Link Back Checker auth Cookie Security Bypass - SA32745 Free Directory Script API_HOME_DIR File Inclusion Vulnerability + d'archives failles avec Secunia et SecuMail

Archives Mailing Full Disclosure :

- Re: Full-disclosure Fwd: Three London hospitals have been forced to shut down their entire computer systems for at least 24 hours after being hit by a virus - Re: Full-disclosure Fredrick Diggle Security is looking for a few good men (or mediocre women) - Re: Full-disclosure Fwd: Three London hospitals have been forced to shut down their entire computer systems for at least 24 hours after being hit by a virus - Re: Full-disclosure Fwd: Three London hospitals have been forced to shut down their entire computer systems for at least 24 hours after being hit by a virus - Full-disclosure MDVSA-2008:220-1 kernel + d'archives Full Disclosure avec SecuMail

Archives Mailing Bugtraq :

- MDVSA-2008:220-1 kernel - Re: Re: Re: Re: Opera 9.6x file:// overflow - Re: MDVSA-2008:232 dovecot - Re: Re: Re: Re: Opera 9.6x file:// overflow - MDVSA-2008:232 dovecot + d'archives Bugtraq avec SecuMail

Mini-Tagwall de l'annuaire video :

virus, spyware, vmware, firmware, biometric, lockpicking, wimax, password, kernel, malware, spammer, windows, iphone, symantec, phish, knoppix, adware, security, botnet, linux, tutorial, cryptography, internet, attack, wireshark, server, virtual, metasploit, intel, openbsd, hitbsecconf2006, protect, jailbreak, norton, ubuntu, rootkit, exploit, samsung, hijackthis, screen, ettercap, fingerprint, vista, flash, drive + de mots clés avec l'annuaire des videos

Mini-Tagwall des articles de la revue de presse :

security, microsoft, windows, vulnérabilité, network, google, vulnerability, hacker, attack, inject, remote, mobile, server, exploit, apple, internet, iphone, black, yahoo, sécurité, malware, vista, intel, patch, crypt, drive, access, protect, virtual, laptop, linux, source, biometric, research, ebook, business, virus, office, phish, adobe, chine, facebook, opera, flash, wireless + de mots clés avec l'annuaire de la revue de presse