[SA31678] Novell IDM Cross-Site Scripting and Script Insertion

SecuToolBox : Bluetooth Stack Smasher v0.6 / Bluetooth Stack Smasher v0.8 / Slides Bluetooth Eurosec 2006 / Exposé vidéo Windows Shellcode - Kostya Kortchinsky / Exposé audio Reverse Engineering - Nicolas Brulez / Exposé vidéo Securitech - Pierre Betouin / WEP + Aircrack + Ubiquiti (MadWifi) 300 mW + Yagi / Secure WIFI WPA + EAP-TLS + Freeradius / Audit Windows / Captive Password Windows / USBDumper / USBDumper 2 / Hacking Hardware / WishMaster backdoor / DNS Auditing Tool / Ettercap SSL MITM / Exploit vulnérabilités Windows / Memory Dumper Kernel Hardening / Reverse Engineering / Scapy / SecUbuLIVE CD / Metasploit / eEye Blink Sec Center / eEye Retina Scanner

[Message Precedent sur la mailing][Message Suivant sur la mailing][Precedent dans le fil][Prochain dans le fil][Index par Date][Index par fil] [SA31678] Novell IDM Cross-Site Scripting and Script Insertion

Want a new job? link://[click] link://[click]

TITLE: Novell IDM Cross-Site Scripting and Script Insertion

SECUNIA ADVISORY ID: SA31678

VERIFY ADVISORY: link://[click]

CRITICAL: Moderately critical

IMPACT: Cross Site Scripting

WHERE: From remote SOFTWARE: Novell Identity Manager 3.x link://[click]

DESCRIPTION: Some vulnerabilities have been reported in Novell User Application and Novell Identity Manager Roles Based Provisioning Module, which can be exploited by malicious people to conduct script insertion and cross-site scripting attacks.

1) Input passed via the "rtnaddr" attribute to ForgotPassword.jsf is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

This vulnerability is reported in Identity Manager Roles Based Provisioning Module 3.6.0 and 3.6.1, and User Application 3.5.0 and 3.5.1.

2) Input passed to "Detail Portlet" and "Request & Approval Forms" is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is viewed.

3) Input passed via unspecified parameters to the portal is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

Vulnerabilities #2 and #3 are reported in Identity Manager Roles Based Provisioning Module 3.6.0, and User Application 3.0.1, 3.5.0, and 3.5.1.

SOLUTION: The vendor has issued Field Patches.

link://[click] PROVIDED AND/OR DISCOVERED BY: Reported by the vendor.

ORIGINAL ADVISORY: link://[click] link://[click] link://[click] link://[click] link://[click] link://[click]

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: link://[click]

Definitions: (Criticality, Where etc.) link://[click]

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link.

Secunia NEVER sends attached files with advisories.

Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Precedent par Date: [SA31682] EasyClassifields "go" SQL Injection Vulnerability
Suivant par Date: [SA31661] Brim SQL Injection and Script Insertion Vulnerabilities
Precedent par fil : [SA31682] EasyClassifields "go" SQL Injection Vulnerability
Suivant par fil : [SA31661] Brim SQL Injection and Script Insertion Vulnerabilities
Index(s):
- Date
- Fil

Archives de la liste de diffusion Secunia
Archives de la liste de diffusion BugTraq
Archives de la liste de diffusion DailyDave
Archives de la liste de diffusion FunSec
Archives de la liste de diffusion Full Disclosure
Archives de la liste de diffusion Focus-IDS (FD)
Archives de la liste de diffusion Webappsec (FD)
Archives de la liste de diffusion Security-basics (FD)
Archives de la liste de diffusion Vulndiscuss
Archives de la liste de diffusion Vulnwatch

Les derniers commentaires sur SecuObs :

- More Oracle Pwnage...I Lost Count...New Version Module http://www.secuobs.com/r - Update on the update http://www.secuobs.com/revue/news/49561.shtml - YARA: a malware identification and classification tool http://www.secuobs.com/re - Update from Alexander Sotirov http://www.secuobs.com/revue/news/49201.shtml - VOIP Scanning on the increase http://www.secuobs.com/revue/news/49189.shtml - Creator of ZiPhone iPhone unlock hack calls it quits http://www.secuobs.com/revu - IPv6 Tunnel on Windows XP Using Freenet6 http://www.secuobs.com/revue/news/48645 - RFIDIOt-0.1v.tgz http://www.secuobs.com/revue/news/48665.shtml - VOIPPACK now available! http://www.secuobs.com/revue/news/48725.shtml - Nine Years of Code Cruft: Microsoft?s Hidden Internet Explorer Failures http://w + de commentaires publiés sur SecuObs

Mini-Tagwall des articles publiés sur SecuObs :

sécurité, windows, exploit, microsoft, réseau, attaque, vulnérabilité, système, audit, virus, internet, outil, fonction, présentation, données, linux, bluetooth, vista, shell, gestion, metasploit, wishmaster, trames, protocol, sysun, fonctions, paquets, téléphone, engineering + de mots clés avec l'annuaire des articles publiés sur SecuObs

Archives Failles Secunia :

- SA33400 Fedora update for am-utils - SA33419 Fedora update for xterm - SA32648 TSC2 Help Desk CTab ActiveX Control Caption List Buffer Overflow - SA32609 ComponentOne SizerOne CTab ActiveX Control Caption List Buffer Overflow - SA33342 vBulletin Personal Sticky Threads Add-on Security Bypass Vulnerability + d'archives failles avec Secunia et SecuMail

Archives Mailing Full Disclosure :

- Full-disclosure Do you use nepenthes? - Full-disclosure The war in Palestine && Pointless noise. - Full-disclosure MDVSA-2009:001 openssl - Re: Full-disclosure Full-Disclosure wouldn't let me post this message - Re: Full-disclosure The war in Palestine + d'archives Full Disclosure avec SecuMail

Archives Mailing Bugtraq :

- AST-2009-001: Information leak in IAX2 authentication - LayerOne 2009 Call for Papers - USN-705-1 NTP vulnerability - Re: IBM Datapower XS40 Denial of Service - CORE-2008-1128: Openfire multiple vulnerabilities + d'archives Bugtraq avec SecuMail

Mini-Tagwall de l'annuaire video :

virus, spyware, vmware, firmware, biometric, lockpicking, wimax, password, spammer, malware, kernel, windows, iphone, symantec, phish, adware, knoppix, security, botnet, linux, tutorial, cryptography, internet, attack, wireshark, server, virtual, metasploit, intel, openbsd, protect, jailbreak, hitbsecconf2006, rootkit, norton, ubuntu, exploit, samsung, ettercap, hijackthis, interview, screen, vista, fingerprint, flash + de mots clés avec l'annuaire des videos

Mini-Tagwall des articles de la revue de presse :

security, microsoft, windows, vulnérabilité, network, google, vulnerability, hacker, attack, inject, remote, mobile, server, exploit, apple, internet, iphone, black, yahoo, sécurité, malware, vista, intel, patch, crypt, drive, access, protect, virtual, laptop, linux, source, biometric, research, ebook, business, virus, office, phish, adobe, chine, facebook, opera, flash, wireless + de mots clés avec l'annuaire de la revue de presse