|
Drupal Cross-Site Request Forgery and Security Bypass |
|
Written by Administrator
|
|
Thursday, 14 August 2008 |
Two vulnerabilities have been reported in Drupal, which can be exploited by malicious users to bypass certain security restrictions, and by malicious people to conduct cross-site request forgeries.
A vulnerability is caused due to the application allowing users to perform certain actions via HTTP requests without performing any validity checks to verify the request. This can be exploited to submit cached forms and forms containing AHAH elements and upload files, by enticing a logged-in user to visit a malicious web page. |
|
Read more...
|
|
|
Drupal Multiple Vulnerabilities |
|
Written by Administrator
|
|
Thursday, 14 August 2008 |
Some vulnerabilities have been reported in Drupal, which can be exploited by malicious users to conduct script insertion attacks and compromise a vulnerable system, and by malicious people to conduct cross-site scripting and cross-site request forgery attacks.
|
|
Read more...
|
|
|
Internet Explorer MHTML Protocol Handler Cross-Domain Information Disclosure |
|
Written by Administrator
|
|
Thursday, 14 August 2008 |
A vulnerability has been reported in Internet Explorer, which can be exploited by malicious people to gain knowledge of sensitive information.
The vulnerability is caused due to an error in the MHTML protocol handler when interpreting MHTML URI redirections. This can be exploited to bypass Internet Explorer domain restrictions when returning MHTML content via a specially crafted web page. |
|
Last Updated ( Friday, 15 August 2008 )
|
|
Read more...
|
|
|
[GCERT-042008] Kelemahan pada aplikasi Joomla! 1.5.x - Administrator Remote Password Reset |
|
Written by Administrator
|
|
Thursday, 14 August 2008 |
GCERT telah menerima makluman bahawa terdapat kelemahan pada aplikasi Joomla! versi 1.5.x yang digunakan oleh beberapa laman web agensi kerajaan yang terdedah kepada ancaman password reset bagi akaun Administrator secara jarak jauh.
Kelemahan tersebut akan membolehkan kata laluan bagi 'Administrator' diubah dan seterusnya membolehkan penceroboh menukar maklumat yang terdapat pada laman web berkenaan. Penceroboh juga berupaya untuk memasukkan backdoor ke server berkenaan dan seterusnya mendapat kawalan penuh terhadap server web tersebut. |
|
Last Updated ( Thursday, 14 August 2008 )
|
|
Read more...
|
|
|
Joomla "token" Password Change Vulnerability |
|
Written by Administrator
|
|
Wednesday, 13 August 2008 |
d3m0n has reported a vulnerability in Joomla!, which can be exploited by malicious people to bypass certain security restrictions and manipulate data.
The vulnerability is caused due to improper access restriction in components/com_user/models/reset.php. This can be exploited to bypass the authentication mechanism and change the password of the user with the lowest ID (typically the administrator), without having valid user credentials.
|
|
Read more...
|
|
|
Microsoft Office Excel Multiple Vulnerabilities |
|
Written by Administrator
|
|
Wednesday, 13 August 2008 |
|
Multiple vulnerabilities have been reported in Microsoft Excel, which can be exploited by malicious people to gain knowledge of sensitive information or compromise a user's system. |
|
Last Updated ( Friday, 15 August 2008 )
|
|
Read more...
|
|
|
|
