|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Secunia Security Advisories (sec-adv
secunia.com)
Date: Tue Feb 05 2008 - 10:17:04 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
----------------------------------------------------------------------
A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI
has been released. The new version includes many new and advanced
features, which makes it even easier to stay patched.
Download and test it today:
https://psi.secunia.com/
Read more about this new version:
https://psi.secunia.com/?page=changelog
----------------------------------------------------------------------
TITLE:
Textpattern Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA28793
VERIFY ADVISORY:
http://secunia.com/advisories/28793/
CRITICAL:
Less critical
IMPACT:
Cross Site Scripting, Exposure of system information, Exposure of
sensitive information
WHERE:
From remote
SOFTWARE:
Textpattern 4.x
http://secunia.com/product/17462/
DESCRIPTION:
Some vulnerabilities have been reported in Textpattern, which can be
exploited by malicious users to disclose sensitive information or
conduct script insertion attacks, and by malicious people to conduct
cross-site scripting attacks.
1) Input passed to an unspecified parameter in textpattern/index.php
is not properly verified before being used to include files. This can
be exploited to include arbitrary files from local resources.
Successful exploitation requires publisher privileges.
2) Input passed as the "Body" parameter in textarea/index.php when
the "event" parameter is set to "article" ("Write" page in admin
console) is not properly sanitised before being used. This can be
exploited to insert arbitrary HTML and script code, which will be
executed in a user's browser session in context of an affected site
when a malicious article is viewed.
Successful exploitation requires publisher privileges.
3) Input passed as the comment name is not properly sanitised in
comment previews. This can be exploited to execute arbitrary HTML and
script code in a user's browser session in context of an affected
site.
Other issues e.g. changing a password does not require the old
password and a parameter value overflow in textarea/index.php have
also been reported.
The vulnerabilities are reported in version 4.0.5. Prior versions may
also be affected.
SOLUTION:
Update to version 4.0.6.
http://textpattern.com/download/
NOTE: This does not fix vulnerability #2.
Edit the source code to ensure that input is properly sanitised.
PROVIDED AND/OR DISCOVERED BY:
1) The vendor credits DSecRG and Victor.
2, 3) Alexandr Polyakov and Stas Svistunovich, Digital Security
Research Group
ORIGINAL ADVISORY:
http://www.textpattern.com/weblog/310/textpattern-406-released
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
----------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]