In May 2014, VSR identified a vulnerability in versions 7.0 and 7.1 of the iOS SDK whereby the NSXMLParser class, resolves XML External Entities by default despite documentation which indicates otherwise. In addition, settings to change the behavior of XML External Entity resolution appears to be non-functional. This vulnerability, commonly known as XXE (XML eXternal Entities) attacks could allow for an attacker's ability to use the XML parser to carry out attacks ranging from network port scanning, information disclosure, denial of service, and potentially to carry out remote file retrieval. Further review also revealed that the Foundation Framework used in OS X 10.9.x is also vulnerable.
af1807dc188fc9b6e13cebb3ebe39700f51b071e81849be0f02375f2c6778418In February 2013, VSR identified a vulnerability in the IBM WebSphere Commerce framework which could allow an attacker to tamper with values stored in the "krypto" URL parameter. This parameter is encrypted with a block cipher without any independent integrity protection. This, combined with observed application behavior, allows for padding oracle attacks which can be used to decrypt the krypto token and forge new tokens with arbitrary embedded parameters.
5998d6a975a57dc3921286cababdc5aa780a65141183d9726f3d8938c1392707The Citrix Access Gateway provides support for multiple authentication types. When utilizing the external legacy NTLM authentication module known as ntlm_authenticator the Access Gateway spawns the Samba 'samedit' command line utility to verify a user's identity and password. By embedding shell metacharacters in the web authentication form it is possible to execute arbitrary commands on the Access Gateway.
67ee0d90c122f14d2d05bf0be45df498f4d30d47f4fb4d085869433a4c230eb3Citrix Access Gateway Command Injection Enterprise Edition up to 9.2-49.8 and Standard and Advanced Editions prior to 5.0 suffer from a remote command injection vulnerability.
cc70050cfc786f1a1df78cc3270117077f714bea62b7947328a95fd0f7ef906aVirtual Security Research, LLC. Security Advisory - Over the last several years, VSR analysts had observed unusual behavior in multiple WebLogic deployments when certain special characters were URL encoded and appended to URLs. In late April, 2010 VSR began researching this more in depth and found that the issue could allow for HTTP header injection and HTTP request smuggling attacks.
5d7636d4025d8667dd9edaf1762d3650f321ba8bf02999b83dd50d2261a56effVirtual Security Research, LLC. Security Advisory - VSR identified multiple weaknesses in the Cisco CSS 11500's handling of HTTP header interpretation and client-side SSL certificates.
a326af05d494ce329e501c8d31cb88ef5241ca54732e93cb94798f317f50e528For each HTTP request the Cisco PIX or other Cisco device forwards individual packets to Websense to determine whether or not the request should be permitted. However, when splitting the HTTP request into two or more packets on the HTTP method it is possible to circumvent the filtering mechanism. Affected versions are Websense 5.5.2, Cisco PIX OS / ASA versions below 7.0.4.12, Cisco PIX OS versions below 6.3.6(112), FWSM 2.3.x, and FWSM 3.x.
8aeae261f2d8b33cb7f16363b89f38beceb4080fce9a0d8b8fc55851a9705816
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed