Search

See Resources

@RISK Newsletter for December 22, 2011 The Consensus Security Vulnerability Alert

This is a weekly newsletter that provides in-depth analysis of the latest vulnerabilities with straightforward remediation advice. Qualys supplies a large part of the newly-discovered vulnerability content used in this newsletter.


@RISK: The Consensus Security Vulnerability Alert
Vol. 11, Num. 52

Providing a reliable, weekly summary of newly discovered attack vectors, vulnerabilities with active exploits, and explanations of how recent attacks worked.

Archived issues may be found at https://www.qualys.com/research/sans-at-risk/


Summary of Updates and Vulnerabilities in this Consensus

Platform Number of Updates and Vulnerabilities
— | —
Windows 0 (#1)
Third Party Windows Apps | 4
Linux 2
Aix 1
Cross Platform 8 (#2,#3,#4)
Web Application - Cross Site Scripting 2
Web Application - SQL Injection 1
Web Application 8


Part I – Critical Vulnerabilities from TippingPoint (www.tippingpoint.com)

Widely Deployed Software
(1) HIGH: Microsoft Windows 7 win32k.sys Memory Corruption Vulnerability
(2) HIGH: Adobe Reader Memory Corruption Vulnerability
(3) HIGH: Mozilla Firefox Multiple Security Vulnerabilities
(4) MEDIUM: Google Chrome Stable Channel Updates


Part II – Comprehensive List of Newly Discovered Vulnerabilities from Qualys

(www.qualys.com)

Third Party Windows Apps

11.52.1 - FFFTP Insecure Executable File Loading Arbitrary Code Execution
11.52.2 - RSA SecurID Software Token DLL Loading Arbitrary Code Execution
11.52.3 - Invensys Wonderware inBatch BatchField ActiveX Control Multiple Buffer Overflow Vulnerabilities
11.52.4 - IrfanView TIFF Image File Remote Heap-Based Buffer Overflow

Linux

11.52.5 - Ubuntu Nova Image Registration Arbitrary Input Validation
11.52.6 - abrt Information Disclosure

Aix

11.52.7 - IBM AIX Inventory Scout Code Symbolic Link and Arbitrary File Deletion Vulnerability

Cross Platform

11.52.8 - IBM Tivoli Federated Identity Manager SAML Signature Validation Security Bypass
11.52.9 - Pidgin Jingle Extension XMPP Protocol Denial of Service Vulnerabilities
11.52.10 - Adobe Acrobat and Reader Memory Corruption
11.52.11 - SecCommerce SecSigner Java Applet Arbitrary File Upload
11.52.12 - Unbound Multiple Denial of Service Vulnerabilities
11.52.13 - Virtualenv Insecure Temporary File Creation
11.52.14 - Enterasys Network Management Suite “nssyslogd.exe” Component Stack Buffer Overflow
11.52.15 - Mozilla Firefox and Thunderbird Remote Code Execution

Web Application - Cross Site Scripting

11.52.16 - JBoss Operations Network Multiple Cross-Site Scripting Vulnerabilities
11.52.17 - phpMyAdmin Multiple Cross-Site Scripting Vulnerabilities

Web Application - SQL Injection

11.52.18 - mnoGoSearch Unspecified SQL Injection

Web Application

11.52.19 - Perl HTML::Template::Pro Module Cross-Site Scripting
11.52.20 - Cacti Multiple Input Validation Vulnerabilities
11.52.21 - Splunk Cross-Site Scripting and Cross-Site Request Forgery Vulnerabilities
11.52.22 - Browser CRM Multiple SQL Injection and Cross-Site Scripting Vulnerabilities
11.52.23 - Owl Intranet Engine “userid” Parameter Authentication Bypass
11.52.24 - TYPO3 “BACK_PATH” Parameter Local File Include
11.52.25 - PHPShop CMS Multiple Cross-Site Scripting and SQL Injection Vulnerabilities
11.52.26 - Tiki Wiki CMS Groupware “show_errors” Parameter HTML Injection


PART I Critical Vulnerabilities

Part I for this issue has been compiled by Josh Bronson at TippingPoint,
a division of HP, as a by-product of that company’s continuous effort
to ensure that its intrusion prevention products effectively block
exploits using known vulnerabilities. TippingPoint’s analysis is
complemented by input from a council of security managers from twelve
large organizations who confidentially share with SANS the specific
actions they have taken to protect their systems. A detailed description
of the process may be found at
http://www.sans.org/newsletters/risk/#process


(1) HIGH: Microsoft Windows 7 win32k.sys Memory Corruption Vulnerability

Affected:
Microsoft Windows 7 64-bit (and possibly previous versions)

Description: Windows 7 is reportedly vulnerable to an unspecified and
unpatched vulnerability that can be used to execute arbitrary code with
kernel-mode privileges. The publicly available attack vector involves
enticing a target to view a malicious page with Apple Safari on a
Windows 7 machine. The vulnerability can reportedly be triggered by a
page that contains an overlong “height” element in an IFRAME element.

Status: vendor confirmed, updates available

References:
Vendor Site
http://www.microsoft.com
JC3-CIRC Security Bulletin
http://circ.jc3.doe.gov/bulletins/u-065.shtml
SecurityFocus BugTraq ID
http://www.securityfocus.com/bid/51122


(2) HIGH: Adobe Reader Memory Corruption Vulnerability

Affected:
Adobe Reader 9.4.6 and earlier
Adobe Reader X

Description: Adobe has reported that an unspecified memory corruption
vulnerability in its Reader PDF viewer is being actively exploited in
the wild. Adobe has released a patch for Reader 9.x that addresses this
vulnerability, but Adobe is planning to wait until January 10th to
release a patch for Reader X. Adobe reports that its Reader X Protected
Mode, a security feature designed to limit the capabilities of malicious
documents, will already prevent the attack from executing arbitrary
code. By enticing a target to view a malicious document in a vulnerable
version of Reader, an attacker can exploit this vulnerability in order
to execute arbitrary code on the target’s machine.

Status: vendor confirmed, updates available

References:
Vendor Site
http://www.adobe.com
Adobe Security Bulletin
http://www.adobe.com/support/security/bulletins/apsb11-30.html
SecurityFocus BugTraq ID
http://www.securityfocus.com/bid/51092


(3) HIGH: Mozilla Firefox Multiple Security Vulnerabilities

Affected:
Firefox 8.x

Description: Mozilla has released patches for multiple security
vulnerabilities affecting its Firefox web browser. The vulnerabilities
include unspecified memory corruptions, an unspecified crash caused by
faulty regular expression handling in the YARR library, and a memory
corruption vulnerability within Mozilla’s SVG implementation that can
be triggered within the DOMAttrModified event handle. It is likely that
some of these vulnerabilities could be exploited in order to execute
code on a target’s machine. To do so, an attacker would have to entice
a target to view a malicious web page.

Status: vendor confirmed, updates available

References:
Vendor Site
http://www.mozilla.org
Mozilla Firefox Security Bulletins
http://www.mozilla.org/security/announce/2011/mfsa2011-53.html
http://www.mozilla.org/security/announce/2011/mfsa2011-54.html
http://www.mozilla.org/security/announce/2011/mfsa2011-55.html
http://www.mozilla.org/security/announce/2011/mfsa2011-56.html
http://www.mozilla.org/security/announce/2011/mfsa2011-57.html
http://www.mozilla.org/security/announce/2011/mfsa2011-58.html
SecurityFocus BugTraq ID
http://www.securityfocus.com/bid/51138
http://www.securityfocus.com/bid/51133
http://www.securityfocus.com/bid/51134
http://www.securityfocus.com/bid/51135
http://www.securityfocus.com/bid/51136
http://www.securityfocus.com/bid/51137


(4) MEDIUM: Google Chrome Stable Channel Updates

Affected:
Google Chrome versions prior to 16.0.912.63

Description: Google has released patches for multiple security
vulnerabilities affecting its Chrome web browser. The vulnerabilities
include a use-after-free vulnerabilities in SVG filters and range
handling, an out-of-bounds write in v8 i18n handling, a buffer overflow
in PDF font handling, and a use-after-free in bidi handling. Although
the details of these vulnerabilities are unspecified, it is likely that
some of them can be exploited for code execution. To do so, an attacker
would have to entice a target to view a malicious page with a vulnerable
version of Google Chrome.

Status: vendor confirmed, updates available

References:
Vendor Site
http://www.google.com
Google Chrome Stable Channel Updates
http://googlechromereleases.blogspot.com/2011/12/stable-channel-update.html
SecurityFocus BugTraq ID
http://www.securityfocus.com/bid/51041/


Part II – Comprehensive List of Newly Discovered Vulnerabilities from

Qualys (www.qualys.com)

This list is compiled by Qualys (www.qualys.com) as part of that
company’s ongoing effort to ensure its vulnerability management web
service tests for all known vulnerabilities that can be scanned. As of
this week Qualys scans for 12841 unique vulnerabilities. For this
special SANS community listing, Qualys also includes vulnerabilities
that cannot be scanned remotely.


11.52.1 CVE: CVE-2011-4266

Platform: Third Party Windows Apps
Title: FFFTP Insecure Executable File Loading Arbitrary Code Execution
Description: FFFTP is an FTP client for Microsoft Windows. The
application is exposed to an issue that lets attackers execute
arbitrary code. The issue arises because the application loads an
executable file (“README.exe”) in an insecure manner.
FFFTP versions prior to 1.98d are vulnerable.
Ref: http://sourceforge.jp/projects/ffftp/wiki/Security
http://jvn.jp/en/jp/JVN94002296/index.html
http://www.securityfocus.com/bid/51063/references


11.52.2 CVE: CVE-2011-4141

Platform: Third Party Windows Apps
Title: RSA SecurID Software Token DLL Loading Arbitrary Code Execution
Description: RSA SecurID Software Token is a commercial product that
provides local and remote authentication to prevent unauthorized
access to resources on a host. The application is exposed to an issue
that lets attackers execute arbitrary code. The issue arises because
the application searches for an unspecified Dynamic Link Library file
in the current working directory. RSA SecurID Software Token
4.1 for Microsoft Windows is vulnerable.
Ref: http://www.securityfocus.com/archive/1/520878
http://www.securityfocus.com/bid/51073/references


11.52.3 CVE: Not Available

Platform: Third Party Windows Apps
Title: Invensys Wonderware inBatch BatchField ActiveX Control Multiple
Buffer Overflow Vulnerabilities
Description: Invensys Wonderware InTouch is a SCADA system interface
for Windows. Invensys Wonderware inBatch is exposed to multiple remote
stack-based buffer overflow issues. These issues occur because the
application fails to perform adequate boundary checks when handling
data passed to the “GUIControls”, “BatchObjSrv” and “BatchSecCtrl”
ActiveX controls. Invensys Wonderware InBatch version 8.1, 9.0, 9.0
SP1, 9.0 SP2 and 9.5 are affected.
Ref: http://www.us-cert.gov/control_systems/pdf/ICSA-11-332-01.pdf
http://www.securityfocus.com/bid/51129/references


11.52.4 CVE: Not Available

Platform: Third Party Windows Apps
Title: IrfanView TIFF Image File Remote Heap-Based Buffer Overflow
Description: IrfanView is an image viewer that supports multiple file
formats. The application is exposed to a remote heap-based buffer
overflow issue because it fails to properly bounds check user-supplied
input before copying it to an insufficiently sized memory buffer.
Specifically, a heap-based overflow can occur when parsing a specially
crafted TIFF image file. IrfanView 4.30 is vulnerable and other
versions may also be affected.
Ref: http://www.irfanview.com/main_history.htm
http://www.securityfocus.com/bid/51132/references


11.52.5 CVE: CVE-2011-4596

Platform: Linux
Title: Ubuntu Nova Image Registration Arbitrary Input Validation
Description: Nova is an Ubuntu component for OpenStack Compute cloud
infrastructure. Nova is exposed to an input validation issue that lets
attackers overwrite arbitrary files. This issue occurs because Nova
fails to validate input during image registration. Attackers can
register a crafted image by applying the “EC2 API” or “S3/RegisterImage”
method and overwrite files as a Nova user. Ubuntu 11.10 is affected.
Ref: http://www.ubuntu.com/usn/usn-1305-1/
http://www.securityfocus.com/bid/51047/references


11.52.6 CVE: CVE-2011-4088

Platform: Linux
Title: abrt Information Disclosure
Description: abrt is an automated bug reporting tool. The application
is exposed to an information disclosure issue. An attacker can exploit
this issue to leak sensitive information when reporting on crashes.
abrt 2.0.6 is vulnerable and other versions may also be affected.
Ref: http://www.securityfocus.com/bid/51100/references
https://bugzilla.redhat.com/show_bug.cgi?id=749854


11.52.7 CVE: CVE-2011-1384

Platform: Aix
Title: IBM AIX Inventory Scout Code Symbolic Link and Arbitrary File
Deletion Vulnerability
Description: IBM AIX is exposed to a symbolic link issue and an arbitrary
file deletion issue in the inventory scout code. See reference for detailed
information. AIX 5.3, 6.1, 7.1 and earlier releases are affected.
Ref:
http://aix.software.ibm.com/aix/efixes/security/invscout_advisory2.asc
http://www.securityfocus.com/bid/51059/references


11.52.8 CVE: CVE-2011-1386

Platform: Cross Platform
Title: IBM Tivoli Federated Identity Manager SAML Signature Validation
Security Bypass
Description: IBM Tivoli Federated Identity Manager and IBM Tivoli
Federated Identity Manager Business Gateway are single sign-on
management applications. The applications are exposed to a
security bypass issue. This issue occurs when validating SAML
signatures. Tivoli Federated Identity Manager and Tivoli Federated
Identity Manager Business Gateway versions 6.2.1.x prior to 6.2.1.2,
6.2.0.x prior to 6.2.0.10, 6.1.1.x prior to 6.1.1.12 are affected.
Ref: http://www-01.ibm.com/support/docview.wss?uid=swg21575309
http://xforce.iss.net/xforce/xfdb/71686
http://www.securityfocus.com/bid/51064/references


11.52.9 CVE: CVE-2011-4602

Platform: Cross Platform
Title: Pidgin Jingle Extension XMPP Protocol Denial of Service
Vulnerabilities
Description: Pidgin is a multi-platform instant messaging client that
supports multiple messaging protocols. The application is exposed to
multiple denial of service issues due to a NULL pointer dereference
condition in the Jingle extension included in the Extensible Message
and Presence Protocol plugin. Pidgin versions prior to 2.10.1
are affected.
Ref: http://pidgin.im/news/security/?id=58
http://www.securityfocus.com/bid/51070/references


11.52.10 CVE: CVE-2011-4369

Platform: Cross Platform
Title: Adobe Acrobat and Reader Memory Corruption
Description: Adobe Reader and Acrobat are applications for handling
PDF files. Adobe Acrobat and Reader are exposed to a memory corruption
issue. See reference for detailed information. Adobe Reader X (10.1.1)
and earlier 10.x versions, Adobe Reader 9.4.6 and earlier 9.x
versions, Adobe Acrobat X (10.1.1) and earlier 10.x versions, Adobe
Acrobat 9.4.6 and earlier 9.x versions are affected.
Ref: http://www.adobe.com/support/security/bulletins/apsb11-30.html


11.52.11 CVE: Not Available

Platform: Cross Platform
Title: SecCommerce SecSigner Java Applet Arbitrary File Upload
Description: SecCommerce SecSigner is a Java applet that creates and
appends digital signatures to files. The component is exposed to an
issue that lets attackers upload arbitrary files. This issue occurs
because the SecSigner applet uses the file “secsigner.properties” to
configure certain settings in the applet. Specifically when the
“seccommerce.resource.localcopy” variable is set to “on” it is possible
to upload files to arbitrary locations on the affected computer.
SecSigner 3.5.0 is vulnerable and other versions may also be affected.
Ref: http://www.securityfocus.com/archive/1/520936
http://www.securityfocus.com/bid/51112/references


11.52.12 CVE: CVE-2011-4528

Platform: Cross Platform
Title: Unbound Multiple Denial of Service Vulnerabilities
Description: Unbound is a validating, recursive and caching DNS
resolver. The application is exposed to multiple remote denial of
service issues. A denial of service issue occurs due to a memory
allocation error when processing certain RRs (Resource Records).
Specifically, an attacker can cause the application to crash by sending
signed duplicate redirecting RRs. A denial of service issue occurs due
to an error when processing certain responses for NSEC3-signed zones.
Versions prior to Unbound 1.4.14 or 1.4.13p2 are vulnerable.
Ref: http://unbound.nlnetlabs.nl/downloads/CVE-2011-4528.txt
http://www.securityfocus.com/bid/51115/references


11.52.13 CVE: CVE-2011-4617

Platform: Cross Platform
Title: Virtualenv Insecure Temporary File Creation
Description: Virtualenv is a tool for creating isolated Python
environments. The application is exposed to an insecure temporary
file creation issue. This issue occurs because the program
creates temporary files in the “/tmp” directory with predictable
filenames. Virtualenv 0 is affected.
Ref: https://bitbucket.org/ianb/virtualenv/changeset/8be37c509fe5
http://www.securityfocus.com/bid/51120/references


11.52.14 CVE: Not Available

Platform: Cross Platform
Title: Enterasys Network Management Suite “nssyslogd.exe” Component
Stack Buffer Overflow
Description: Network Management Suite is a centralized
visibility and control management application. The application is
exposed to a stack-based buffer overflow issue because it fails to
perform adequate boundary checks on user-supplied data before copying
it to an insufficiently sized buffer. Specifically, this issue occurs
in the “nssyslogd.exe” component which listens by default on UDP port
514, when handling a specially-crafted “PRIO” field of the syslog
message. Versions prior to Network Management Suite 4.1.0.80 are
vulnerable.
Ref: http://www.securityfocus.com/bid/51124/references
https://cp-enterasys.kb.net/al/12/3/article.aspx?aid=14206&bt=4


11.52.15 CVE: CVE-2011-3666

Platform: Cross Platform
Title: Mozilla Firefox and Thunderbird Remote Code Execution
Description: Firefox is a browser. Thunderbird is an email client. The
applications are exposed to a remote code execution issue when
handling “.jar” files. Specifically, this issue occurs because Firefox
and Thunderbird treat “.jar” files as fully functional applications
rather than as Java Applets. Firefox versions prior to 3.6.25 and
Thunderbird versions prior to 3.1.17 are affected.
Ref: http://www.mozilla.org/security/announce/2011/mfsa2011-59.html
http://www.securityfocus.com/bid/51139/references


11.52.16 CVE: CVE-2011-3206

Platform: Web Application - Cross Site Scripting
Title: JBoss Operations Network Multiple Cross-Site Scripting
Vulnerabilities
Description: JBoss Operations Network provides solutions for managing
JBoss Enterprise Middleware, applications and services. The
application is exposed to multiple cross-site scripting issues because
it fails to sufficiently sanitize unspecified user-supplied input.
Specifically, these issues affect the administration
interface. JBoss Operations Network 2.4.1 is vulnerable and other
versions may also be affected.
Ref: https://bugzilla.redhat.com/show_bug.cgi?id=734662
http://www.securityfocus.com/bid/51095/references


11.52.17 CVE: CVE-2011-4634

Platform: Web Application - Cross Site Scripting
Title: phpMyAdmin Multiple Cross-Site Scripting Vulnerabilities
Description: phpMyAdmin is a web-based administration interface for
mySQL databases. It is implemented in PHP. The application is exposed
to multiple cross-site scripting issues because it fails to properly
sanitize user-supplied input submitted to crafted database names, SQL
queries or column types. phpMyAdmin versions prior to 3.4.8 are
vulnerable.
Ref: http://www.phpmyadmin.net/home_page/security/PMASA-2011-18.php


11.52.18 CVE: Not Available

Platform: Web Application - SQL Injection
Title: mnoGoSearch Unspecified SQL Injection
Description: mnoGoSearch is multiplatform search engine software for
intranet and Internet servers. The application is exposed to an
unspecified SQL injection issue because it fails to sufficiently
sanitize user-supplied data before using it in an SQL query. Versions
prior to mnoGoSearch 3.3.12 are vulnerable.
Ref:
http://www.mnogosearch.org/doc33/msearch-changelog.html#changelog-3-3-12
http://www.securityfocus.com/bid/51113/references


11.52.19 CVE: CVE-2011-4616

Platform: Web Application
Title: Perl HTML::Template::Pro Module Cross-Site Scripting
Description: The Perl HTML::Template::Pro module is for using HTML
templates from CGI scripts. The module is exposed to a cross-site
scripting issue because it fails to properly sanitize user-supplied
input submitted to the template parameters. Versions prior to
HTML: :Template::Pro 0.9507 are vulnerable.
Ref: http://cpansearch.perl.org/src/VIY/HTML-Template-Pro-0.9507/Changes
http://www.securityfocus.com/bid/51117/references


11.52.20 CVE: Not Available

Platform: Web Application
Title: Cacti Multiple Input Validation Vulnerabilities
Description: Cacti is a frontend for RRDTool. It is implemented in PHP
and uses an SQL backend database. The application is exposed to
multiple security issues. Multiple cross-site scripting issues
exist in the “default_height” and “default_width” parameters of the
“graph_settings.php” script. A cross-site request forgery issue
exists because the application does not properly validate HTTP
requests. Specifically, it allows attackers to add and delete galleries
through specially crafted links. An HTML injection issue exists in
the “num_columns” parameter of the “graph_settings.php” script.
Versions prior to Cacti 0.8.7i are vulnerable.
Ref: http://forums.cacti.net/viewtopic.php?f=4&t=45871
http://xforce.iss.net/xforce/xfdb/71792
http://www.securityfocus.com/bid/51048/references


11.52.21 CVE: Not Available

Platform: Web Application
Title: Splunk Cross-Site Scripting and Cross-Site Request Forgery
Vulnerabilities
Description: Splunk is an IT infrastructure monitoring system. The
application is exposed to multiple issues. A cross-site
scripting issue exists because the application fails to properly
sanitize certain unspecified user-supplied input. A cross-site
request forgery issue exists because the application does not
properly validate HTTP requests. Splunk 4.2 to 4.2.4 are vulnerable
and other versions may also be affected.
Ref: http://www.splunk.com/view/SP-CAAAGMM
http://www.securityfocus.com/bid/51061/references


11.52.22 CVE: Not Available

Platform: Web Application
Title: Browser CRM Multiple SQL Injection and Cross-Site Scripting
Vulnerabilities
Description: BrowserCRM is a PHP-based customer management system. The
application is exposed to multiple cross-site scripting and SQL injection
issues because it fails to sufficiently sanitize user-supplied input.
See reference for detailed information. Browser CRM 5.100.01 is vulnerable
and prior versions may also be affected.
Ref:
https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_browser_crm.html
http://www.securityfocus.com/bid/51060/references


11.52.23 CVE: Not Available

Platform: Web Application
Title: Owl Intranet Engine “userid” Parameter Authentication Bypass
Description: Owl Intranet Engine is a web-based application
implemented in PHP. The application is exposed to an
authentication bypass issue. The issue can be exploited by setting the
“userid” parameter of the “admin/index.php” script to “1” to gain
administrative access. Owl Intranet Engine 1.00 is affected and other
versions may also be vulnerable.
Ref:
http://www.redteam-pentesting.de/en/advisories/rt-sa-2011-005/-owl-intranet-engine-authentication-bypass
http://www.securityfocus.com/bid/51076/references


11.52.24 CVE: Not Available

Platform: Web Application
Title: TYPO3 “BACK_PATH” Parameter Local File Include
Description: TYPO3 is a PHP-based content manager. The component is
exposed to a local file include issue because it fails to
properly sanitize user-supplied input submitted to the “BACK_PATH”
parameter of the
“typo3/sysext/workspaces/Classes/Controller/AbstractController.php”
script. TYPO3 version 4.5.0 up to 4.5.8, 4.6.0 and 4.6.1 (+
development releases of 4.7 branch) are affected.
Ref:
http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2011-004/
http://www.securityfocus.com/bid/51090/references


11.52.25 CVE: Not Available

Platform: Web Application
Title: PHPShop CMS Multiple Cross-Site Scripting and SQL Injection
Vulnerabilities
Description: PHPShop CMS is a content management application
implemented in PHP. The application is exposed to multiple cross-site
scripting issues and SQL injection issues because it fails to
sufficiently sanitize user-supplied input. See reference for detailed
information. PHPShop CMS 3.4 is vulnerable and prior versions may also
be affected.
Ref: http://www.securityfocus.com/bid/51130/references
http://forum.phpshopcms.ru/index.php?showtopic=1508
https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_phpshop_cms_free.html


11.52.26 CVE: CVE-2011-4551

Platform: Web Application
Title: Tiki Wiki CMS Groupware “show_errors” Parameter HTML Injection
Description: Tiki Wiki CMS Groupware is a PHP-based database
management application. The application is exposed to an
HTML injection issue because it fails to sufficiently sanitize
user-supplied input to the “show_errors” parameter of the
“tiki-cookie-jar.php” script. Tiki Wiki CMS Groupware versions prior
to 8.2 or 6.5 LTS are affected.
Ref: http://info.tiki.org/article183-Tiki-Wiki-CMS-Groupware-8-2-and-6-5LTS-Security-Patches-Available
http://www.securityfocus.com/archive/1/520957


Email or call us at +1 800 745 4355 or try our Global Contacts
Subscription Packages
Qualys Solutions
Qualys Community
Company
Free Trial & Tools
Popular Topics