Information Security all in one place!

Posts tagged “Uniform Resource Locator

Intuit Quickbooks: Multiple Vulnerabilities


The following vulnerabilites have been discovered and privately reported for the following versions of Intuit Quickbooks products:

Quickbooks 2009 – Quickbooks 2012; in conjunction with Internet Explorer Versions 7-9

Vulnerabilities:

  1. Intuit Help System Protocol URL Heap Corruption and Memory Leak:Image representing Intuit as depicted in Crunc...
  • The vulnerability described in this document can potentially be
    exploited by malicious HTML and/or Javascript to execute arbitrary
    code as the user viewing the malicious content.
  1. Intuit Help System Protocol File Retrieval: 
  • The vulnerability described in this document can be exploited by
    malicious HTML and Javascript to retrieve a file from a ZIP archive to
    which the user viewing the HTML has local or network file system
    access.  The attacker must know or guess the path and file name of the
    target ZIP archive and the target file it contains.  A further
    significant limitation is that files in subdirectories inside of ZIP
    archives have proven inaccessible, based on a sampling of Windows
    ZIPs, Microsoft Office 2007 documents, JARs, and APKs.

No vendor response at the time of public release. More information with be posted has it becomes available.

Advertisements

Advisory: Backdoor in TRENDnet IP cameras


**Trendnet Responds: Comment left below from Trendnet in response to the most recent vulnerability.

TRENDnet has posted the resolution to the security breach on their IP cameras: You can check information on affected TRENDnet IP cameras at:http://www.trendnet.com/products/features.asp?featureid=52. You can download critical firmware along with detailed update instructions for the affected TRENDnet IP cameras athttp://www.trendnet.com/downloads/.

Consolecowboys.org blogger “someLuser” (yes that is his tag)has identified a security vulnerability in some TRENDnetIP cameras which permits inquisitive web users to access them without authentication. He discovered the vulnerability whilst exploring the firmware on his TV-IP110w camera using a tool called binwalk.

English: A candidate icon for Portal:Computer ...

Lengthy lists of freely accessible video streams are already circulating on the web. Random sampling by most testers found that most of the cameras were indeed freely accessible, providing views of offices, living rooms and children’s bedrooms. For demonstration purposes, someLuser has put together a Python script which uses server search engine Shodan to find cameras. Navigating to a camera web server URL displays the video stream recorded by the camera – this occurs whether or not a password has been set.

TRENDnet has already responded by providing a firmware update promising “improved security”, which can be downloaded from its support page. Many other TRENDnet cameras also appear to be affected – according to someLuser, the firmware for the company’s TV-IP121W, TV-IP252P, TV-IP410WN, TV-IP410, TV-IP121WN and TV-IP110WN models has been updated. Anyone using one of these cameras should update the firmware without delay.

You can find the firmware for your device herehttp://www.trendnet.com/langge/downloads/category.asp?iType=32


MailEnable webmail cross-site scripting vulnerability


Vulnerability description: CVE-2012-0389

Discovered by: Sajjad Pourali, Narendra Shinde and Shahab NamaziKhah

MailEnable <http://www.mailenable.com/> Professional and Enterprise versions are prone to cross-site scripting vulnerabilities as the user-supplied input received via “Username” parameter of “ForgottonPassword.aspx” page is not properly sanitized. A specially crafted URL which a user clicks could gain access to the users cookies for webmail or execute other malicious code in users browser in context of the domain in use.

Remote: yes
Authentication required: no
User interactionrequired: yes

Cross-site scripting: a cookie that should be ...

Image via Wikipedia

Affected:

– MailEnable Professional, Enterprise & Premium 4.26 and earlier
– MailEnable Professional, Enterprise & Premium 5.52 and earlier
– MailEnable Professional, Enterprise & Premium 6.02 and earlier

Not affected:

– MailEnable Standard is not affected.

PoC:

http://example.com/mewebmail/Mondo/lang/sys/ForgottenPassword.aspx?Username=’};alert(/XSS/);{

Resolution:

Users of MailEnable 5 and 6 can resolve the issue by upgrading to version 5.53 or 6.03 or later. Alternatively, and for version 4 users, the following fix can be applied:

1) Open the ForgottenPassword.aspx file in Notepad. This file is in the Mail Enable\bin\NETWebMail\Mondo\lang\[language] folders in version 4 and in Mail Enable\bin\NETWebMail\Mondo\lang\sys in version 5 and 6.
2) Locate and remove the following line, then save the file: document.getElementById(“txtUsername”).value = ‘<%= Request.Item(“Username”) %>’;

– Henri Salo


Popular Chat Client Bashed; New AIM Privacy Issues


AOLs AIM Upgrade not recommended, says the Electronic Frontier Foundations (EFF), read the AIM-Post for the breaking blog news and the story and details from AIM-Threat-Post links.

 

EFF_logo_white

Blogged First: http://tinyurl.com/AIM-Post

EFF Story: http://tinyurl.com/AIM-Threat-Post