Articles with tag: Advisories
POSTED BY: Dimitrios Glynos / 25.02.2012

libpurple OTR information leakage

census ID:census-2012-0001
CVE ID:CVE-2012-1257
Affected Products:libpurple (all versions), libpurple clients with DBUS support (incl. all versions of pidgin), pidgin-otr (all versions)
Class:Information Exposure (CWE-200), Privacy Violation (CWE-359), Information Exposure Through Sent Data (CWE-201)
Remote:No
Discovered by:Dimitris Glynos

libpurple-based applications broadcast the plaintext of OTR (off-the-record) conversations over DBUS. This makes the plaintext available to other (possibly unrelated) applications executing under the same user. Also, due to a design flaw in libpurple, the user’s choice of not logging OTR plaintext on Pidgin is not communicated over to the third party applications listening on DBUS. This may lead to unintentional (on disk) logging of private messages.


POSTED BY: Dimitrios Glynos / 03.10.2011

Netvolution referer header SQL injection vulnerability

CENSUS ID:CENSUS-2011-0001
CVE ID:CVE-2011-3340
Affected Products:Netvolution v2.5.8 (ASP). Other versions may also be vulnerable.
Class:Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) (CWE-89)
Remote:Yes
Discovered by:Patroklos Argyroudis
Researched and Exploited by:Dimitris Glynos

Netvolution v2.5.8 is vulnerable to a blind SQL injection attack in the HTTP “referer” header. A malicious user may utilize this vulnerability to modify content on the vulnerable website, inject malicious javascript code to a visitor’s browser, collect CMS usernames and plaintext passwords and, in some cases, execute commands on the system hosting the database server. This is a critical vulnerability since it does not require authentication and its exploitation may go undetected.


POSTED BY: Patroklos Argyroudis / 23.05.2010

FreeBSD kernel NFS client local vulnerabilities

CENSUS ID:CENSUS-2010-0001
CVE ID:CVE-2010-2020
Affected Products:FreeBSD 8.0-RELEASE, 7.3-RELEASE, 7.2-RELEASE
Class:Improper Input Validation (CWE-20)
Remote:No
Discovered by:Patroklos Argyroudis

We have discovered two improper input validation vulnerabilities in the FreeBSD kernel’s NFS client-side implementation (FreeBSD 8.0-RELEASE, 7.3-RELEASE and 7.2-RELEASE) that allow local unprivileged users to escalate their privileges, or to crash the system by performing a denial of service attack.


POSTED BY: Patroklos Argyroudis / 14.12.2009

Monkey HTTPd improper input validation vulnerability

CENSUS ID:CENSUS-2009-0004
Affected Products:Monkey web server versions ≤ 0.9.2.
Class:Improper Input Validation (CWE-20), Incorrect Calculation (CWE-682)
Remote:Yes
Discovered by:Patroklos Argyroudis

We have discovered a remotely exploitable “improper input validation” vulnerability in the Monkey web server that allows an attacker to perform denial of service attacks by repeatedly crashing worker threads that process HTTP requests.