VisualSentinel 0.7 Cross Agent Scripting Vulnerability

From: bugtraq@xxxxxxxxxxxxx
Date: 31 May 2008 02:35:39 -0000

VisualSentinel 0.7 Cross Agent Scripting

# Discovered by: Alfredo Panzera, Opencosmo Security
# Software vendor: http://www.opencosmo.com
# Date: 31-05-2008

# Vulnerability:
The vulnerability consists on inject javascript code falsify the user agent's
attacker during an attack and then save in the log the user agent falsified.

# Vulnerable string:
$user_useragent = $_SERVER ['HTTP_USER_AGENT'];

# Solution:
The development team has promptly issued a patch the vulnerability.
You can download the latest version from the download page.
http://www.opencosmo.com/product-1.html

##############################################################################

Opencosmo Security
http://www.opencosmo.com

Prev by Date: [SECURITY] [DSA 1588-2] New Linux 2.6.18 packages fix several vulnerabilities
Next by Date: LokiCMS Multiple Vulnerabilities through Authorization weakness
Previous by thread: [SECURITY] [DSA 1588-2] New Linux 2.6.18 packages fix several vulnerabilities
Next by thread: Re: VisualSentinel 0.7 Cross Agent Scripting Vulnerability
Index(es):
- Date
- Thread

Relevant Pages

[Full-disclosure] VisualSentinel 0.7 Cross Agent Scripting Vulnerability
... VisualSentinel 0.7 Cross Agent Scripting ... The vulnerability consists on inject javascript code falsify the user agent's ... attacker during an attack and then save in the log the user agent falsified.. ...
(Full-Disclosure)
[NT] Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (MS06-037)
... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution ... an attacker who successfully exploited this ... vulnerability could take complete control of the client workstation. ...
(Securiteam)
[NT] Vulnerabilities in Graphics Rendering Engine Allows Code Execution (MS05-053)
... formats that could allow remote code execution or on an affected system. ... A remote code execution vulnerability exists in the rendering of Windows ... An attacker who successfully exploited this vulnerability could take ... E-mail messages that are viewed in plain text format will not contain ...
(Securiteam)
[NEWS] Unchecked Buffer in Internet Explorer and Office for Mac Can Cause Code to Execute
... security vulnerability results because an attacker can levy a buffer ... The AppleScript would have to already be present on ... Unchecked Buffer in HTML Element: ...
(Securiteam)
SecurityFocus Microsoft Newsletter #259
... MICROSOFT VULNERABILITY SUMMARY ... FL Studio FLP File Processing Heap Overflow Vulnerability 4. ... wzdftpd is affected by a remote arbitrary command execution vulnerability. ... allowing a remote attacker to supply format specifiers ...
(Focus-Microsoft)