Advisories
Please read our Vulnerability Disclosure Policy.
Full TextMozilla Firefox 64-Bit SetTextInternal Heap Buffer Overflow
Jun 23, 2010
A heap buffer overflow vulnerability was discovered which is caused by an integer overflow in nsGenericDOMDataNode::SetTextInternal().
Due to the amount of data needed to trigger the vulnerability (> 8 gigbytes), this is only exploitable on 64-bit systems. This vulnerability was tested on Ubuntu AMD64 with the default install of Firefox.
See this white paper for more details on vulnerabilties specific to 64bit platforms.
References:
- http://www.mozilla.org/security/announce/2010/mfsa2010-29.html
- https://bugzilla.mozilla.org/show_bug.cgi?id=534666
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1196
DotNetNuke Cross Site Request Forgery Vulnerability
Jun 14, 2010
DotNetNuke is a Content Management System (CMS) for the .NET platform, which powers “over 500,000” websites. This vulnerability affects version 5.4.2 and earlier.
It was discovered that the application enabled some sensitive actions, such as changing a registered email address, to be performed with only the session identifier used as authentication. This could enable an attacker to alter a user's email address through a Cross Site Request Forgery (CSRF) attack. The forgotten password functionality could then be used to reset the password and consequently compromise the account.
BT Home Hub - SSID Script Injection Vulnerability
May 10, 2010
The BT Home Hub administrative web interface has been identified as being vulnerable to a script injection attack that could allow remote attackers to compromise the security of the device by performing Cross Site Scripting Attacks (XSS).
An attacker could set up a fake access point broadcasting specially crafted 802.11 ‘beacon’ packets containing a malicious payload in the Service Set Identifier (SSID). The malicious SSID will be displayed in the Accessible Access Points Table page of the BT Home Hub administrative interface and will be executed when an administrator scans for wireless access points.
VMware - WebAccess HTTP Forwarding Vulnerability
Apr 16, 2010
A vulnerability was identified within multiple VMware products which would allow an unauthenticated attacker to utilise the WebAccess component of VMware as a proxy for making requests to other servers.
IBM WebSphere MQ - ziiVSendReceiveAgent Memory Corruption Vulnerability
Mar 04, 2010
A memory corruption vulnerability was discovered that could allow an attacker to copy data outside the bounds of a memory page causing a denial of service condition and potentially code execution.