http://www.madirish.net Computers, security, and other tech goodies. en-us Copyright 1997-2010, Justin C. Klein Keane. All Rights Reserved. MadIrish.net justin@madirish.net Information Security daily 1 1970-01-01T00:00+00:00 http://www.madirish.net/?article=471 e107 is a PHP/MySQL based content management system. e107 versions prior to 0.7.23 suffer from cross site scripting and cross site request forgery vulnerabilities. http://www.madirish.net/?article=471&from=rss 2010-08-22 16:26:56 -0500 Justin C. Klein Keane http://www.madirish.net/?article=470 Raj Umadas and Mike Zusman of Intrepidus Group gave an amazing talk on Mallory last night at the Philadelphia OWASP chapter meeting. At first glance Mallory seems like a simple tool, just a proxy application that sits on the wire. Closer inspection, however, reveals that Mallory offers functionality above and beyond traditional tools for packet inspection. Mallory looks like an exceptional tool that could be a valuable part of any software security assessor's toolkit. The ability of Mallory to pause, tamper, and play data makes it especially effective for monkeying with black box applications, but it also makes for a really fun tool! http://www.madirish.net/?article=470&from=rss 2010-08-18 09:04:49 -0500 Justin C. Klein Keane http://www.madirish.net/?article=469 The Drupal core modules actions and triggers manifest a cross site scripting (XSS) vulnerability because they fail to sanitize user supplied input rendered in display. http://www.madirish.net/?article=469&from=rss 2010-08-12 14:51:31 -0500 Justin C. Klein Keane http://www.madirish.net/?article=468 When evaluating content management systems (CMS) it is extremely important to include criteria covering security considerations. CMS'es are complex, and extremely powerful web applications, and as such present interesting security challenges. Although many of these challenges are not unique to CMS systems, they are often overlooked when performing product evaluations. CMS'es are quickly becoming the de facto standard for deploying web based information systems – from websites to complex web applications. Both their complexity and increasing market share make them attractive targets for malicious attackers. http://www.madirish.net/?article=468&from=rss 2010-08-03 11:42:08 -0500 Justin C. Klein Keane http://www.madirish.net/?article=467 The Drupal OG Menu module contains a cross site scripting (XSS) vulnerability due to the fact that it fails to sanitize menu descriptions before display. http://www.madirish.net/?article=467&from=rss 2010-07-14 17:08:14 -0500 Justin C. Klein Keane http://www.madirish.net/?article=466 A recent code audit of the NuralStorm Webmail system revealed a number of serious vulnerabilities. If you are using NuralStorm please review the following vulnerability report. It is recommended that you restrict access to any NuralStorm installations immediately and disable NuralStorm if possible. There is currently no patch or work around for the vulnerabilities described herein. http://www.madirish.net/?article=466&from=rss 2010-07-09 15:39:14 -0500 Justin C. Klein Keane