Archive for June, 2012

IBM System Storage DS Storage Manager Profiler Multiple Vulnerabilities

IBM System Storage DS Storage Manager Profiler suffers from an SQL Injection and a Cross-Site Scripting (XSS) vulnerability. Input passed via the GET parameter ‘selectedModuleOnly’ in ‘ModuleServlet.do’ script is not properly sanitised before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The GET parameter ‘updateRegn’ in the ‘SoftwareRegistration.do’ script is vulnerable to a XSS issue where the attacker can execute arbitrary HTML and script code in a user’s browser session in context of an affected site.

ZSL Advisory: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5094.php

IBM Advisory: https://www.ibm.com/connections/blogs/PSIRT/entry/secbulletin_stg-storage_cve-2012-2171_cve-2012-2172

Apple iTunes 10.6.1.7 M3U Playlist File Walking Heap Buffer Overflow

The vulnerability is caused due to a boundary error in the processing of a playlist file, which can be exploited to cause a heap based buffer overflow when a user opens e.g. a specially crafted .M3U file. Successful exploitation could allow execution of arbitrary code on the affected node.

 

Apple: http://support.apple.com/kb/HT5318
ZSL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5093.php

TXT: http://www.zeroscience.mk/codes/itunes_bof.txt

PyroCMS 2.1.1 CRLF Injection And Stored XSS Vulnerability

PyroCMS suffers from a stored XSS and HTTP Response Splitting vulnerability when parsing user input to the ‘title’ and ‘redirect_to’ parameters via POST method thru ‘index.php’ script. Attackers can exploit these weaknesses to execute arbitrary HTML and script code in a user’s browser session or insert arbitrary HTTP headers, which are included in a response sent to the user.

 

 

 

 

Advisory ID: ZSL-2012-5092
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5092.php