Recent Unauthorized Data Modification vulnerabilities

Latest information about Unauthorized Data Modifications

22.02.2012 08:52 iOS 5 vulnerability could give unauthorized access to contact list, calls and text messages details >> -- virusbtn

21.02.2012 11:10 Vuln: Rocks'n'Diamonds Insecure Permissions Unauthorized Access Vulnerability: Rocks'n'Diamonds Insecure Permiss... details >>

18.02.2012 22:50 Microsoft SharePoint Server Unauthorized Access Vulnerability details >>

08.02.2012 11:14 Microsoft Windows SMB NTLM Authentication Unauthorized Access Vulnerability details >>

08.02.2012 06:56 Microsoft Windows SMB NTLM Authentication Unauthorized Access Vulnerability details >>

01.02.2012 15:37 Seminar this Friday 2/3! Using Accountability Theory to Reduce Unauthorized Data Access. REGISTER: details >> (webcast & inperson)

01.02.2012 07:27 Seminar this Friday 2/3! Using Accountability Theory to Reduce Unauthorized Data Access. REGISTER: details >> (webcast & inperson)

24.01.2012 12:51 Vuln: PostgreSQL 'RESET ALL' Unauthorized Access Vulnerability details >>

24.01.2012 06:48 Vuln: PostgreSQL 'RESET ALL' Unauthorized Access Vulnerability details >>

23.01.2012 08:03 NYSEG warns customers about unauthorized data access: If you're a customer of New York State Electric and Gas, the... details >>

22.01.2012 22:50 NYSEG warns customers about unauthorized data access: If you're a customer of New York State Electric and Gas, the... details >>

17.01.2012 08:03 Register for Feb. 3rd seminar! "Using Accountability Theory to Reduce Unauthorized Data Access" details >>

17.01.2012 07:03 Register for Feb. 3rd seminar! "Using Accountability Theory to Reduce Unauthorized Data Access" details >>

16.01.2012 09:02 Google Apologizes After Using Unauthorized Data details >>

16.01.2012 07:24 Google Apologizes After Using Unauthorized Data details >>

09.01.2012 19:02 AirTies-4450 Unauthorized Remote Reboot: AirTies-4450 suffers from an unauthorized remote reboot vulnerability. details >>

09.01.2012 15:47 AirTies-4450 Unauthorized Remote Reboot: AirTies-4450 suffers from an unauthorized remote reboot vulnerability. details >>

08.01.2012 10:02 Product prevents lost USB drives and eliminates unauthorized data access: details >>

08.01.2012 07:02 Product prevents lost USB drives and eliminates unauthorized data access: details >>

28.12.2011 11:38 A vulnerability in HP LaserJet printers could allow a hacker to remotely control it to launch cyberattacks, steal... details >>

Here is short summary of recent Unauthorized Data Modification vulnerabilities discovered by eVuln team. Full list with details is available on the eVuln Security Advisories page.

Unauthorized Data Modification in Advanced Poll.

Description.

Vulnerable script: include/class_poll.php

UserAgent value from header of HTTP-query is not properly sanitized before being used in SQL query. This can be used to make some SQL queries by injecting arbitrary SQL code.

Condition: magic_quotes_gpc = off

Vulnerable Script: include/class_poll.php

This attack would lead the coordinates to be spoofed and taken over by illegal Proxies. This is done, by checking if HTTP_X_FORWARDED_FOR exists and using this IP from HTTP_X_FORWARDED_FOR to identify unique voted person.

The attacker can send fake HTTP_X_FORWARDED_FOR values in http-headers as many as the attacker wants with different IP in HTTP_X_FORWARDED_FOR.

Exploit.

Need to be added to header of HTTP-query when answering a question:

User-Agent: '+[sql_expression]

Need to be added to header of HTTP-query when answering a question:

X-Forwarded-For: [any IP]

Solution

Solution is not available.

Unauthorized Data Modification in Magic Downloads.

Description.

Unauthorized Data Modification

Vulnerable script: settings.php

Variables $action $passwd $admin_password $new_passwd $confirm_passwd are not initialized and their values can be replaced by user-defined data. This can be used to make unauthorized modifications in config.php

Condition: register_globals = ON

Exploit.

Unauthorized Data Modification Example

http://host/path/settings.php?action=change&passwd=1&admin_password=1&new_passwd=new&confirm_passwd=new

Solution

Solution is not available.