CollabNet Subversion Edge Management Frontend does not implement clickjacking protection. Fixed in version 5.0. Version 4.0.11 is affected.
Monthly Archives: June 2015
XXE Injection in NetIQ Access
Posted by MustLive on Jun 29
Hello list!
I’ll give you additional information concerning advisory Multiple high risk
vulnerabilities in NetIQ Access Manager
(http://securityvulns.ru/docs31510.html). There are five different
vulnerabilities in the advisory. For my attack it’s needed to use only one
vulnerability, XML External Entities Injection (XXE), to conduct attacks on
other web sites from target host.
————————-
Affected products:…
Fedora 21 Security Update: cryptopp-5.6.2-9.fc21
– Fix for CVE-2015-2141
Fedora 22 Security Update: cryptopp-5.6.2-9.fc22
– Fix for CVE-2015-2141
Fedora 21 Security Update: s3ql-2.13-1.fc21
Fedora 22 Security Update: s3ql-2.13-1.fc22
Researcher Says LG App Update Mechanism Doesn’t Verify SSL Cert
Many smartphones manufactured by LG contain a vulnerability that can allow an attacker to replace an APK file with a malicious file of his choice. The problem is the result of several conditions on LG phones. Like other manufacturers, LG includes custom apps on its handsets, which are not available through the normal Google Play […]
CollabNet Subversion Edge missing brute force protection
Posted by Oliver-Tobias Ripka on Jun 29
# Vuln Title: The CollabNet Subversion Edge does not protect against brute
# forcing accounts
#
# Date: 28.06.2015
# Author: otr
# Software Link: https://www.open.collab.net/downloads/svnedge
# Vendor: CollabNet
# Version: 4.0.11
# Tested on: Fedora Linux
# Type: Lack of defensive measures
#
# Risk: Medium
# Status: public/fixed
# Fixed versions: 5.0
Timeline:
2014-10-09 Flaw Discovered
2014-10-20 Vendor contacted
2014-10-21 Vendor response…
CollabNet Subversion Edge autocomplete on
Posted by Oliver-Tobias Ripka on Jun 29
# Vuln Title: The CollabNet Subversion Edge management frontend login page
# password field has autocomplete enabled
#
# Date: 28.06.2015
# Author: otr
# Software Link: https://www.open.collab.net/downloads/svnedge
# Vendor: CollabNet
# Version: 4.0.11
# Tested on: Fedora Linux
# Type: Lack of defensive measures
#
# Risk: Low
# Status: public/fixed
# Fixed version: 5.0
#…
CollabNet Subversion Edge missing clickjacking protection
Posted by Oliver-Tobias Ripka on Jun 29
# Vuln Title: The CollabNet Subversion Edge Management Frontend does not
# implement clickjacking protection
#
# Date: 28.06.2015
# Author: otr
# Software Link: https://www.open.collab.net/downloads/svnedge
# Vendor: CollabNet
# Version: 4.0.11
# Tested on: Fedora Linux
# Type: Clickjacking
#
# Risk: Medium
# Status: public/fixed
# Fixed version: 5.0
Timeline:
2014-10-09 Flaw Discovered
2014-10-20 Vendor contacted
2014-10-21 Vendor response…