XSS Vulnerability in ZeusCart Shopping Cart [0day]

Folks,
SecPod Research Team member (Sooraj K.S) found an XSS flaw in ZeusCart Ecommerce Shopping Cart, which can be used to gain sensitive information and launch further attacks. The flaw lies in the search parameter while ZeusCart web app processes the user-supplied input and renders the content back to the client’s browser. The flaw can be exploited to inject arbitrary HTML codes and steal cookies and so on. (more…)

Comments Off on XSS Vulnerability in ZeusCart Shopping Cart [0day]

OpenVAS Crosses 10000 NVT’s (plugins)

The news…

Passing the 10000th Network Vulnerability Test (NVT) is a perfect occasion to report about the progress of the OpenVAS project[1].

In October 2008 the systematic development of new NVTs started with a base of around 5800 Tests. With the release of OpenVAS 2.0 in December 2008, the development was boosted and has now reached an average of 10 code updates per day.  The public OpenVAS NVT Feed Service delivers 3-10 new vulnerability tests every day. (more…)

Comments Off on OpenVAS Crosses 10000 NVT’s (plugins)

MS08-067 (Conficker worm) detection – OpenVAS plugin

Conficker worm variants A, B and C are dependent on vulnerability in Microsoft server service. Microsoft had released an advisory MS08-067 back in October 2008 to address the above vulnerability. As was expected at that time, number of attacks are spreading, major one being Conficker worm via the conficker malware. Therefore, use a Vulnerability Management Tool to prevent these attacks.

We have plugins for OpenVAS,
900055 – secpod_ms08-067_900055.nasl
900056 – secpod_ms08-067_900056.nasl (more…)

2 Comments

End of content

No more pages to load