---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secunia_vacancies/ ---------------------------------------------------------------------- TITLE: WebEOC Multiple Vulnerabilities SECUNIA ADVISORY ID: SA16075 VERIFY ADVISORY: http://secunia.com/advisories/16075/ CRITICAL: Moderately critical IMPACT: Security Bypass, Cross Site Scripting, Manipulation of data, Exposure of sensitive information, DoS WHERE: >From remote SOFTWARE: WebEOC 6.x http://secunia.com/product/5377/ DESCRIPTION: Some vulnerabilities have been reported in WebEOC, which can be exploited to gain knowledge of sensitive information, conduct cross-site scripting and SQL injection attacks, cause a DoS (Denial of Service), or bypass certain security restrictions. 1) A common key is used to encrypt data on all WebEOC installations. Knowledge of this key potentially allows the decryption of sensitive data on any installation of WebEOC. 2) Weak algorithms are used to encrypt sensitive information. This potentially allows the recovery of the encryption keys, or decryption of messages via cryptanalytic techniques. 3) Multiple cross-site scripting vulnerabilities affect several web pages in the application. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 4) A malicious user can consume all system resources by uploading large files. 5) Multiple SQL injection vulnerabilities exist, which can be exploited to manipulate SQL queries by injecting arbitrary SQL code. 6) Sensitive information is exposed in URIs, stored in publicly accessible configuration files, and in the HTML code returned to users. 7) A design error allows malicious users to access parts of the application that they should not have access to by directly specifying the URL. SOLUTION: The vulnerabilities have reportedly been fixed in version 6.0.2. PROVIDED AND/OR DISCOVERED BY: The US-CERT credits IOActive, ESi, and the City of Seattle. ORIGINAL ADVISORY: US-CERT: http://www.kb.cert.org/vuls/id/388282 http://www.kb.cert.org/vuls/id/491770 http://www.kb.cert.org/vuls/id/138538 http://www.kb.cert.org/vuls/id/956762 http://www.kb.cert.org/vuls/id/372797 http://www.kb.cert.org/vuls/id/165290 http://www.kb.cert.org/vuls/id/258834 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------