---------------------------------------------------------------------- Secunia Network Software Inspector 2.0 (NSI) - Public Beta 15 days left of beta period. The 1st generation of the Secunia Network Software Inspector (NSI) has been available for corporate users for almost 1 year and its been a tremendous success. The 2nd generation Secunia NSI is built on the same technology as the award winning Secunia PSI, which has already been downloaded and installed on more than 400,000 computers world wide. Learn more / Download (instant access): http://secunia.com/network_software_inspector_2/ ---------------------------------------------------------------------- TITLE: Parallels Power Panel Cross-Site Request Forgeries SECUNIA ADVISORY ID: SA29675 VERIFY ADVISORY: http://secunia.com/advisories/29675/ CRITICAL: Moderately critical IMPACT: Cross Site Scripting, System access WHERE: >From remote SOFTWARE: Parallels Power Panel 4.x http://secunia.com/product/18305/ DESCRIPTION: poplix has reported some vulnerabilities in Parallels VZPP, which can be exploited by malicious people to conduct cross-site request forgery attacks and potentially compromise a vulnerable system. The vulnerabilities are caused due to the application allowing users to perform certain actions in e.g. the "change password" and "file manager" sections via HTTP requests without performing any validity checks to verify the request. This can be exploited to e.g. change the administrator's password or overwrite arbitrary files by tricking an administrator into opening a malicious web page. Successful exploitation may lead to a full system compromise. SOLUTION: Do not browse other sites while being logged into Parallels Power Panel. Reportedly, some of the problems are fixed in "version 365.6.swsoft (build: 4.0.0-365.6.swsoft)". PROVIDED AND/OR DISCOVERED BY: poplix ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------