Security News -  Security Reviews -   Exploits -  Tools -  UNIX Focus -  Windows Focus
SecuriTeam™  Beyond Security®  SecuriTeam™ Home  Ask the Team  Mailing Lists  Advertising Info  Blogs  Black Box Testing  Vulnerability Assessment  Vulnerability Scanner SecuriTeam™ in Your Inbox   E-mail this article to a friend New vulnerability? New tool? Tell us	Cisco BBSM Captive Portal Cross-site Scripting 14 May 2008    Summary A non-persistent XSS vulnerability is present within the AccessCodeStart.asp page. A malicious user may leverage this to possibly gain access client information in captive portal/hotspot locations using this software.   Credit: The information has been provided by Brad Antoniewicz.    Details Audit your web server for security holes - see what the hackers see. Sign up for a scan today - risk free! Example: http://host/ekgnkm/AccessCodeStart.asp?msg=%3Cscript%3Ealert(%22XSS%22);%3C/script%3E Patch Information: Patch URL - http://tools.cisco.com/support/downloads/go/ImageList.x?relVer=5.3&mdfid=278455427&sftType=Building Broadband Service Manager (BBSM) Updates&optPlat=&nodecount=2&edesignator=null&modelName=Cisco Building Broadband Service Manager 5.3&treeMdfId=281527126&treeName=Network Monitoring and Management Download BBSMPatch5332.zip CVE Information: CVE-2008-2165  Comments:  Add new comment:  Subject:  Name/Nick/Email:          Chars Left:	All Sections Security News Unix focus Exploits Tools Windows focus Security Reviews  Related Articles Novell eDirectory dhost Integer Overflow Code Execution Vulnerability Oracle Internet Directory Pre-Authentication LDAP DoS Vulnerability Oracle Database DBMS_AQELM Package Buffer Overflow Vulnerability Apple Core Image Fun House BUffer Overflow F5 FirePass 1200 SNMP Daemon DoS Multiple Cisco Products Vulnerable to DNS Cache Poisoning Attacks Commtouch Anti-Spam Enterprise Gateway Cross Site Scripting (Allowing Domain Credential Theft) Cisco Unified Communications Manager Denial of Service and Authentication Bypass Vulnerabilities Radmin Default Installation Security Vulnerabilities TorrentTrader Multiple SQL Injection Vulnerabilities Cisco Intrusion Prevention System Jumbo Frame Denial of Service XnView, NConvert, and GFL SDK Sun TAAC Buffer Overflow SNMP Version 3 Authentication Vulnerabilities Multiple Vulnerabilities in QuickTime (PICT, AAC and URLs) Multiple Vendor FreeType2 Multiple Vulnerabilities  Featured Articles Vulnerabilities in DNS Allows Spoofing (MS08-037) Vulnerabilities in Microsoft SQL Server Allows Elevation of Privilege (MS08-040) Multiple Cisco Products Vulnerable to DNS Cache Poisoning Attacks libpoppler Uninitialized Pointer Multiple Vendor X Server Vulnerabilities (SHM, RSE, REG, AllocateGlyph) Collection of Vulnerabilities in Fully Patched Vim Multiple Vendor FreeType2 Multiple Vulnerabilities
	Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus - Blogs - CVEs

Copyright © 1998-2008 Beyond Security® All rights reserved.
Terms of Use Site Privacy Statement.
SecuriTeam™ is a trademark of Beyond Security®