R-336: XSS and SQL Injection in Cisco CallManager/Unified Communications Manager Logo
Cisco CallManager and Unified Communications Manager are vulnerable to cross-site Scripting (XSS) and SQL Injection attacks in the lang variable of the admin and user logon pages. The risk is MEDIUM. A successful attack may allow an attacker to run JavaScript on computer systems connecting to CallManager or Unified Communications Manager servers, and has the potential to disclose information within the database.
Mods please move if posted in wrong section, I wasnt sure where to ask this one.
There are several of us that use an open source program called yiimp, https://github.com/tpruvot/yiimp
several of our sites were attacked last night and I am reaching out to you guys to see if then vulnerability... (0 Replies)
I want to grep/awk /var/log/httpd/mysite-access_log.log and check if 2 words from the following appear in a single line:
benchmark
union
information_schema
drop
truncate
group_concat
into
file
case
hex
lpad
group
order
having
insert
union
select
from (12 Replies)
Patch(3pm) User Contributed Perl Documentation Patch(3pm)NAME
Text::Patch - Patches text with given patch
SYNOPSIS
use Text::Patch;
$output = patch( $source, $diff, STYLE => "Unified" );
use Text::Diff;
$src = ...
$dst = ...
$diff = diff( $src, $dst, { STYLE => 'Unified' } );
$out = patch( $src, $diff, { STYLE => 'Unified' } );
print "Patch successful" if $out eq $dst;
DESCRIPTION
Text::Patch combines source text with given diff (difference) data. Diff data is produced by Text::Diff module or by the standard diff
utility (man diff, see -u option).
patch( $source, $diff, options... )
First argument is source (original) text. Second is the diff data. Third argument can be either hash reference with options or all the
rest arguments will be considered patch options:
$output = patch( $source, $diff, STYLE => "Unified", ... );
$output = patch( $source, $diff, { STYLE => "Unified", ... } );
Options are:
STYLE => 'Unified'
STYLE can be "Unified", "Context" or "OldStyle".
The 'Unified' diff format looks like this:
@@ -1,7 +1,6 @@
-The Way that can be told of is not the eternal Way;
-The name that can be named is not the eternal name.
The Nameless is the origin of Heaven and Earth;
-The Named is the mother of all things.
+The named is the mother of all things.
+
Therefore let there always be non-being,
so we may see their subtlety,
And let there always be being,
@@ -9,3 +8,6 @@
The two are the same,
But after they are produced,
they have different names.
+They both may be called deep and profound.
+Deeper and more profound,
+The door of all subtleties!
TODO
Interfaces with files, arrays, etc.
AUTHOR
Vladi Belperchinov-Shabanski "Cade"
<cade@biscom.net> <cade@datamax.bg> <cade@cpan.org>
http://cade.datamax.bg
VERSION
$Id: Patch.pm,v 1.6 2007/04/07 19:57:41 cade Exp $
perl v5.10.1 2010-10-04 Patch(3pm)