Login or Register to Ask a Question and Join Our Community


Security Advisories (RSS)

S-161: Livelink ECM UTF-7 Vulnerability

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity Security Advisories (RSS) S-161: Livelink ECM UTF-7 Vulnerability
# 1  
Old 02-01-2008
S-161: Livelink ECM UTF-7 Vulnerability
Livelink ECM is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. The risk is MEDIUM. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.


More...
Login or Register to Ask a Question

Previous Thread | Next Thread

5 More Discussions You Might Find Interesting

1. Linux

Help to Convert file from UNIX UTF-8 to Windows UTF-16

Hi, I have tried to convert a UTF-8 file to windows UTF-16 format file as below from unix machine unix2dos < testing.txt | iconv -f UTF-8 -t UTF-16 > out.txt and i am getting some chinese characters as below which l opened the converted file on windows machine. LANG=en_US.UTF-8... (3 Replies)
Discussion started by: phanidhar6039
3 Replies

2. UNIX for Dummies Questions & Answers

UTF-8 in xterm

I need to use sort, uniq, grep, wc,... and the like to work with lists of words in UTF-8 (the "words" being phonetic transcriptions using the IPA). I have been using Google a lot and I even found at least one previous post on this topic, but it didn't help. I tried following the instructions... (2 Replies)
Discussion started by: mregine
2 Replies

3. Infrastructure Monitoring

UDP Port 161

hi guys My linux server have SNMP configure port by default is 161 (UDP) now my monitor team - who are using Nagios - say the server are not being monitor so check netstat -lnu and I see all is OK and snmp service is running fine what else should I check about this port 161? to see if it is... (0 Replies)
Discussion started by: karlochacon
0 Replies

4. Infrastructure Monitoring

Solaris 10 - starting snmpdx at boot time on a port other than 161

Hi All, Can we start the snmpdx on another port at boot time on solaris 10 instead of the default 161 port? What is the configuration file to set this? We can make it run in a different port after the system boots up by using snmpdx -p port_number This requirement is because i have an... (1 Reply)
Discussion started by: Mr. Zer0
1 Replies

5. Email Antispam Techniques and Email Filtering

(Received):. (66.55.160\.|66.55.161\.)

Can you suggest a way of rewriting rule below that would ensure that the class C "66.55.160" is blocked but "166.55.160.*" would pass? :0 * ^(Received):.*(66.55.160\.|66.55.161\.|66.55.162\.|66.55.163\.|66.55.164\.|66.55.165\.|66.55.166\.|66.55.167\ .) { LOG="(ISKIMARO vendare 1) " ... (0 Replies)
Discussion started by: jones
0 Replies
Login or Register to Ask a Question

LEARN ABOUT DEBIAN

html::mason::escapes

HTML::Mason::Escapes(3pm)				User Contributed Perl Documentation				 HTML::Mason::Escapes(3pm)

NAME

       HTML::Mason::Escapes - Functions to escape text for Mason

DESCRIPTION

       This module contains functions for implementing Mason's substitution escaping feature.  These functions may also be called directly.

       html_entities_escape
	   This function takes a scalar reference and HTML-escapes it using the "HTML::Entities" module.  By default, this module assumes that the
	   string it is escaping is in ISO-8859-1 (pre Perl 5.8.0) or UTF-8 (Perl 5.8.0 onwards).  If this is not the case for your data, you will
	   want to override this escape to do the right thing for your encoding.  See the section on User-defined Escapes in the Developer's
	   Manual for more details on how to do this.

       url_escape
	   This takes a scalar reference and replaces any text it contains matching "[^a-zA-Z0-9_.-]" with the URL-escaped equivalent, a percent
	   sign (%) followed by the hexadecimal number of that character.

       basic_html_escape
	   This function takes a scalar reference and HTML-escapes it, escaping the following characters: '&', '>', '<', and '"'.

	   It is provided for those who wish to use it to replace (or supplement) the existing 'h' escape flag, via the Interpreter's
	   "set_escape()" method.

	   This function is provided in order to allow people to return the HTML escaping behavior in 1.0x.  However, this behavior presents a
	   potential security risk of allowing cross-site scripting attacks.  HTML escaping should always be done based on the character set a
	   page is in.	Merely escaping the four characters mentioned above is not sufficient.	The quick summary of why is that for some
	   character sets, characters other than '<' may be interpreted as a "less than" sign, meaning that just filtering '<' and '>' will not
	   stop all cross-site scripting attacks.  See http://www.megasecurity.org/Info/cross-site_scripting.txt for more details.

perl v5.14.2							    2012-02-04						 HTML::Mason::Escapes(3pm)