----------------------------------------------------------------------

Want a new job?

http://secunia.com/secunia_security_specialist/
http://secunia.com/hardcore_disassembler_and_reverse_engineer/

International Partner Manager - Project Sales in the IT-Security
Industry:
http://corporate.secunia.com/about_secunia/64/

----------------------------------------------------------------------

TITLE:
Blackboard Academic Suite Cross-Site Request Forgery Vulnerabilities

SECUNIA ADVISORY ID:
SA31177

VERIFY ADVISORY:
http://secunia.com/advisories/31177/

CRITICAL:
Less critical

IMPACT:
Cross Site Scripting

WHERE:
>From remote

SOFTWARE:
Blackboard Academic Suite 8.x
http://secunia.com/product/18189/

DESCRIPTION:
Mark Janssen has reported some vulnerabilities in Blackboard Academic
Suite, which can be exploited by malicious people to conduct
cross-site request forgery attacks.

The vulnerabilities are caused due to the application allowing users
to perform certain actions via HTTP requests without performing any
validity checks to verify the request. This can be exploited to e.g.
enroll users in courses.

SOLUTION:
Do not browse other website while being logged in to the Blackboard
Academic Suite.

PROVIDED AND/OR DISCOVERED BY:
Mark Janssen

ORIGINAL ADVISORY:
http://ceaseless.ws/bb-csrf/

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

----------------------------------------------------------------------