12 November 2009 - Be Secure

Home »

[SWRX-2009-001] McAfee Network Security Manager Cross-Site Scripting (XSS) Vulnerability

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

SecureWorks Security Advisory SWRX-2009-001
McAfee Network Security Manager Cross-Site Scripting (XSS) Vulnerability

Advisory Information
Title: McAfee Network Security Manager Cross-Site Scripting (XSS) Vulnerability
Advisory ID: SWRX-2009-001
Advisory URL: http://www.secureworks.com/ctu/advisories/SWRX-2009-001
Date published: Wednesday, November 11, 2009
CVE: CVE-2009-3565
CVSS v2 Base Score: 4.3 (Medium) (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Date of last update: Wednesday, November 11, 2009
Vendors contacted: McAfee, Inc.
Release mode: Coordinated release
Discovered by: Daniel King, SecureWorks

Summary
McAfee Network Security Manager is vulnerable to cross-site scripting (XSS) caused by improper validation of user-supplied input. A remote attacke ... Read more »

Views: 1869 | Added by: apeh1706 | Date: 13 November 2009 | Comments (1)

Facebook password-reset spam is Bredolab botnet attack

Pemburu virus meningkatkan alarm skala besar menyikapi serangan spam yang menggunakan pesan password reset Facebook palsu untuk mengelabui pengguna PC dalam men-download bagian yang berbahaya dari malware.

Malicious yang dieksekusi telah ter-link ke Bredolab botnet, yang telah ter-link dengan spam yang berjalan secara masal dan serangan pencurian identitas yang terkait.

Berikut ini adalah contoh dari pesan password reset Facebook yang masuk ke inbox e-mail:

Menurut Websense , alamat pengirim adalah palsu untuk menampilkan "support@facebook.com," trik yang biasa digunakan untuk mengelabuhi target sehingga percaya bahwa itu adalah e-mail sah dari ja ... Read more »

Views: 1060 | Added by: apeh1706 | Date: 13 November 2009 | Comments (0)

WordPress 2.8.5 Unrestricted File Upload Arbitrary PHP Code Execution

==============================

===============
- Release date: November 11th, 2009
- Discovered by: Dawid Golunski
- Severity: Moderately High
=============================================

I. VULNERABILITY
-------------------------
WordPress <= 2.8.5 Unrestricted File Upload Arbitrary PHP Code Execution

II. BACKGROUND
-------------------------
WordPress is a state-of-the-art publishing platform with a focus on aesthetics, web standards,
and usability. WordPress is both free and priceless at the same time. More simply, WordPress is
what you use when you want to work with your blogging software, not fight it.

III. DESCRIPTION
-------------------------

Wordpress allows authorised users to add an attachment to a blog post.
It does not sanitize provided file properly before moving it to an uploads directory.

The part of the code responsible for uploading ... Read more »

Views: 8672 | Added by: apeh1706 | Date: 13 November 2009 | Comments (17)

Yahoo Messenger 9 ActiveX DoS (Null Pointer) Vulnerability

******************************

**************************************************
Product:
Yahoo Messenger 9.0.0.2162

********************************************************************************
Vulnerability:
ActiveX Null Pointer - Denial of Service

********************************************************************************
Description:
Yahoo Messenger is prone to a denial-of-service (cause of null pointer) vulnerability.
Vulnerability is in YahooBridgeLib.dll (Activex Control)

An attacker can exploit this vulnerability by enticing an unsuspecting victim to view a malicious webpage.

********************************************************************************
Credits:
HACKATTACK IT SECURITY GmbH
Penetration Testing in Deutschland - Österreich - Schweiz
... Read more »

Views: 951 | Added by: apeh1706 | Date: 13 November 2009 | Comments (0)

Exploit writing tutorials

Hi all,

Just wanted to share the following links/tutorials on writing windows (stack based) exploits :

* Stack based overflows (direct RET overwrite) :
(Tutorial Part 1)
http://www.corelan.be:8800/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/

* Jumping to shellcode :
(Tutorial Part 2)
http://www.corelan.be:8800/index.php/2009/07/23/writing-buffer-overflow-exploits-a-quick-and-basic-tutorial-part-2/

* Stack based overflows - SEH
(Tutorial Part 3)
... Read more »

Views: 1105 | Added by: apeh1706 | Date: 12 November 2009 | Comments (0)

Login:
Password: