Home » 2009 » November » 12
Hash: SHA256

SecureWorks Security Advisory SWRX-2009-001
McAfee Network Security Manager Cross-Site Scripting (XSS) Vulnerability

Advisory Information
Title: McAfee Network Security Manager Cross-Site Scripting (XSS) Vulnerability
Advisory ID: SWRX-2009-001
Advisory URL: http://www.secureworks.com/ctu/advisories/SWRX-2009-001
Date published: Wednesday, November 11, 2009
CVE: CVE-2009-3565
CVSS v2 Base Score: 4.3 (Medium) (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Date of last update: Wednesday, November 11, 2009
Vendors contacted: McAfee, Inc.
Release mode: Coordinated release
Discovered by: Daniel King, SecureWorks

McAfee Network Security Manager is vulnerable to cross-site scripting (XSS) caused by improper validation of user-supplied input. A remote attacke ... Read more »
Views: 1462 | Added by: apeh1706 | Date: 2009-11-12 | Comments (1)

Pemburu virus meningkatkan alarm skala besar menyikapi serangan spam yang menggunakan pesan password reset Facebook palsu untuk mengelabui pengguna PC dalam men-download bagian yang berbahaya dari malware.

Malicious yang dieksekusi telah ter-link ke Bredolab botnet, yang telah ter-link dengan spam yang berjalan secara masal dan serangan pencurian identitas yang terkait.

Berikut ini adalah contoh dari pesan password reset Facebook  yang masuk ke inbox e-mail:

Menurut Websense , alamat pengirim adalah palsu untuk menampilkan "support@facebook.com," trik yang biasa digunakan untuk mengelabuhi target sehingga percaya bahwa itu adalah e-mail sah  dari ja ... Read more »
Views: 796 | Added by: apeh1706 | Date: 2009-11-12 | Comments (0)

- Release date: November 11th, 2009
- Discovered by: Dawid Golunski
- Severity: Moderately High

WordPress <= 2.8.5 Unrestricted File Upload Arbitrary PHP Code Execution

WordPress is a state-of-the-art publishing platform with a focus on aesthetics, web standards,
and  usability. WordPress is both free and priceless at the same time. More simply, WordPress is
what you use when you want to work with your blogging software, not fight it.


Wordpress allows authorised users to add an attachment to a blog post.
It does not sanitize provided file properly before moving it to an uploads directory.

The part of the code responsible for uploading ... Read more »
Views: 8279 | Added by: apeh1706 | Date: 2009-11-12 | Comments (16)

Yahoo Messenger

ActiveX Null Pointer - Denial of Service

Yahoo Messenger is prone to a denial-of-service (cause of null pointer) vulnerability.
Vulnerability is in YahooBridgeLib.dll (Activex Control)

An attacker can exploit this vulnerability by enticing an unsuspecting victim to view a malicious webpage.

Penetration Testing in Deutschland - Österreich - Schweiz
... Read more »
Views: 683 | Added by: apeh1706 | Date: 2009-11-12 | Comments (0)

Hi all,

Just wanted to share the following links/tutorials on writing windows (stack based) exploits :

* Stack based overflows (direct RET overwrite) :
(Tutorial Part 1)

* Jumping to shellcode :
(Tutorial Part 2)

* Stack based overflows - SEH
(Tutorial Part 3)
... Read more »
Views: 838 | Added by: apeh1706 | Date: 2009-11-12 | Comments (0)