# Title: [SQL injection vulnerability in LiveChatNow]
# Date: [20.02.2010]
# Author: [Ariko-Security]
# Software Link: [http://www.livechatnow.com/]
# Version: [ALL]
# Tested on: [freebsd / ubuntu]


============ { Ariko-Security - Advisory #4/2/2010 } =============

      SQL injection vulnerability in LiveChatNow



Vendor's Description of Software:
# http://www.livechatnow.com/
#demo

http://zebra.livechatnow.com/js/enter.php?cid=7546&skin=&survey=&survey_ec

=&survey_lm=&group=On-Duty+

iDefense Security Advisory 02.23.10
http://labs.idefense.com/intelligence/vulnerabilities/
Feb 23, 2010

I. BACKGROUND

The getPlus Downloader is an application download and installation
manager, distributed in the form of an ActiveX control. This control is
used by Adobe Systems Inc. to install Adobe Reader through the Adobe
website when Internet Explorer is used. Part of the functionality of
the getPlus Downloader is to download and execute applications from
preconfigured sites; in the case of Adobe, from adobe.com and its
subdomains. For more information, see the vendor's site found at the
following link.

http://www.nosltd.com/index.php?option=com_content&task= ... Read more »

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - Product

Rbot (aka Rubybot) is a very powerful and feature rich IRC Bot written
in ruby: "Think of him as a ruby bot framework with a highly modular
design based around plugins." [1]

[1] http://ruby-rbot.org/

- - Vulnerability

The reaction plugin allows anyone to create reactions that are
triggered by certain words or regular expressions. There normal message
replies and two special reactions that can be triggered: ruby code and
bot command execution. The ruby action is correctly only allowed for
bot owners, but the command execution is not.

Here is an example for that:
<attacker> !react to /attacker:.*/ with cmd:whoami
 now the attacker is provoking a manual highlight from the bot owner:
<attacker> botowner: ping?
<botowner> attacker: pong, what's up?
<rbot> ... Read more »

VUPEN Security Research - Symantec Products "SYMLTCOM.dll" Buffer Overflow Vulnerability

http://www.vupen.com/english/research.php


I. DESCRIPTION
---------------------
VUPEN Vulnerability Research Team discovered a vulnerability in various
Symantec security products.

The vulnerability is caused by a buffer overflow error in the SYMLTCOM.dll
module when processing user-supplied data, which could be exploited by
remote attackers to execute arbitrary code by tricking a user into visiting
a specially crafted web page on a domain masqueraded as an authorized site.


II. AFFECTED PRODUCTS
------------------------------

##############################

* Other vulnerabilities covered in bid:38262 *

=== Infos ===

Credit: loneferret
Found: 18/02/10
Versions affected <= 1.7.0.2

=== Description ===

Lack of input length checks for the CWD command result in a buffer overflow vulnerability, allowing the execution of arbitrary code by a remote attacker.

=== Workaround ===

Upgrade to the latest version - 1.7.0.12

=== PoC ===

#!/usr/bin/python
import socket, sys

print """
******************************

  (    , )     (,
 .   `.' ) ('.    ',
  ). , ('.   ( ) (
 (_,) .`), ) _ _,
 /  _____/  / _  \    ____  ____   _____
 \____  \==/ /_\  \ _/ ___\/  _ \ /     \
 /       \/   |    \\  \__(  <_> )  Y Y  \
/______  /\___|__  / \___  >____/|__|_|  /
       \/         \/.-.    \/         \/:wq
                   (x.0)
                 '=.|w|.='
                 _='`"``=.

              &n ... Read more »

Hacktics Research Group Security Advisory
http://www.hacktics.com/#view=Resources%7CAdvisory

By Irene Abezgauz, Hacktics.
22-Feb-2010

===========
I. Overview
===========
During a penetration test performed by Hacktics' experts, a persistent
cross-site scripting vulnerability was identified in the SharePoint document
handling module. This vulnerability allows attackers to gain control over
valid user accounts, perform operations on their behalf, redirect them to
malicious sites, steal their credentials, and more.

A friendly formatted version of this advisory, including a video
demonstrating step-by-step execution of the exploit, is available in:
  http://www.hacktics.com/content/advisories/AdvMS20100222.html

========= ... Read more »