Home » 2010 » March » 01
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I expanded on Jon Butler's exploit and was able to inject a Meterpreter
payload into the remote process despite the buffer's small size (268
bytes).  This was done by overwriting the ret value with part of the
Meterpreter payload.

- - Explanation of Process:
http://paulmakowski.wordpress.com/2010/02/28/increasing-payload-size-w-return-address-overwrite/
- - Vulnerable Program:
http://easyftpsvr.googlecode.com/files/easyftpsvr-1.7.0.2.zip
- - Exploit Download:
https://tegosecurity.com/etc/return_overwrite/RCE_easy_ft ... Read more »
Views: 7068 | Added by: b1zz4rd | Date: 2010-03-01 | Comments (0)

==============================
===========
Yaniv Miron aka "Lament" Advisory Feb 24, 2010
ARISg5 (Version 5.0) Cross Site Scripting Vulnerability
=========================================

==========================================================================================
Application name: ARISg5 (arisglobal)
Version: 5.0
Class: Input Validation Error
Type: Cross Site Scripting (XSS)
Remote: Yes
Credit: Yaniv Miron aka "Lament"
Exploit:

http://SERVER_ADDRESS/Aris/wflogin.jsp?errmsg=Phishing Error Message<script>alert('Malicious XSS Code')</script>

Yaniv Miron aka "Lament".
lament@ilhack.org
==========================================================================================

================== ... Read more »
Views: 5945 | Added by: b1zz4rd | Date: 2010-03-01 | Comments (0)

------------------------------------------------------------------------
getPlus insufficient domain name validation vulnerability
------------------------------------------------------------------------
Yorick Koster, April 2009

------------------------------------------------------------------------
See also
------------------------------------------------------------------------
APSB10-08 [2] Security update available for Adobe Download Manager
CVE-2010-0189 [3]
02.23.10 [4] Multiple Vendor NOS Microsystems getPlus Downloader Input
Validation Vulnerability
Aviv Raff On .NET: [5] Skeletons in Adobe's security closet

------------------------------------------------------------------------
Tested version
------------------------------------------------------------------------
These vulnerabilities were tested on Adobe's version of ... Read more »
Views: 12003 | Added by: b1zz4rd | Date: 2010-03-01 | Comments (3)

# Title: [SQL injection vulnerability in WebAdministrator Lite CMS]
# Date: [25.02.2010]
# Author: [Ariko-Security]
# Software Link: [http://jskinternet.pl/]
# Version: [Lite]


============ { Ariko-Security - Advisory #5/2/2010 } =============

      SQL injection vulnerability in WebAdministrator Lite CMS



Vendor's Description of Software:
# http://jskinternet.pl/portal/jsk/3/Oferta.html

Dork:
# webadministrator lite

Application Info:
# Name: WebAdministrator Lite CMS
# Versions: LITE

Vulnerability Info:
# Type: SQL injection Vulnerability
# Risk: medium

Fix:
# N/A

Time Table:
# 25/02/2010 - Vendor notified.
# 25/02/2010 - Vendor response "we will not release FIX for LITE, soon

new version".... ... Read more »
Views: 809 | Added by: b1zz4rd | Date: 2010-03-01 | Comments (0)

Hacktics Research Group Security Advisory
http://www.hacktics.com/#view=Resources%7CAdvisory

By Oren Hafif, Hacktics.
24-Feb-2010

===========
I. Overview
===========
During a penetration test performed by Hacktics' experts, certain
vulnerabilities were identified in an IBM Websphere Portal Server and Lotus
Web Content Management deployment. Further research has identified that the
login page of the IBM Lotus Workplace Web Content Management is vulnerable
to Reflected Cross Site Scripting attacks.

A friendly formatted version of this advisory is available in:
  http://www.hacktics.com/content/advisories/AdvIBM20100224.html

===============
II. The Finding
===============
An attacker can inject script into a ... Read more »
Views: 2519 | Added by: b1zz4rd | Date: 2010-03-01 | Comments (0)

______________________________
________________________________________

NSOADV-2010-003: DATEV ActiveX Control remote command execution
______________________________________________________________________
______________________________________________________________________

                              111101111
                       11111 00110 00110001111
                  111111 01 01 1 11111011111111
               11111  0 11 01 0 11 1 1  111011001
            11111111101 1 11 0110111  1    1111101111
          1001  0 1 10 11 0 10 11 1111111  1 111 111001
&nb ... Read more »
Views: 6430 | Added by: b1zz4rd | Date: 2010-03-01 | Comments (0)