______________________________ NSOADV-2010-003: DATEV ActiveX Control remote command execution ______________________________ ______________________________ 111101111 11111 00110 00110001111 111111 01 01 1 11111011111111 11111 0 11 01 0 11 1 1 111011001 11111111101 1 11 0110111 1 1111101111 1001 0 1 10 11 0 10 11 1111111 1 111 111001 &nb ... Read more » |
# Title: [SQL injection vulnerability in LiveChatNow] # Date: [20.02.2010] # Author: [Ariko-Security] # Software Link: [http://www.livechatnow.com/] # Version: [ALL] # Tested on: [freebsd / ubuntu] ============ { Ariko-Security - Advisory #4/2/2010 } ============= SQL injection vulnerability in LiveChatNow Vendor's Description of Software: # http://www.livechatnow.com/ #demo http://zebra.livechatnow.com/ =&survey_lm=&group=On-Duty+ Dork: #Powered by www.LiveChatNow.co ... Read more » |
iDefense Security Advisory 02.23.10
http://labs.idefense.com/ Feb 23, 2010 I. BACKGROUND The getPlus Downloader is an application download and installation manager, distributed in the form of an ActiveX control. This control is used by Adobe Systems Inc. to install Adobe Reader through the Adobe website when Internet Explorer is used. Part of the functionality of the getPlus Downloader is to download and execute applications from preconfigured sites; in the case of Adobe, from adobe.com and its subdomains. For more information, see the vendor's site found at the following link. http://www.nosltd.com/index. |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1 - - Product Rbot (aka Rubybot) is a very powerful and feature rich IRC Bot written in ruby: "Think of him as a ruby bot framework with a highly modular design based around plugins." [1] [1] http://ruby-rbot.org/ - - Vulnerability The reaction plugin allows anyone to create reactions that are triggered by certain words or regular expressions. There normal message replies and two special reactions that can be triggered: ruby code and bot command execution. The ruby action is correctly only allowed for bot owners, but the command execution is not. Here is an example for that: <attacker> !react to /attacker:.*/ with cmd:whoami now the attacker is provoking a manual highlight from the bot owner: <attacker> botowner: ping? <botowner> attacker: pong, what's up? <rbot> ... Read more » |
VUPEN Security Research - Symantec Products "SYMLTCOM.dll" Buffer Overflow Vulnerability http://www.vupen.com/english/ I. DESCRIPTION --------------------- VUPEN Vulnerability Research Team discovered a vulnerability in various Symantec security products. The vulnerability is caused by a buffer overflow error in the SYMLTCOM.dll module when processing user-supplied data, which could be exploited by remote attackers to execute arbitrary code by tricking a user into visiting a specially crafted web page on a domain masqueraded as an authorized site. II. AFFECTED PRODUCTS ------------------------------ Symantec N360 version 1.0 Symantec N360 version 2.0 Symantec Norton Internet Security 2006 through 2008 Symantec Norton AntiVirus 2006 through 2008 Symantec Norton Syste ... Read more » |
############################## # Securitylab.ir ############################## # Application Info: # Name: Official Portal 2007 ############################## # Vulnerability Info: # Type: Sql Injection/XSS # Risk: Medium # Dork: "Official Portal 2007" ############################## Vulnerability: ======================= Sql Injection ======================= http://site.com/?fa=content. ======================= Cross Site Scrip ... Read more » |
Digital Security Research Group [DSecRG] Advisory #DSECRG-09-039
Application: Symantec Antivirus Client Proxy Versions Affected: Version 10 Vendor URL: http://symantec.com Bugs: Buffer Overflow Exploits: POC Reported: 04.05.2009 Vendor response: 07.05.2009 Date of Public Advisory: 17.02.2010 CVE-number:   ... Read more » |
* Other vulnerabilities covered in bid:38262 * === Infos === Credit: loneferret Found: 18/02/10 Versions affected <= 1.7.0.2 === Description === Lack of input length checks for the CWD command result in a buffer overflow vulnerability, allowing the execution of arbitrary code by a remote attacker. === Workaround === Upgrade to the latest version - 1.7.0.12 === PoC === #!/usr/bin/python import socket, sys print """ ****************************** * Easy FTP Server 1.7.0.2 Remote BoF * * Discovered by: Jon Butler * * jonbutler88[at]googlemail[dot] ****************************** """ if len(sys.argv) != 3: &nbs ... Read more » |
( , ) (, . `.' ) ('. ', ). , ('. ( ) ( (_,) .`), ) _ _, / _____/ / _ \ ____ ____ _____ \____ \==/ /_\ \ _/ ___\/ _ \ / \ / \/ | \\ \__( <_> ) Y Y \ /______ /\___|__ / \___ >____/|__|_| / \/ \/.-. \/ \/:wq (x.0) '=.|w|.=' _='`"``=. &n ... Read more » |
Hacktics Research Group Security Advisory
http://www.hacktics.com/#view= By Irene Abezgauz, Hacktics. 22-Feb-2010 =========== I. Overview =========== During a penetration test performed by Hacktics' experts, a persistent cross-site scripting vulnerability was identified in the SharePoint document handling module. This vulnerability allows attackers to gain control over valid user accounts, perform operations on their behalf, redirect them to malicious sites, steal their credentials, and more. A friendly formatted version of this advisory, including a video demonstrating step-by-step execution of the exploit, is available in: http://www.hacktics.com/ ========= ... Read more » |