<< Previous Next >>
Build
III. AFFECTED PRODUCTS
---------------------------
VMware Workstation versions prior to 6.5.4 build 246459
VMware Player versions prior to 2.5.4 build 246459
VMware Server versions 2.x
VMware Movie Decoder versions prior to 6.5.4 Build 246459
<?php
/*
Bs.Player <= 2.34 Build 980 (.bsl) local buffer overflow 0day exploit (seh)
by Nine:Situations:Group::pyrokinesis
Overlong hostnames in bsplayer playlist files causes eax and seh handlers to be
overwritten. Cannot reliably debug with olly because of code compression, just
used faultmon/memdump/msfpescan and I choosed the easy/universal way with seh.
There are some pop ret addresses in common among the vulnerable versions...
[VULNERABILITY INFORMATION]
Class: Authentication issue, Administrative access
CVE: CVE-2011-3485
[AFFECTED SOFTWARE]
* ADSelfService Plus 4.5 Build 4521
Previous versions are probably also vulnerable, but they were not checked.
[VULNERABILITY DETAILS]
ManageEngine ADSelfService Plus is a web-based password management
infrastructure for Microsoft Windows Active Directory environments.
Conference Format
===================
ShmooCon 2008 has 4 options for speaker submission.
+One Track Mind - Technical Tales in Twenty Minutes or Less Break It!
- Technology Exploitation
+Build It! - Inventive Software & Hardware Solutions
+Bring It On! - Open Discussion of Technology & Security Topics
Topics for One Track Mind may include, but are not limited to:
+Updates to talks given at other conferences
+Works in Progress
Does anyone know how to check the build version number on the agent?
Or is there a comparison with that build number and a x.y.z version
id?
On Thu, Sep 18, 2008 at 5:44 AM, iViZ Security Advisories
<advisories@iviztechnosolutions.com> wrote:
> -----------------------------------------------------------------------
> [ iViZ Security Advisory 08-010 17/09/2008 ]
> -----------------------------------------------------------------------
> iViZ Techno Solutions Pvt. Ltd.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
VirtualCenter any Windows not affected
Workstation 7.x any 7.1.2 build 301548 or later *
Workstation 6.5.x any not affected
Player 3.x any 3.1.2 build 301548 or later *
Player 2.5.x any not affected
+------------------
The vulnerabilities disclosed in this advisory affect the Cisco WebEx
recording players. Microsoft Windows, Apple Mac OS X, and Linux
versions of the player are all affected. Affected versions of the
players are those prior to client builds T27LC SP22 and T27LB SP21
EP3. Customers who have contractual agreements that prevent WebEx
from automatically upgrading a recording player to the latest version
should contact their account manager to determine upgrade options.
To determine whether a Cisco WebEx server is running an affected
Potential security vulnerabilities have been identified with HP Data Protector Express (DPX) 5.0 and 6.0. The vulnerabilities could be exploited remotely to create a Denial of Service (DoS) or to execute arbitrary code.
References: CVE-2012-0121, ZDI-CAN-1392; CVE-2012-01222, ZDI-CAN-1393; CVE-2012-0123, ZDI-CAN-1498; and CVE-2012-0124
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP Data Protector Express (DPX) 5.0.00 prior to build 59287
HP Data Protector Express (DPX) 6.0.00 prior to build 11974
Note: DPX users can identify the build number by clicking on 'Help' and then 'About'.
BACKGROUND
Title:
======
Cyberoam UTM v10.01.2 build 059 - File Include Vulnerabilities
Date:
=====
2012-04-15
branch offices. Multiple security features integrated over a single,
Layer 8 Identity-based platform make security simple, yet highly
effective."
Versions tested / affected:
CR25ia 10.00 build 0309
CR35ia 10.01 build 0667
Vulnerability discovered:
Cross-site Scripting in an Authenticated context
ShmooCon has four tracks to accommodate a variety of speaking styles and topics.
ONE TRACK MIND - Technical tales in twenty minutes or less
BREAK IT - Technology exploitation
BUILD IT - Creating inventive software and hardware
BRING IT ON - Open discussion of technology and security topics
--== ONE TRACK MIND ==--
Verification........................................................10
======================================================================
1) Affected Software
* uTorrent 1.7.7 (build 8179)
* BitTorrent 6.0.1 (build 7859)
NOTE: Other versions may also be affected.
======================================================================
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
VirtualCenter any Windows not affected
Workstation 6.5.x any 6.5.3 build 185404 or later
Player 2.5.x any 2.5.3 build 185404 or later
ACE 2.5.x any 2.5.3 build 185404 or later
and topics.
One Track Mind - Technical Tales in Twenty Minutes or Less
Break It! - Technology Exploitation
Build It! – Creating Inventive Software & Hardware
Bring It On! - Open Discussion of Technology & Security Topics
+++ One Track Mind (Friday Night Only) +++
Problem Resolution:
The following EMC NetWorker products contain resolution to this issue:
EMC NetWorker 7.6.1.5 and later cumulative build. For details regarding all fixes included in this build, refer to the NetWorker 7.6 Cumulative Hotfixes document on <A href="http://powerlink.emc.com/">Powerlink</A>. Home > Products > Software E-O > NetWorker > Key Enhancements/Support Notes > NetWorker 7.6.
EMC NetWorker 7.5.4.3 and later cumulative build. For details regarding all fixes included in this build refer to the NetWorker 7.5 Cumulative Hotfixes document on <A href="http://powerlink.emc.com/">Powerlink</A>. Home > Products > Software E-O > NetWorker > Key Enhancements/Support Notes > NetWorker 7.5.
EMC strongly recommends, at the earliest opportunity, all customers apply the patch or upgrade to the latest version of the product which contains the resolution to this issue.
Information Disclosure Vulnerabilities
Advisory-ID: 200801161
Discovery Date: 1.16.2008
Release Date: 1.23.2008
Affected Applications: HFS 2.0 to and including 2.3(Beta Build
#174)
Non-Affected Applications: HFS 1.6a and earlier versions
Class: Cross-Site Scripting (XSS), Information Disclosure
Status: Patch available/Vendor informed
Vendor: Massimo Melina
reports-config-by-monitor.asp (siteid) parameter
reports-list.asp (siteid, sel) parameters
reports-monitoring-queue.asp (siteid) parameter
site-list.asp (action) parameter
Tested on: Windows XP, SP3, with Tembria Server Monitor v6.0.4 - Build 2229 default installation.
Affected software versions: Tembria Server Monitor v6.0.4 - Build 2229 (previous versions may also be vulnerable)
Impact: Successful attacks could disclose sensitive information about the user, session, and application to the attacker, resulting in a loss of confidentiality. Using XSS, an attacker could insert malicious code into a web page and entice nave users to execute the malicious code.
//
// This mitigation is for 32-bit (x86) Windows only -- it does
// not work on 64-bit Windows, even though 64-bit Internet
// Explorer is technically affected.
//
// To build:
//
// 1. Start Visual Studio 2008 (2005 should also work)
// 2. File -> New -> Project
// 3. Choose Visual C++: Win32: Win32 Project
// 4. Enter "iebsfix1" for the name
Our proof of concept contemplates 2 possibilities:
1. The victim's machine is able to establish a connection to the port
445 (NetBIOS over TCP/IP) on the malicious server in which case the
correct 'USERNAME' can be obtained to build the right UNC path to the
'index.dat' file:
/-----------
\\127.0.0.1\C$\Documents and settings\USERNAME\Local
and x86-64 are available for download via direct links from:
http://www.openwall.com/Owl/
The ISOs include a live system, installable packages, the installer
program, as well as full source code and the build environment.
The download size is under 450 MB (for one CPU architecture).
Additional components, such as OpenVZ container templates, are available
from the appropriate directories on the mirrors:
[JCR-1926] Text.unescape("%") throws a StringIndexOutOfBoundsException
jackrabbit-jcr-server
Bug fixes
[JCR-1902] Warning while building DAV:parent-set for root-node resource
jackrabbit-jcr-servlet
Bug fixes
[JCR-1910] RMIRemoteBindingServlet fails to initialize if the RMI ...
CVE Identifier: CVE-2011-1420
Severity Rating: CVSS v2 Base Score: 6.8 (AV:L/AC:L/Au:S/C:C/I:C/A:C)
Affected products:
EMC Data Protection Advisor Collector for Solaris SPARC 5.7 earlier than Build 5833
EMC Data Protection Advisor Collector for Solaris SPARC 5.7.1 earlier than Build 5833
Vulnerability Summary:
EMC Data Protection Advisor Collector for Solaris SPARC contains potential security vulnerability that can be exploited to execute malicious code with elevated privileges on the affected system.
Impact : Arbitrary code execution
Wherefrom: Local
Original : http://www.rdancer.org/vulnerablevim-configure.in.html
http://www.rdancer.org/vulnerablevim-configure.in.patch
Insecure temporary file creation during the build process is vulnerable
to symbolic link attacks, and arbitrary code execution. Patch provided.
2. Background
30 May 2011: Exploit details released.
--------------------------------------------------------------------
Product Description:
Apache Archiva is an extensible repository management software that
helps taking care of your own personal or enterprise-wide build artifact
repository. It is the perfect companion for build tools such as Maven,
Continuum, and ANT.
Archiva offers several capabilities, amongst which remote repository
proxying, security access management, build artifact storage, delivery,
authorization bypass and buffer overflow.
4. *Vulnerable packages*
. Foxit Reader 3.0 build 1120
. Foxit Reader 3.0 build 1301
. Older 3.0 builds are probably affected too, but they were not checked.
5. *Non-vulnerable packages*
Luigi Auriemma
Applications: BitTorrent and uTorrent
http://www.bittorrent.com
http://www.utorrent.com
Versions: BitTorrent <= 6.0 (build 5535)
uTorrent <= 1.7.5 (build 4602)
uTorrent <= 1.8-alpha-7834
Platforms: Windows confirmed
Mac and Linux (both available only on BitTorrent) have
not been tested
http://secureappdev.blogspot.com/2010/09/testing-google-message-security-saas.html
Description
Message Center II service (build 6_24) was found vulnerable to SQL Injection attacks. When exploited by an attacker, the identified vulnerability could lead to Information Disclosure (map database structure, extract data from available tables), Denial of Service (consume server resources by injecting SQL heavy queries), etc.
An authenticated attacker without administrative privileges can inject arbitrary code into the SQL query built to generate the list of quarantined/deleted e-mails. This can be achieved by manipulating the sort_direction parameter of /junk_quarantine/process and /trash/process resources.
Test case: sort_direction='
Exploit Vectors: Local
Vulnerability Description: A vulnerability exists in the Tembria Server Monitor application allowing an attacker to easily decrypt usernames and passwords used to authenticate to the application. This is a second level attack that requires access to the password files stored within the application directory. The application implements a simple substitution cipher to obfuscate the values of plaintext usernames and passwords. Obfuscation of the usernames and passwords is achieved by encrypting them to represent numeric values that are three characters wide (i.e. e = 057). An attacker who has previously compromised the host operating system or achieved direct access to the authentication.dat file found in the "\Tembria\Server Monitor" directory can obtain the encrypted user credentials and decrypt them with little effort. Credentials using the same encryption can also be found in XML files located in the "\Tembria\Server Monitor\Exports" directory.
Tested on: Windows XP, SP3, with Tembria Server Monitor v6.0.4 - Build 2229 default installation.
Affected software versions: Tembria Server Monitor v6.0.4 - Build 2229 default installation
Impact: In cases where access to the previously mentioned files is obtained, an attacker can decrypt all username and password values and potentially reuse them for authentication to other systems within the network environment.
command-line interface (CLI) command to display the system banner.
Cisco CDS Internet Streamer software will identify itself as "Content
Delivery System Software Release". On the same line of output, the
version number will also be provided. This example identifies a Cisco
Content Delivery Engine that is running Cisco Content Delivery System
software release 2.5.9 build 5:
cdn-cde#show version
Content Delivery System Software (CDS)
Copyright (c) 1999-2010 by Cisco Systems, Inc.
Content Delivery System Software Release 2.5.9 (build b5 Jun 16 2010)
Verification........................................................10
======================================================================
1) Affected Software
* ACDSee Photo Manager version 9.0 build 108
* ACDSee Pro Photo Manager version 8.1 build 99
* ACDSee Photo Editor version 4.0 build 195
NOTE: Other versions may also be affected.
<<Previous Next>>
|
