1. A
Advisory Contact Matt Jordan <mjordan AT digium DOT com>
CVE Name
Description An attacker can cause Asterisk to crash in one of two ways:
1. A dialplan uses the Milliwatt application with 'o'
option
2. The internal_timing opion in asterisk.conf is off
3. The attacker sends a large audio packet. The number of
=====================
II. DESCRIPTION
=====================
1. A malicious attacker may inject scripts into the "errmsg" parameter in the ARISg5 (Version 5.0) application.
2. A malicious attacker may Inject his own error message using the "errmsg" parameter
and create a phishing attack using the ARISg5 (Version 5.0) application
=====================
Account Groups.
Proof of concept:
-----------------
1.a) Denial of Service:
A python script has been developed in order to exploit this issue. This
proof-of-concept code will not be published.
After sending the malicious payload ELBA would display a message box
The deadline for submissions is the 10th of October.
If approved we will additionally require:
1. A brief personal biography (between 2-5 paragraphs in length).
2. A description on your presentation (between 2-5 paragraphs in length).
Contact Details
Presentation Submissions: presentations@ruxcon.org.au
| |
| |
C D
Take first scenario:
1. A - sends frame to B
2. Switch 1 - accepts frame and forwards it to switch 2
3. Switch 2 - accepts frame via link from switch 1 and forwards it to B
Second scenario:
1. Station C and station D starts to send frames to break link beetween switch 1 and switch 2, and announce non existing connection and switch from C port on switch 1 to D port on switch 2
discussion
———————————
Post Revolution is prone to multiple remote vulnerabilities, including:
1. A Denial of service vulnerability. (CWE-835) (CVE-2011-1952)
2. Persistent Cross-site scripting vulnerabilities. (CWE-79) (CVE-2011-1953)
3. Cross-site request forgery vulnerabilities. (CWE-352) (CVE-2011-1954)
An attacker may leverage these issues to cause a denial-of-service
condition, perform certain administrative actions, execute arbitrary
Severity Rating: CVSS v2 Base Score: See below for CVSS Base Scores for individual issues.
Affected products:
EMC Data Protection Advisor Server 5.5 (all platforms)
EMC Data Protection Advisor Server 5.5 SP1 (all platforms)
EMC Data Protection Advisor Server 5.6 (all platforms)
EMC Data Protection Advisor Server 5.6 SP1 (all platforms)
EMC Data Protection Advisor Server 5.7 (all platforms)
EMC Data Protection Advisor Server 5.7 SP1 (all platforms)
EMC Data Protection Advisor Server 5.8 (all platforms)
---[ Vulnerability description ]
Positive Research Center has discovered multiple vulnerabilities in Dlink DPH 150SE/E/F1 IP phone.
1. A vulnerability exists in web management interface of Dlink DPH 150SE and allows an unauthenticated user to obtain device configuration file with all the settings including administrator's password. An attacker should set up a tftp/ftp server to receive configuration file to exploit the vulnerability.
2. A vulnerability exists in web management interface of Dlink DPH 150SE and allows an unauthenticated user to upload configuration file to the device.
3. A vulnerability exists in web management interface of Dlink DPH 150SE and allows an unauthenticated user to modify the message shown on the device LCD display.
| |
| |
C D
Take first scenario:
1. A - sends frame to B
2. Switch 1 - accepts frame and forwards it to switch 2 3. Switch 2 - accepts frame via link from switch 1 and forwards it to B
Second scenario:
1. Station C and station D starts to send frames to break link beetween switch 1 and switch 2, and announce non existing connection and switch from C port on switch 1 to D port on switch 2
References...........................................................8
About Secunia........................................................9
Verification........................................................10
======================================================================
1) Affected Software
* Trend Micro Internet Security 2007
* Trend Micro Internet Security 2008 17.0.1224
* Trend Micro OfficeScan 8.0 SP1 Patch 1
> . . . or maybe "zero day exploit".
Proposed:
1. A 0-day EXPLOIT is an Unpatched Vulnerability that we realize is being or has been abused.
2. A 0-day VULNERABILITY: no such thing. All vulnerabilities are either Unpatched or Patched. They start out in Unpatched status the moment some programmer creates them. They remain Unpatched until they are Patched.
-------------------------------------
Marvin Simkin
Class : Remote Directory Traversal
Threat level : HIGH
Discovered : 2007-08-25
Published : 2007-09-06
Credit : Gynvael Coldwind
Vulnerable : 7.01 and prior
== Abstract ==
Christian Ghislers Total Commander is a popular Windows file explorer with a
Symantec Vulnerability Research
http://www.symantec.com/research
Security Advisory
Advisory ID: SYMSA-2008-001
Advisory Title: Lyris ListManager - Multiple Vulnerabilities
Author: Tyler Shields tyler_shields@symantec.com
Release Date: Wednesday, January 21, 2008
Application: Lyris List Manager
Platform: Web Interface
Severity: Remotely Exploitable
* WebVPN Datagram Transport Layer Security (DTLS) Denial of Service
Vulnerability
* Crafted TCP Segment Denial of Service Vulnerability
* Crafted Internet Key Exchange (IKE) Message Denial of Service
Vulnerability
* NT LAN Manager version 1 (NTLMv1) Authentication Bypass
Vulnerability
These vulnerabilities are not interdependent; a release that is affected
by one vulnerability is not necessarily affected by the others.
If you are already familiar with timing attacks you can skip this chapter.
Let's take a brief example of a timing attack scenario aiming to predict real user logins on a
specific system :
1. A system is running a server application 'login.exe' which takes a username, a password and then
opens a shell or refuses connection if authentication fails.
2. When you type a login and password the 'login.exe' application will check the login, then check
the password, then will allow or deny access to a shell.
Today we are releasing a very interesting whitepaper which describes a DNS
poisoning attack against stub resolvers.
It discloses two vulnerabilities:
1. A vulnerability in Java (CVE-2011-3552, CVE-2010-4448) which enables remote
DNS poisoning using Java applets. This vulnerability can be triggered when
opening a malicious webpage. A successful exploitation of this vulnerability
may lead to disclosure and manipulation of cookies and web pages, disclosure
of NTLM credentials and clipboard data of the logged-on user, and even
firewall bypass.
==Description==
Ghostscript (www.ghostscript.com), an interpreter for the PostScript language,
is vulnerable to two memory corruption vulnerabilities:
1. A stack overflow in the parser for Ghostscript versions 8.64 and 8.70 occurs
when very long identifiers are provided within a PostScript file. By enticing
a user to open a maliciously crafted PostScript file, arbitrary code execution
can be achieved. This vulnerability was reported to downstream distributions
by me on March 4, 2010. An anonymous researcher independently published this
vulnerability today (May 11, 2010), prompting this advisory. This issue has
As far as I can tell no technical details have been released to explain
this issue either by Facebook or AT&T. So I am going to speculate on
various ways this might have happened:
1. A flaw in Facebook caused the system to falsely authenticate users
based on their IP address even without an authentication cookie present.
This could happen, however if this was the case a lot more people would
have hit it by now especially on networks that have their IP address
allocated dynamically.
1. XSS 1
A HTTP GET request against the following URL will, on a web browser
with Javascript support, cause a dialog box saying '1' to be displayed:
http://CACTIHOST/graph.php?action=zoom&local_graph_id=1&graph_end=1%27%20style=visibility:hidden%3E%3Cscript%3Ealert(1)%3C/script%3E%3Cx%20y=%27
This vulnerability is only exploitable if the victim is allowed to view
BACKGROUND
Cygwin is a Linux-like environment for Windows. It consists of two parts:
1. A DLL (cygwin1.dll) which acts as a Linux API emulation layer providing
substantial Linux API functionality.
2. A collection of tools which provide Linux look and feel.
SUMMARY
>
> > . . . or maybe "zero day exploit".
>
> Proposed:
>
> 1. A 0-day EXPLOIT is an Unpatched Vulnerability that we realize is being or has been abused.
>
> 2. A 0-day VULNERABILITY: no such thing. All vulnerabilities are either Unpatched or Patched. They start out in Unpatched status the moment some programmer creates them. They remain Unpatched until they are Patched.
>
That was pretty much my point -- so I'm on board.
Authors should submit an original paper in English, carefully checked for correct grammar and spelling, using the on-line submission procedure (http://www.easychair.org/conferences/?conf=ibwas10). Please check the paper formats so you may be aware of the accepted paper page limits (12 pages, in accordance to a supplied template: ftp://ftp.springer.de/pub/tex/latex/llncs/word/LNCS-Office2007.zip).
The guidelines for paper formatting provided at the conference web site must be strictly used for all submitted papers. The submission format is the same as the camera-ready format. Please check and carefully follow the instructions and templates provided.
Each paper should clearly indicate the nature of its technical/scientific contribution, and the problems, domains or environments to which it is applicable.
Papers that are out of the conference scope or contain any form of plagiarism will be rejected without reviews.
Remarks about the on-line submission procedure:
1. A "double-blind" paper evaluation method will be used. To facilitate that, the authors are kindly requested to produce and provide the paper, WITHOUT any reference to any of the authors. This means that is necessary to remove the author’s personal details, the acknowledgements section and any reference that may disclose the authors identity
2. Papers in ODF, PDF, DOC, DOCX or RTF format are accepted
3. The web submission procedure automatically sends an acknowledgement, by e-mail, to the contact author.
Paper submission types
|
