Next Page >>
Dec
I think that the you can find the information at the incident references at http://www.webappsec.org/projects/whid/byid_id_2007-60.shtml.
----Original Message----
From: Memisyazici, Aras [mailto:arasm@vt.edu]
Sent: Sunday, December 30, 2007 2:13 PM
To: Ofer Shezaf; bugtraq@securityfocus.com
Subject: RE: Latest round of web hacking incidents for 2007 & Project news
>>The researchers found that they can use Google to retrieve the hashed password of the hacker. Google has become so big that it actually allows efficient encrypted passwords lookup.
Leader, WASC Web Hacking Incidents Database Project
WHID 2007-71: Hacker uses Social Security numbers from Ohio court site
======================================================================
Reported: 22 December 2007, Occurred: 22 December 2007
Classifications:
* Attack Method: Credential/Session Prediction
* Country: USA
> Leader, WASC Web Hacking Incidents Database Project
>
>
> WHID 2007-71: Hacker uses Social Security numbers from Ohio court site
> ======================================================================
> Reported: 22 December 2007, Occurred: 22 December 2007
>
> Classifications:
>
> * Attack Method: Credential/Session Prediction
> * Country: USA
Leader, WASC Web Hacking Incidents Database Project
WHID 2007-71: Hacker uses Social Security numbers from Ohio court site
======================================================================
Reported: 22 December 2007, Occurred: 22 December 2007
Classifications:
* Attack Method: Credential/Session Prediction
* Country: USA
version of the UNIX SRR scripts until further notice. The UNIX SRR
scripts will be corrected and posted as soon as possible. Please check
back at a later time for the updated scripts. Thanks for your
understanding and support.?
As of today, a new version dated December 7, 2009 is available for
download. Unfortunately, although some changes were made, it is still
vulnerable to the issue described in CVE-2009-4211.
The CVE should be updated to reflect that the December, 2009 version is
also vulnerable. The script should be re-evaluated to remove any
=============================================
INTERNET SECURITY AUDITORS ALERT 2009-013
- Original release date: December 7th, 2009
- Last revised: December 16th, 2009
- Discovered by: David Eduardo Acosta Rodriguez
- Severity: 4/10 (CVSS Base Score)
=============================================
I. VULNERABILITY
-------------------------
=============================================
INTERNET SECURITY AUDITORS ALERT 2008-004
- Original release date: 12th December, 2008
- Last revised: 22nd December, 2008
- Discovered by: Jesus Olmos Gonzalez
- Severity: 4/5
=============================================
I. VULNERABILITY
-------------------------
root cause of the original bug was identified in the way that the
'PathName' parameter is processed by the VMware API that provides the
Shared Folders functionality in the Guest operating system.
The 'PathName' parameter is converted from a multi byte string to a wide
character string after verifying that it doesn't contain the dot-dot
substring (the two-byte sequence '0x2e0x2e' that translates to the ASCII
substring '".."') that may allow a malicious user to break out of the
shared folder using a path traversal attack. The resulting wide character
string converted from 'PathName' is then passed to the file system API on
the Host system.
Advisory ID: CORE-2008-0228
Advisory URL: http://www.coresecurity.com/content/word-arbitrary-free
Date published: 2008-12-10
Date of last update: 2008-12-10
Vendors contacted: Microsoft
Release mode: Coordinated release
2. *Vulnerability Information*
Class: Arbitrary free
=============================================
INTERNET SECURITY AUDITORS ALERT 2007-006
- Original release date: December 18th, 2007
- Last revised: December 24th, 2007
- Discovered by: Jesus Olmos Gonzalez
- Severity: 5/5
=============================================
I. VULNERABILITY
-------------------------
GET /phpmyadmin/setup/index.php HTTP/1.1
Response
--------
HTTP/1.1 200 OK
Date: Thu, 01 Dec 2011 16:42:17 GMT
Server: Apache/2.2.20 (Ubuntu)
X-Powered-By: PHP/5.3.6-13ubuntu3.2
Set-Cookie: phpMyAdmin=12l6mt8qnlme3o673h75fuj5a6qijnvf; path=/phpmyadmin/setup/; HttpOnly
Expires: Thu, 01 Dec 2011 16:42:17 GMT
Cache-Control: no-store, no-cache, must-revalidate, pre-check=0, post-check=0, max-age=0
=============================================
INTERNET SECURITY AUDITORS ALERT 2009-012
- Original release date: October 13th, 2009
- Last revised: December 16th, 2009
- Discovered by: Juan Galiana Lara
- CVE ID: CVE-2009-3701
- Severity: 6.3/10 (CVSS Base Score)
=============================================
I. VULNERABILITY
28 October 2010: Informed Vendor that multiple pages are still
vulnerable
03 November 2010: Acknowledgement / Update requested
03 November 2010: Update received. No fixes initiated.
23 November 2010: Informed vendor disclosure date set to 1/12/2010
22 December 2010: Update requested.
22 December 2010: Vendor asks to release information as the
vulnerabilities are already known
23 December 2010: A different contact at the Vendor location informs
that there are no updates.
24 December 2010: Disclosure date set to 5 December 2010
28 October 2010: Informed Vendor that multiple pages are still
vulnerable
03 November 2010: Acknowledgement / Update requested
03 November 2010: Update received. No fixes initiated.
23 November 2010: Informed vendor disclosure date set to 1/12/2010
22 December 2010: Update requested.
22 December 2010: Vendor asks to release information as the
vulnerabilities are already known
23 December 2010: A different contact at the Vendor location informs
that there are no updates.
24 December 2010: Disclosure date set to 5 December 2010
Notification of acceptance will be e-mailed to Authors by November 15,
and the preliminary program will be issued on the conference website.
Camera-Ready papers must be submitted within November 30.
The final program of COMPENG will be posted by December 30 on the
Conference website.
At least one Author per paper must register to the Conference for the
paper to be included in the Proceedings. At least one Author each
accepted paper shall pay the advanced registration fee by December 10.
------------------------------------------------------------------------
Cross-Site Scripting (XSS) in phpWebSite 1.4.0 search
------------------------------------------------------------------------
Author: Audun Larsen (larsen at xqus dot com)
Date: Dec 29, 2007
--AFFECTED SOFTWARE--------------------------
Name: phpWebSite
Proof of concept
[root@pi3-test apache]# gdb -q ./bin/httpd
(gdb) r -X
Starting program: /usr/local/apache/bin/httpd -X
[Sun Dec 27 05:03:19 2009] [alert] httpd: Could not determine the server's fully
qualified domain name, using 127.0.0.1 for ServerName
Program received signal SIGSEGV, Segmentation fault.
0x0000003fec682958 in memcpy () from /lib64/libc.so.6
Missing separate debuginfos, use: debuginfo-install expat-2.0.1-6.fc11.1.x86_64
shows that you can modify the SAM and SECURITY hives without using DLL
injection or any other advanced technique that security Admins are
currently looking for when it comes to advanced persistent threats.
On Dec 13, 2010 11:54 AM, "Kurt Dillard" <kurtdillard@msn.com> wrote:
> So far I agree with Thor. Did I miss something? Has anyone demonstrated
> using the locally cached credentials to access resources across the network?
> So far I haven't seen anything new or interesting in this thread:
>
> 1. StenoPlasma claims that a local admin can access and reuse the cached
=============================================
INTERNET SECURITY AUDITORS ALERT 2009-010
- Original release date: September 28th, 2009
- Last revised: December 15th, 2009
- Discovered by: Juan Galiana Lara
- CVE ID: CVE-2009-3703
- Severity: 8.5/10 (CVSS Base Score)
=============================================
I. VULNERABILITY
Platforms : PHP && MySQL
Vulnerability Type : Input Validation Errors
Disclosure Timeline
-------------------------
04 December 2007 -- Vendor Contacted
04 December 2007 -- Vendor Replied
05 December 2007 -- Fix Released
10 December 2007 -- Pulic Disclosure
What is Falt4Extreme
Platforms : PHP && MySQL
Vulnerability Type : Input Validation Error
Timeline
-------------------------
17 December 2007 -- Vendor Contacted
19 December 2007 -- Vendor Replied
22 December 2007 -- New Release
22 December 2007 -- Advisory Released
What is TikiWiki
40 minutes are for the presentation & 10 for the question-answer
sessions. We’d request you to submit the papers keeping the time
constraint in mind.
:: Event ::
Date: 3rd, 4th & 5th December (As Usual the first weekend of December)
Place: Pune, India
We are also hosting the finals of Malcon at ClubHack2010, for more
information & CFP of malcon see http://malcon.org/
CREDITS:
StenoPlasma (at) ExploitDevelopment.com
TIMELINE:
Discovery: December 4, 2010
Vendor Notified: December 7, 2010
Vendor Fixed: N/A
Vendor Dismissed: December 9, 2010
Vendor Notified of Disclosure: December 9, 2010
Disclosed: December 9, 2010
"backupPdUzR4"
Let's take a look at it...On a VM I tested, even the directory was readable.
$ ls -lha /tmp/backupfileIy00MO/
total 36K
drwxr-xr-x 2 root root 4.0K Dec 12 02:18 .
drwxr-xr-x 3 root root 4.0K Dec 12 10:37 ..
-rw-r--r-- 1 root root 15K Dec 12 00:46 hypervm.file
-rw-r--r-- 1 root root 11K Dec 12 00:46 hypervm.metadata
World readable files. In it, root passwords in plain text. Including username, RSA private keys and lots more.
Not an ISP, but if your data resides on their server(s), ...
-----Original Message-----
From: Kurt Buff [mailto:kurt.buff@gmail.com]
Sent: Thursday, December 27, 2007 12:26 PM
To: bugtraq@securityfocus.com
Subject: Re: Cryptome: NSA has real-time access to Hushmail servers
Wasn't there an article or a post somewhere about an ISP that
>-----Original Message-----
>From: kattrap@gmail.com [mailto:kattrap@gmail.com] On Behalf Of Andrea
>Lee
>Sent: Monday, December 13, 2010 9:12 AM
>To: Thor (Hammer of God)
>Cc: George Carlson; bugtraq@securityfocus.com; full-
>disclosure@lists.grok.org.uk
>Subject: Re: [Full-disclosure] Flaw in Microsoft Domain Account Caching Allows
>Local Workstation Admins to Temporarily Escalate Privileges and Login as
>Cached Domain Admin Accounts (2010-M$-002)
-----Original Message-----
From: kattrap@gmail.com [mailto:kattrap@gmail.com] On Behalf Of Andrea Lee
Sent: Monday, December 13, 2010 2:12 PM
To: Thor (Hammer of God)
Cc: George Carlson; bugtraq@securityfocus.com;
full-disclosure@lists.grok.org.uk
Subject: Re: [Full-disclosure] Flaw in Microsoft Domain Account Caching
Allows Local Workstation Admins to Temporarily Escalate Privileges and Login
Advisory URL:
[http://www.coresecurity.com/content/webex-atp-and-wrf-overflow-vulnerabilities]
Date published: 2011-01-31
Date of last update: 2011-01-31
Vendors contacted: Cisco
Release mode: Coordinated release
2. *Vulnerability Information*
0000520 - Static/runtime analysis
0000540 + Hardware
0000560 - Embedded devices, consoles, femtocell
0000600 - Cellphones
0000620 - RFID, SDR (software defined radio)
0000640 - Side channel attacks
0000660 - Physical security (cameras, access control)
0000700 + Protocol
0000720 - GSM / CDMA
0000740
0000760 + Also of interest to us
The reason why we thought rawurlencode might be suitable is because htmlentities in a tracking URL might break the Google Analytics Tracking.
Disclosure Information:
- Vulnerability found 3rd December
- Patch was made available 4th December
- Disclosed on InterN0T 4th December
- Vendor and Buqtraq (SecurityFocus) contacted the 4th December
Next Page>>
|
