Next Page >>
Security Center
########################################################
#
# Exploit Title : Wordpress WPsc-MijnPress plugin Cross-Site Scripting Vulnerabilities
#
# Author : #BHG Security Center - IrIsT Security Team
#
# Discovered By : Am!r
#
# Home : http://Black-hg.Org - http://IrIsT.Ir
#
########################################################
#
# Exploit Title : Wordpress taggator plugin Sql Injection Vulnerabilities
#
# Author : #BHG Security Center - IrIsT Security Team
#
# Discovered By : Am!r
#
# Home : http://Black-hg.Org - http://IrIsT.Ir
#
Thanks,
SVRT-Bkis
----------------------------------------------------------------
Bach Khoa Internetwork Security Center (BKIS)
Hanoi University of Technology (Vietnam)
Email : svrt@bkav.com.vn
Website : www.bkav.com.vn
WebBlog : security.bkis.vn
* Adan Barth (UC Berkely) and Collin Jackson (Stanford University)
discovered a flaw occurring when interpreting HTTP response headers
(CVE-2008-4818).
* Nathan McFeters and Rob Carter of Ernst and Young's Advanced
Security Center are credited for finding an unspecified vulnerability
facilitating DNS rebinding attacks (CVE-2008-4819).
* When used in a Mozilla browser, Adobe Flash Player does not
properly interpret jar: URLs, according to a report by Gregory
Fleischer of pseudo-flaw.net (CVE-2008-4821).
message is:
WINDOWS REQUIRES IMMEDIATE ATTENTION
=============================
ATTENTION ! Security Center has detected
malware on your computer !
Affected Software:
Microsoft Windows NT Workstation
3. Solution
As for the seriousness of the vulnerability, it has been patched in the
latest version of ffdshow by the developing team of the software. Bkis
Internetwork Security Center highly recommends that users should update
ffdshow to the latest version here:
http://sourceforge.net/project/showfiles.php?group_id=173941&package_id=199416&release_id=439904
At the moment, there are a lot of software packages packing ffdshow that
haven't been updated. On account of this, users should also update the
Kind of like Vista???
>
> Larry Seltzer
> eWEEK.com Security Center Editor
> http://security.eweek.com/
> http://blogs.pcmag.com/securitywatch/
> Contributing Editor, PC Magazine
> larry.seltzer@ziffdavisenterprise.com
>
>
> 3. Solution
>
> As for the seriousness of the vulnerability, it has been patched in the
> latest version of ffdshow by the developing team of the software. Bkis
> Internetwork Security Center highly recommends that users should update
> ffdshow to the latest version here:
> http://sourceforge.net/project/showfiles.php?group_id=173941&package_id=199416&release_id=439904
>
> At the moment, there are a lot of software packages packing ffdshow that
> haven't been updated. On account of this, users should also update the
Workaround
By switching off WebAccess the issue can no longer be exploited. See
section 3.a on how this can be accomplished.
VMware would like to thank Craig Marshall of Ernst and Young
Advanced Security Center for reporting this issue to us.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2010-1137 to this issue.
The following table lists what action remediates the vulnerability
[HSC] McAfee SecurityCenter Privacy Service HTML Execution Vulnerability
McAfee provides a proactive PC and Internet security service that helps you avoid
online attacks and protects what you value from hackers, identity thieves and other
online criminals.
A HTML execution vulnerability may allow an attacker to execute HTML scripts on
the system under the context of the user. These scripts can perform any action that the
user would. The flaw lies in the processing of filtering that is saved after exiting.
> message is:
>
> WINDOWS REQUIRES IMMEDIATE ATTENTION
> =============================
>
> ATTENTION ! Security Center has detected
> malware on your computer !
>
> Affected Software:
>
> Microsoft Windows NT Workstation
Could this be due to the fact that Mozilla stops supporting, and issuing
updates for old versions just a few months after the release of a new
one?
Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blogs.pcmag.com/securitywatch/
Contributing Editor, PC Magazine
larry.seltzer@ziffdavisenterprise.com
Download the prerelease version of Wireshark 1.0.5 here:
http://www.wireshark.org/download/prerelease/
----------------------------------------------------------------
Bach Khoa Internetwork Security Center (BKIS)
Hanoi University of Technology (Vietnam)
Office : 5th Floor, Hitech building - 1A Dai Co Viet, Hanoi
Email : svrt[at]bkav.com.vn
Website : www.bkav.com.vn
WebBlog : security.bkis.vn
* full-disclosure at lists.grok.org.uk
E-mail: security at vmware.com
PGP key at: http://kb.vmware.com/kb/1055
VMware Security Center
http://www.vmware.com/security
VMware security response policy
http://www.vmware.com/support/policies/security_response.html
* full-disclosure at lists.grok.org.uk
E-mail: security at vmware.com
PGP key at: http://kb.vmware.com/kb/1055
VMware Security Center
http://www.vmware.com/security
VMware security response policy
http://www.vmware.com/support/policies/security_response.html
* full-disclosure at lists.grok.org.uk
E-mail: security at vmware.com
PGP key at: http://kb.vmware.com/kb/1055
VMware Security Center
http://www.vmware.com/security
VMware security response policy
http://www.vmware.com/support/policies/security_response.html
Several vulnerabilities have been identified in Gnash, the GNU Flash
player.
CVE-2012-1175
Tielei Wang from Georgia Tech Information Security Center discovered a
vulnerability in GNU Gnash which is caused due to an integer overflow
error and can be exploited to cause a heap-based buffer overflow by
tricking a user into opening a specially crafted SWF file.
CVE-2011-4328
* full-disclosure at lists.grok.org.uk
E-mail: security at vmware.com
PGP key at: http://kb.vmware.com/kb/1055
VMware Security Center
http://www.vmware.com/security
VMware Security Advisories
http://www.vmware.com/security/advisories
* full-disclosure at lists.grok.org.uk
E-mail: security at vmware.com
PGP key at: http://kb.vmware.com/kb/1055
VMware Security Center
http://www.vmware.com/security
VMware Security Advisories
http://www.vmware.com/security/advisories
* full-disclosure at lists.grok.org.uk
E-mail: security at vmware.com
PGP key at: http://kb.vmware.com/kb/1055
VMware Security Center
http://www.vmware.com/security
VMware security response policy
http://www.vmware.com/support/policies/security_response.html
Partners / Sponsors
-------------------
NRC-CNRC Canada
University of New Brunswick, Canada
Information Security Center of eXcellence (ISCX)
Concordia University, Montreal, Canada
National Cyberforensics and Training Alliance (NCFTA), Canada
PST'11
Description
===========
Multiple vulnerabilities have been reported in Adobe Flash Player:
* lakehu of Tencent Security Center reported an unspecified memory
corruption vulnerability (CVE-2009-1862).
* Mike Wroe reported an unspecified vulnerability, related to
"privilege escalation" (CVE-2009-1863).
* full-disclosure at lists.grok.org.uk
E-mail: security at vmware.com
PGP key at: http://kb.vmware.com/kb/1055
VMware Security Center
http://www.vmware.com/security
VMware security response policy
http://www.vmware.com/support/policies/security_response.html
What are the implications for firewire device compatibility of doing
this?
Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blogs.pcmag.com/securitywatch/
Contributing Editor, PC Magazine
larry.seltzer@ziffdavisenterprise.com
.pdf). It now looks to me like they are claiming they can disable
password authentication *even while the system is not logged on* - do I
have that right?
Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blogs.pcmag.com/securitywatch/
Contributing Editor, PC Magazine
larry.seltzer@ziffdavisenterprise.com
SVRT, which is short for Security Vulnerability Research Team, is one of
Bkis researching groups. SVRT specializes in the detection, alert and
announcement of security vulnerabilities in software, operating systems,
network protocols and embedded systems.
Bach Khoa Internetwork Security Center (BKIS)
Hanoi University of Technology (Vietnam)
Email : svrt@bkav.com.vn
Website : www.bkav.com.vn
WebBlog : http://security.bkis.vn
* full-disclosure at lists.grok.org.uk
E-mail: security at vmware.com
PGP key at: http://kb.vmware.com/kb/1055
VMware Security Center
http://www.vmware.com/security
VMware security response policy
http://www.vmware.com/support/policies/security_response.html
* full-disclosure at lists.grok.org.uk
E-mail: security at vmware.com
PGP key at: http://kb.vmware.com/kb/1055
VMware Security Center
http://www.vmware.com/security
VMware security response policy
http://www.vmware.com/support/policies/security_response.html
Let's say the computer is off. You can turn it on, but that gets you to
a login screen. What can the Firewire device do?
Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blogs.pcmag.com/securitywatch/
Contributing Editor, PC Magazine
larry.seltzer@ziffdavisenterprise.com
Thanks Le Nhat Minh, Nguyen Minh Duc, Bui Quang Minh, Le Minh Hung.
----------------------------------------------------------------
Security Vulnerability Research Team (SVRT-Bkis)
Bach Khoa Internetwork Security Center (Bkis)
Hanoi University of Technology (Vietnam)
Office: 5th Floor, Hitech building - 1A Dai Co Viet, Hanoi, Vietnam
Tel: 84.4.38 68 47 57 Ext 128
Mobile: +84 983 60 99 20
Next Page>>
|
