Next Page >>
details
WonderWare InTouch 8.0.
*Non-vulnerable Packages*
. Contact WonderWare for details.
*Vendor Information, Solutions and Workarounds*
The vendor has made a technical document available to registered
Independently of the data network access used by the mobile device, at some point the web traffic will enter on the public Internet in the clear (unencrypted), where it can be intercepted by anyone with access to capture the traffic on any of the intermediate network segments between the mobile device and Twitter.
The fact that Twitter credentials can be easily eavesdropped has a pretty significant impact, as most users assume other users credentials have not been hijacked, therefore, they blindly trust tweets (or microblog/blog posts) coming from trusted parties (their friends, people they frequently follow, public personalities...). Twitter account hijacking can be used for web-based & client-based targeted attacks (specially through the use of short URLs), and can cause a significant damage to the image and credibility of the victim user.
While analyzing in-depth the affected HTC Peep version and the version associated to the temporary hotfix provided by HTC, we collected the following details from the Windows Mobile registry:
[HKEY_LOCAL_MACHINE\Software\OEM\MASD]
"Manila_Twitter"="2_5_19212224_0"
[HKEY_LOCAL_MACHINE\Drivers\BuiltIn\HotFix]
. 2008-03-12:
Core asks to continue the discussion concerning the vulnerability by
mail so as to have all the involved parties informed simultaneously and
all communications documented. Core requests confirmation that the
vendor has been able to reproduce the vulnerability and requests details
concerning the plan to release fixes and asks for the additional
information that the vendor would like to include in the advisory (in
the "vendor information" section). Core reminds the vendor that the
original publication date of the advisory was February 25th and states
that the publication of the advisory is now re-scheduled to March 24th
filtering outbound SMB connections at the endpoint or network perimeter
may not prevent exploitation it is generally a good security measure to
prevent disclosure of sensitive information such as valid usernames of
endpoint users.
Microsoft has issued a patch to fix the vulnerability and a detailed
description of how to implement the workarounds on IE. It is available
as Security Bulletin http://go.microsoft.com/fwlink/?LinkID=150860.
Microsoft's Research and Defense blog has further discussion about the
vulnerability, workarounds and mitigations [3].
http://site/templates/example_template.php?data[table][1][item]=%3Cscript%3Ealert(document.cookie)%3C/script%3E
http://site/templates/example_template.php?data[table][1][url]=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
http://site/templates/example_template.php?data[poweredby]=%3Cscript%3Ealert(document.cookie)%3C/script%3E
Original article (in Russian): http://securityvulns.ru/Sdocument784.html
Additional details (in Ukrainian): http://websecurity.com.ua/1694/
2. Wordpress multiple security vulnerabilities:
2.1 information disclosure (WordPress 2.2/2.3)
. 2010-10-04:
Core Security Technologies contacts Cisco PSIRT using their provided PGP
key notifying them of the vulnerabilities and sending an advisory draft,
a proof of concept for the WebEx Player vulnerability, and a proof of
concept for the Meeting Center vulnerability including details of how to
reproduce both vulnerabilities, and details about the behaviour of the
PoC for the Player vulnerability on Windows XP SP2 (which overwrites EIP
with 0x41414141 on that platform). October 18th 2010 (a two weeks
timeframe) is set as a potential release date for the advisory.
Add a REG_DWORD value to this key named as the AIM client application (for
example, aim.exe) and set it to 1. Any other setting for this value will
disable Local Machine Zone Lockdown for the application.
For further details about how to configure this feature read Microsoft‟s
Internet Explorer Local Machine Zone Lockdown recommendation at:
http://technet.microsoft.com/enus/library/bb457150.aspx#EHAA
*Credits*
This vulnerability was discovered by Lucas Lavarello from the CORE
Add a REG_DWORD value to this key named as the AIM client application (for
example, aim.exe) and set it to 1. Any other setting for this value will
disable Local Machine Zone Lockdown for the application.
For further details about how to configure this feature read Microsoft‟s
Internet Explorer Local Machine Zone Lockdown recommendation at:
http://technet.microsoft.com/enus/library/bb457150.aspx#EHAA
*Credits*
This vulnerability was discovered by Lucas Lavarello from the CORE
We are continuing with the list of security vulnerabilities found in a
number of web applications while testing our latest version of Acunetix
WVS v7 . In this blog post, we will look into the details of a number of
security problems discovered by Acunetix WVS in CubeCart.
"CubeCart is a fully featured ecommerce shopping cart solution used by
over a million store owners around the world."
The following web vulnerabilities were found in CubeCart version 4.3.3;
[AFFECTED PRODUCTS]
The vulnerabilities described in this advisory are related to a firmware shared
among several devices of different vendors. Unfortunately, we have not been
able to identify the actual firmware manufacturer: we asked the name of the
firmware manufacturer to the vendors, without any success (see section
"DISCLOSURE TIME-LINE" for details).
We confirm the products of the following vendors are affected:
* TRENDnet
* Digicom
* iPUX
We consider it to be remarkable that a suprisingly big number of scripts had
no guards against a relatively well-known attack vector. However, it enabled us
to directly compare the reactions of different vendors to a very similar issues.
In II, we will present our findings of the survey; in III we detail
the reactions
of the different vendors and in IV offer our conclusions.
II Survey
====================================================
Cydoor, Huntbar, Ezula, Sandboxer and more! The only ad-blocker you
will ever need! Clear cache, cookies and other history trails to
protect your privacy!
VULNERABILITIES DESCRIPTION AND TECHNICAL DETAILS:
---------------
SUPERAntiSpyware and Super Ad Blocker have almost identical device
drivers in order to set up hooks and perform other duties from kernel
space. These device drivers suffer from lack of validation of
. 2009-09-08:
MSRC acknowledges Core email.
. 2009-09-08:
Vendor says that it is still investigating the bug and will have more
concrete details in a few days.
. 2009-09-14:
Core Security Technologies acknowledges receipt and says it will be in
touch to coordinate the publication date and the bug details.
date set to October 15th. Security contact information for Autonomy’s
KeyView requested.
2007-09-18: Response from Lotus Notes security providing public PGP key to
encrypt further communications and inquiring is the publication date is
flexible or fixed.
2007-09-18: Email from Core including details about the vulnerability in a
draft advisory document. Core indicates that the publication date for the
security advisory is flexible and could be changed (postponed or brought
forward) on the basis of concrete and precise information about
availability of fixes. Security contact information for Autonomy requested.
2007-09-19: Email from Lotus Notes security indicating that the bugs will
Hi
#days the Swiss conference for security, extends its call for
papers (CFP) deadline until July 25th 2010. For details regarding the
submission guidelines see:
https://www.hashdays.ch/call-for-papers.html
Furthermore, we herewith proudly announce our #days workshops:
1) "Protecting from GSM attacks with Harald Welte, Karsten Nohl and
David Burgess:
=======
Multiple vulnerabilities exist in the Cisco Network Building Mediator
(NBM) products. These vulnerabilities also affect the legacy
Richards-Zeta Mediator products. This security advisory outlines
details of the following vulnerabilities:
* Default credentials
* Privilege escalation
* Unauthorized information interception
* Unauthorized information access
vulnerability by Digital Vaccine protection filter ID 8328.
For further product information on the TippingPoint IPS, visit:
http://www.tippingpoint.com
-- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of Skype. User interaction is required to
exploit this vulnerability in that the target must visit a malicious
page.
=======
Multiple vulnerabilities exist in the Cisco ASA 5500 Series Adaptive
Security Appliances and Cisco PIX Security Appliances that may result
in a reload of the device or disclosure of confidential information.
This security advisory outlines details of the following
vulnerabilities:
* Erroneous SIP Processing Vulnerabilities
* IPSec Client Authentication Processing Vulnerability
* SSL VPN Memory Leak Vulnerability
Web server to execute server-side Java programs. A JVM can also be installed
in a client machine to run stand-alone Java applications."
II. Description
~~~~~~~~~~~~~~~
Please understand that no details will be given, too many bad guys
would use it for drive-by attacks. At this point in time (old +
fixed) there is really no need to.
III. Impact
Date 20090207
I) Introduction
II) The bugs in 50 words
III) PHP filesystem functions path normalization attack
IV) PHP filesystem functions path normalization attack details
V) PHP filesystem functions path truncation attack
VI) PHP filesystem functions path truncation attack details
VII) The facts
VIII) POC and attack code
IX) Conclusions
. 2008-04-25: Vendor informs that they are wrapping up the investigation
and threat model analysis and that fixes will not be included in the
Word Security Bulletin of May. Vendor estimates that it will take a few
months to produce and test a fix for the vulnerability. Vendor promises
an update on May 23th.
. 2008-04-25: Core sends additional information with low level details
of the vulnerability.
. 2008-04-28: Core requests the vendor details about the schedule for
the vulnerability fix in order to coordinate the publication of the
advisory (no reply received).
. 2008-05-28: Core requests again details about the vulnerability fix
Summary
=======
Multiple vulnerabilities exist in the Cisco ASA 5500 Series Adaptive
Security Appliances and Cisco PIX Security Appliances. This security
advisory outlines details of these vulnerabilities:
* Crafted TCP ACK Packet Vulnerability
* Crafted TLS Packet Vulnerability
* Instant Messenger Inspection Vulnerability
* Vulnerability Scan Denial of Service
* Cisco Unified Communications Manager 5.x versions prior to 5.1(3)
* Cisco Unified Communications Manager 6.x versions prior to 6.1(1)
Administrators of systems running Cisco Unified Communications
Manager version 4.x can determine the software version by navigating
to Help > About Cisco Unified CallManager and selecting the Details
button via the Cisco Unified Communications Manager Administration
interface.
Administrators of systems that are running Cisco Unified
Communications Manager versions 5.x and 6.x can determine the
* Cisco Unified Communications Manager 5.x versions prior to 5.1(3)
* Cisco Unified Communications Manager 6.x versions prior to 6.1(1)
Administrators of systems running Cisco Unified Communications
Manager version 4.x can determine the software version by navigating
to Help > About Cisco Unified CallManager and selecting the Details
button via the Cisco Unified Communications Manager Administration
interface.
Administrators of systems that are running Cisco Unified
Communications Manager versions 5.x and 6.x can determine the
. 2008-01-11: Core Security Technologies found a security vulnerability
in BitDefender antivirus.
. 2008-01-14: BitDefender team is contacted by Core.
. 2008-01-15: BitDefender team asks Core for technical description of
the vulnerability.
. 2008-01-15: Technical details are sent to BitDefender team by Core.
. 2008-01-22: BitDefender notifies Core that a fix has been produced and
the flaw was corrected through automatic updates.
. 2008-02-04: According to the original schedule, the CORE-2008-0320
advisory would be released at this date, but similar flaws in other
antivirus products were discovered by Core exploit writers team.
name can be HTML code, allowing a remote attacker to use this
to launch XSS attacks.
Because the HTML code is also recognized by the web server as a
HFS HTML template, it is also possible to inject symbols to
force HFS to reveal details about the server (eg, current HFS
server version, build, connections, timestamp, uptime, current
outbound and inbound speed, and more). Technical details are
included below.
----------------------------------------------------------------
We are continuing with the list of security vulnerabilities found in a
number of web applications while testing our latest version of Acunetix
WVS v7 . In this blog post, we will look into the details of a number
of security problems discovered by Acunetix WVS in the popular web
gallery application Zenphoto.
Zenphoto is a standalone gallery CMS that just makes sense and
doesn’t try to do everything and your dishes. We hope you agree with our
philosophy: simpler is better. Don’t get us wrong though – Zenphoto
really does have everything you need for web media gallery management.
This vulnerability cannot be exploited to execute arbitrary code under
GNU/Linux x86, to the best of our knowledge. Other targets, in
particular Windows have not been tested and may or may not allow
execution of arbitrary code.
--[ Vulnerability details:
memove() is defined in string.h and has the following prototype:
void *memmove(void *dest, const void *src, size_t n);
vulnerability by Digital Vaccine protection filter ID 9709.
For further product information on the TippingPoint IPS, visit:
http://www.tippingpoint.com
-- Vulnerability Details:
This vulnerability allows remote attackers to leak authentication
details on vulnerable installations of the Oracle Java Runtime. User
interaction is required to exploit this vulnerability in that the target
must visit a malicious page.
developed by Telligent.
It uses ASP.NET platform (C#) and Microsoft SQL Server database. From
it's 5.0 version, the software was renamed to Telligent Community.
- Vulnerability Details:
It is possible to insert scripts (Cross-site Scripting) in user's
signature, using BBCode Tag's processing errors.
- Proof of Concept:
Next Page>>
|
