Next Page >>
events
3. *Vulnerability Description*
Several of the default pre-defined sandbox profiles don't properly
limit all the available mechanisms and therefore allow exercising part
of the restricted functionality. Namely, sending Apple events is
possible within the no-network sandbox (kSBXProfileNoNetwork). A
compromised application hypothetically restricted by the use of the
no-network profile may have access to network resources through the
use of Apple events to invoke the execution of other applications not
directly restricted by the sandbox.
account in file and folder access lists. All security access lists
will only show the Domain Admin's account once you log out of the
modified cached account. This leads to a number of security issues
that I will not attempt to identify in the article. One major issue is
the lack of non-repudiation. Editing files and other actions will be
completed as another user account. Event log entries for object access
will only be created if administrators are auditing successful access
to files (This will lead to enormous event log sizes).
DETAILS:
Prerequisites to exploit:
Software vulnerabilities that have been published on September 22,
2010, or earlier:
http://www.cisco.com/warp/public/707/cisco-sa-20100922-bundle.shtml
Individual publication links are in "Cisco Event Response: Semiannual
Cisco IOS Software Security Advisory Bundled Publication" at the
following link:
http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep10.html
Cisco IOS Software Release, 15.1(2)T is affected by a denial of
service (DoS) vulnerability during the TCP establishment phase. The
vulnerability could cause embryonic TCP connections to remain in a
SYNRCVD or SYNSENT state. Enough embryonic TCP connections in these
states could consume system resources and prevent an affected device
from accepting or initiating new TCP connections, including any
TCP-based remote management access to the device.
No authentication is required to exploit this vulnerability. An attacker
does not need to complete a three-way handshake to trigger this
Summary
=======
Cisco Security Manager contains a vulnerability when it is used with
Cisco IPS Event Viewer (IEV) that results in open TCP ports on both
the Cisco Security Manager server and IEV client. An unauthenticated,
remote attacker could leverage this vulnerability to access the MySQL
databases or IEV server.
Cisco has released free software updates that address this
different administrative web pages include:
Encoders Configurations
+----------------------
The Encoders Configuration pages have a direct impact on live
events. If all of the encoders from the encoders' configurations
are removed, then a live event cannot be created. An encoder or a
push configuration is required in order for a live event to be
created. This page also reveals information about the encoders,
such as Encoder IP Address and associated username.
of the requested data to the client. After an additional minute or so,
the Windows initiates a controlled restart with a 60-second countdown
timer. The shutdown dialog box displays status code -1073741819.
After restarting, errors similar to the following are found in the
application event log:
Type: Error
Source: Application Error
Category: (100)
Event ID: 1000
pointer dereference when iCal tries to use it after the .ics file is
imported.
The following Proof of Concept (PoC) file is provided to demonstrate
its feasibility, to trigger the bug import a .ics file with the
following content and then select one of the created events.
/-----------
BEGIN:VCALENDAR
X-WR-TIMEZONE:America/Buenos_Aires
====================
Type 2:
-------
Most serious issue discovered was the persistent XSS
vulnerability on the event log page resulting from
displaying unsanitized user input received from an invalid
login attempt.
This can be exploited without valid credentials or social
engineering. Access to device administration IP address is
BLACK HAT JAPAN audio is now online!
Encoded in .m4b format these audio files are tiny, as well as being
bookmarkable and iTunes friendly.
https://www.blackhat.com/html/bh-japan-08/brief-bh-jp-08-archives.html
UPCOMING BLACK HAT EVENTS
The next big Black Hat event is Black Hat DC, scheduled for February 16-19
at the Hyatt Regency Crystal City in Arlington Virginia. The event is divide
into two sections with two days of intense, hands-on Training Sessions
followed by a two-day, four-track Briefings portion with a wide variety of
pointer dereference when iCal tries to use it after the .ics file is
imported.
The following Proof of Concept (PoC) file is provided to demonstrate
its feasibility, to trigger the bug import a .ics file with the
following content and then select one of the created events.
/-----------
BEGIN:VCALENDAR
X-WR-TIMEZONE:America/Buenos_Aires
Discussion:
===========
Postfix is an open-source mail transfer agent (MTA) that runs on
multiple types of UNIX systems. Postfix 2.4 (released 2007)
introduces input/output event handling based on high-performance
primitives: BSD kqueue (also present in MacOS X), Linux epoll, and
Solaris /dev/poll. These implement more scalable event handling
than the older select() and poll() primitives.
With 2.6 Linux kernels, Postfix 2.4 and later has an epoll file
Summary
=======
Certain Cisco Catalyst 6500 Series and Cisco 7600 Router devices that
run branches of Cisco IOS based on 12.2 can be vulnerable to a denial
of service vulnerability that can prevent any traffic from entering
an affected interface. For a device to be vulnerable, it must be
configured for Open Shortest Path First (OSPF) Sham-Link and Multi
Protocol Label Switching (MPLS) Virtual Private Networking (VPN).
This vulnerability only affects Cisco Catalyst 6500 Series or
Catalyst 7600 Series devices with the Supervisor Engine 32 (Sup32),
More Info: <http://www.thotcon.org>
*** ABOUT ******************************
THOTCON (pronounced \ˈthȯt\ and taken from THree - One - Two) is a small
venue hacking conference based in Chicago IL, USA. This is a non-profit,
non-commercial event looking to provide the best conference possible on
a very limited budget.
This is the 2nd year for THOTCON. Last year was a sold out event with
world-class speakers and talks. The conference will again be held at a
bar (for 10 hours). If the thought of speaking in front of smiling drunk
Registration fee for the first day is only Rs. 700/- which
includes lunch, teas and conference material.
A training tool kit of open source software comprising of
a 500 pages book and 9 CDs would be provided FREE OF COST
to the participants of the event.
Limited travel funds are available for speakers coming
outside of Pakistan.
Completely FREE boarding and lodging for all the
Anaheim, CA – The LayerOne computer security conference is pleased to
announce that we have released our first round of speakers in addition
to opening pre-registration for the general public. LayerOne is
currently in its 6th year of operation and this year is shaping up to
be one of our best events to date.
This year’s LayerOne event will be held over Memorial Day weekend, May
23-24 2009, at the newly renovated Anaheim Marriott. Not only have we
moved to a larger and more upscale venue, our attendees will also be
happy to know that we are walking distance from Disneyland, Downtown
A remote attacker is able to construct a malicious email that will cause the Palm Pre WebOS to execute arbitrary HTML code if the notification system is enabled. Upon receiving a malicious email where the FROM field contains HTML code, the Palm Pre WebOS will issue a user a notification that an email has arrived and execute the HTML code of the attacker’s choice. This vulnerability does not require user interaction.
Calendar Application:
A remote attacker can create a malicious calendar event putting arbitrary HTML code inside the event/title field that can be executed without user interaction. To trigger this vulnerability, any of the following conditions can occur:
1. The victim Views the Calendar event and the malicious HTML will be executed.
2. The victim enables a reminder notice for the malicious calendar event, upon being notified of the reminder, the
malicious HTML code will be executed.
3. The calendar event triggers and the malicious HTML code will be executed.
***********************************************************************
CALL FOR PRESENTATIONS
***********************************************************************
LACSEC 2011
6th Network Security Event for Latin America and the Caribbean
May 17-20, 2011, Cancun, Mexico
http://lacnic.net/en/eventos/lacnicxv/index.html
LACNIC (http://www.lacnic.net) is the international organization based
We are proud to announce the 16th annual Def Con.
If you are at all familiar with any of the previous Cons, then you
will have a good idea of what DEF CON will be like. If you don't have any
experience with Cons, they are an event on the order of a pilgrimage to
Mecca for the underground. They are a mind-blowing orgy of information
exchange, viewpoints, speeches, education, enlightenment... And most of all
sheer, unchecked PARTYING. It is an event that you must experience at least
once in your lifetime.
OWASP Mumbai joins in celebrating OWASP Live 0.
OWASP Live 0 is Day of Worldwide OWASP One Day Conferences.
Block your calendar on 6th September 2007 to join us on the event. Registrations for the event are FREE !!
Interested in Speaking / Sharing your thoughts??
The topic of the event will be on "Privacy in the 21st Century", so all talks should be related to it (we should be addressing the Web Application side of Privacy (for example what happens to Privacy with SQL Injection, XSS and issues like pdp's Snoop)
ANDHERI (E)- MUMBAI
Registrations - LIMITED SEATS !!!
The event is FREE to attend. If you are willing to attend or sponsor, just send a mail to dharmeshmm at mastek dot com as a confirmation.
Note: Since the venue is a restricted area, it is mandatory for each participant to register via email with dharmeshmm at mastek dot com. This would help generating gate passes for all individuals for the event. Else participant will not be able to attend the same.
Interested in Speaking at the event??
The schedule time for each presenter would be 50 minutes out of which
40 minutes are for the presentation & 10 for the question-answer
sessions. We’d request you to submit the papers keeping the time
constraint in mind.
:: Event ::
Date: 3rd, 4th & 5th December (As Usual the first weekend of December)
Place: Pune, India
We are also hosting the finals of Malcon at ClubHack2010, for more
information & CFP of malcon see http://malcon.org/
We are proud to announce the 16th annual Def Con.
If you are at all familiar with any of the previous Cons, then you
will have a good idea of what DEF CON will be like. If you don't have any
experience with Cons, they are an event on the order of a pilgrimage to
Mecca for the underground. They are a mind-blowing orgy of information
exchange, viewpoints, speeches, education, enlightenment... And most of all
sheer, unchecked PARTYING. It is an event that you must experience at least
once in your lifetime.
It will combine the knowledge of experienced security speakers, hackers,
and information warriors with the fun of a small but 1337 conference.
Its main goal therefore is to help attendees understand the current
state of art in information technology and security, and showcase
projects evolved from the hackerspace movement. The official event
language is English.
After the last years' NinjaCon taglines - A Series of Tubes, and Make a
Good Hack - B-Sides Vienna | NinjaCon 11 will take our approach towards
security, hacking and technological innovation yet another step further,
SUMMER CAMP LA GARROTXA 2008
==============================
I am pleased to announce that the 1st Edition of Summer Camp 2008 will
be held on 4, 5 and 6 of July in Spain and all you are invited to come
to this event.
This invitation is for anyone interested in security, technology, or
that simply wants to learn, to teach, to meet with old or new friends
and/or participate in this event.
for this. In earlier versions of Piwik there have been 3 different
show stoppers strings. Therefore in order to exploit older Piwik
versions different exploits are required.
In order to execute arbitrary code it is possible to overwrite one
of Piwik cache files and triggering a tracking event. Alternatively
it is possible to first write a .htaccess file to one of the
directories within Piwik's tmp directory that allows accessing its
content and then dropping a PHP file in there.
In the most recent Piwik version the Zend Framework components were
We are proud to announce the 16th annual Def Con.
If you are at all familiar with any of the previous Cons, then you will have
a good idea of what DEF CON will be like. If you don't have any experience
with Cons, they are an event on the order of a pilgrimage to Mecca for the
underground. They are a mind-blowing orgy of information exchange,
viewpoints, speeches, education, enlightenment... And most of all sheer,
unchecked PARTYING. It is an event that you must experience at least once in
your lifetime.
Call for Papers Closes: January 1, 2010
*** ABOUT ******************************
THOTCON (pronounced \ˈthȯt\ and taken from THree - One - Two) is a new
small venue hacking conference based in Chicago IL, USA. This is a
non-profit, non-commercial event looking to provide the best conference
possible on a very limited budget.
*** WHEN / WHERE ***********************
The conference will be held in Chicago, IL USA on April 23, 2010.
Happy 2011 everyone! Just a reminder that the Call for Papers for the
second annual HITBSecConf in Europe is closing on the 18TH OF FEBRUARY!
We've received some awesome submissions so far and the event is really
shaping up nicely.
The event will once again take place at the NH Grand Krasnapolsky in
Amsterdam from the 17th - 20th of May. HITB2011AMS will be a quad-track
conference line up featuring keynote speaker Joe Sullivan (Chief
Security Officer of Facebook) and a special keynote panel discussion on
'The Economics of Vulnerabilities'
Remote exploitation of a use after free vulnerability in Microsoft
Corp.'s Internet Explorer could allow an attacker to execute arbitrary
code with the privileges of the current user.
The vulnerability occurs when an HTML object with an
'onreadystatechange' event handler is not properly freed. This event is
used to perform actions when the state of some HTML object changes; for
example, when a form has data input. Specifically, when certain
properties of the object are changed, the event handler function object
is freed, but a reference to it remains. When the object is later
accessed, this invalid memory is treated as an object pointer, and one
Next Page>>
|
