Next Page >>
framework
Paper Name
===========
.NET Framework Rootkits - Backdoors inside your Framework
Author: Erez Metula
Paper Description
=================
We are excited to announce the immediate availability of version 3.3 of
the Metasploit Framework. This release includes 446 exploits, 216
auxiliary modules, and hundreds of payloads, including an in-memory VNC
service and the Meterpreter. In addition, the Windows payloads now
support NX, DEP, IPv6, and the Windows 7 platform. More than 180 bugs
were fixed since last year’s release of version 3.2, making this one of
the more well-tested releases yet.
- http://www.metasploit.com/framework/download/
Affected Products
=================
These vulnerabilities affect the legacy Richards-Zeta Mediator 2500
product and Cisco Network Building Mediator NBM-2400 and NBM-4800
models. All Mediator Framework software releases prior to 3.1.1 are
affected by all vulnerabilities listed in this security advisory.
This table provides information about affected software releases:
+---------------------------------------+
------------------------------------------------------------------------
.NET Framework EncoderParameter integer overflow vulnerability
------------------------------------------------------------------------
Yorick Koster, September 2011
------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
An integer overflow vulnerability has been discovered in the
EncoderParameter class of the .NET Framework. Exploiting this
METASPLOIT UNLEASHES VERSION 3.1 OF THE METASPLOIT FRAMEWORK
New Version of Attack Framework Ready to Pwn
Austin, Texas, January 28th, 2008 -- The Metasploit Project
announced today the free, world-wide availability of version 3.1 of
their exploit development and attack framework. The latest version
features a graphical user interface, full support for the Windows
platform, and over 450 modules, including 265 remote exploits.
"Metasploit 3.1 consolidates a year of research and development,
=============================================================================
Centre for the Protection of National
Infrastructure
Framework for Vulnerability Information
Sharing
Introduction
CPNI was formed from the merger of the National Infrastructure
Security Co-ordination Centre (NISCC) and the National Security
=====[ Tempest Security Intelligence - Advisory #01 / 2010 ]=============
SQL injection vulnerability in Publique! Framework
--------------------------------------------------
Authors:
Christophe de la Fuente <christophe *SPAM* tempest.com.br>
Gustavo Pimentel Bittencourt <gustavo.pimentel *SPAM* tempest.com.br>
www.sektioneins.de
-= Security Advisory =-
Advisory: Horde Application Framework Horde_Form_Type_image
Arbitrary File Overwrite Vulnerability
Release Date: 2009/09/18
Last Modified: 2009/09/18
Author: Stefan Esser [stefan.esser[at]sektioneins.de]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
CVE-2009-1190: Spring Framework Remote Denial of Service Vulnerability
Severity: Low
Vendor: SpringSource
Versions Affected:
Application: PHPIDS <= 0.6.2
Severity: PHPIDS unserializes() user input which allows an attacker
to send a carefully crafted cookie that when unserialized
can utilize existing classes which e.g. can lead to
upload of arbitrary files or execution of arbitrary PHP
code in Zend Framework Applications
Risk: Critical
Vendor Status: PHPIDS 0.6.3.1 was released which fixes this vulnerability
Reference:
http://www.sektioneins.com/en/advisories/advisory-022009-phpids-unserialize-vulnerability/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Horde Application Framework: Multiple vulnerabilities
Date: May 05, 2008
Bugs: #212635, #213493
ID: 200805-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
In preparation for the imminent release of Fuzzled 1.1, I spent this evening
writing a short paper entitled "Writing a fuzzer using the Fuzzled
framework".
The paper includes some of the techniques I use to dismantle protocols
including documentation, observation and static analysis. It then moves on
to the fundamentals of implementing a protocol using the framework. I talk
about base requests, namespaces and tieing them together with factories with
reference to Fuzzled::Protocol::HTTP, an example included in the framework.
The paper also highlights a few tricks to the framework, including developing
SEC Consult Vulnerability Lab Security Advisory < 20111230-0 >
=======================================================================
title: Microsoft ASP.NET Forms Authentication Bypass
product: Microsoft .NET Framework
vulnerable version: Microsoft .NET Framework Version:4.0.30319;
ASP.NET Version:4.0.30319.237 and below
fixed version: MS11-100
CVE: CVE-2011-3416
impact: critical
homepage: http://www.microsoft.com/net
CVE: CVE-2011-1772
Vendor: Apache Software Foundation
Product: Struts 2 Framework
Vulnerabilities: Multiple Reflected XSS in XWork error pages
Risk: High
Details:
SektionEins recently demonstrated how it is sometimes possible
to execute arbitrary PHP code in an application using unserialize()
on user supplied data. In detail various exploits were shown that
work against all Zend Framework based applications that unserialize()
user input. Part of this research was to find popular PHP open
source applications that are vulnerable to this.
During our search it was discovered that Piwik does unserialize()
data from the cookie and uses parts of the Zend Framework:
http://www.nruns.com/ security(at)nruns.com
n.runs-SA-2008.005 01-Aug-2008
________________________________________________________________________
Vendor: Apple Inc., http://www.apple.com
Affected Products: CoreServices Framework’s CarbonCore Framework
(Used by: i.e. Safari, Mail)
Affected Platforms:
Mac OS X v10.4.11
Mac OS X Server v10.4.11
Mac OS X v10.5.4
http://labs.idefense.com/intelligence/vulnerabilities/
Mar 21, 2011
I. BACKGROUND
The OfficeImport framework is an API used by Apple's mobile devices,
including the iPod Touch, iPhone, and iPad. The framework is used to
parse and display Microsoft Office file formats, such as Excel, Word,
and PowerPoint. The OfficeImport framework is used by several
applications, including MobileMail and MobileSafari. Both of these
applications are attack vectors for this vulnerability. For more
http://labs.idefense.com/intelligence/vulnerabilities/
Nov 11, 2010
I. BACKGROUND
The OfficeImport framework is an API used by Apple's mobile devices,
including the iPod Touch, iPhone, and iPad. The framework is used to
parse and display Microsoft Office file formats, such as Excel, Word,
and PowerPoint. The OfficeImport framework is used by several
applications, including MobileMail and MobileSafari. Both of these
applications are attack vectors for this vulnerability. For more
List,
I'm glad to release the fifth beta of w3af. For those that still
don't know, w3af is a fully automated auditing and exploiting
framework for the web. More info can be found at
http://w3af.sourceforge.net/ .
They are really *a lot* of changes from beta4 to make an detailed
list, but a small summary will give you an idea of the new features I
have been working on:
2009/05/12 Apple issues updates
________________________________________________________________________
Overview:
CFNetwork is a framework in the Core Services framework that provides a
library of abstractions for network protocols. It can be used to perform
a variety of network tasks using different protocols such as SSL/TLS,
DNS, FTP and HTTP.
Besides many other applications the CFNetwork framework is used by
Safari and Mail.
http://labs.idefense.com/intelligence/vulnerabilities/
Jan 15, 2008
I. BACKGROUND
TIBCO SmartSockets is a message passing framework used to transport
messages over disparate channels. The RTserver is the server component
of the framework. More information can be found on the vendor's web
site at the following URL.
http://www.tibco.com/software/messaging/smartsockets/
Subject: RE: [WEB SECURITY] Trustwave's SpiderLabs Security Advisory TWSL2010-001
Hi all,
There is an ongoing conversation about a potential XSS with ViewState of
the .NET framework. However, some were not able to reproduce the issue
and therefore we decided to prepare a short and high resolution movie.
http://www.hacking-lab.com/download/
Regards
Email: hdm[at]metasploit.com
Austin, Texas, November 19th, 2008 -- The Metasploit Project
announced today the free, world-wide availability of version 3.2 of
their exploit development and attack framework. The latest version
is provided under a true open source software license (BSD) and is
backed by a community-based development team.
Metasploit runs on all modern operating systems, including Linux,
Windows, Mac OS X, and most flavors of BSD. Metasploit has been used
Hi all,
There is an ongoing conversation about a potential XSS with ViewState of
the .NET framework. However, some were not able to reproduce the issue
and therefore we decided to prepare a short and high resolution movie.
http://www.hacking-lab.com/download/
Regards
Ivan
http://labs.idefense.com/intelligence/vulnerabilities/
Jan 15, 2008
I. BACKGROUND
TIBCO SmartSockets is a message passing framework used to transport
messages over disparate channels. The RTserver is the server component
of the framework. More information can be found on the vendor's web
site at the following URL.
http://www.tibco.com/software/messaging/smartsockets/
Hi there,
MSFXDC (MetaSploit Framework eXploits Development Contest) is a
challenge where the main goal is to code the largest number of new
Metasploit Framework exploits modules.
https://www.securinfos.info/metasploit/msfxdc.php
Your mission, if you choose to accept it, is to code new exploits
modules for the Metasploit Framework (latest 3.x version).
Exploits modules must be new regarding the current Metasploit Framework
http://labs.idefense.com/intelligence/vulnerabilities/
Oct 12, 2011
I. BACKGROUND
The OfficeImport framework is an API used by Apple's mobile devices,
including the iPod Touch, iPhone, and iPad. The framework is used to
parse and display Microsoft Office file formats, such as Excel, Word,
and PowerPoint. The OfficeImport framework is used by several
applications, including MobileMail and MobileSafari. Both of these
applications are attack vectors for this vulnerability. For more
awards [3] for which a Software Development Kit (SDK) was made available
in November 2007.
The Android Software Development Kit includes a fully functional
operating system, a set of core libraries, application development
frameworks, a virtual machine for executing application and a phone
emulator based on the QEMU emulator [4]. Public reports as of February
27th, 2008 state that the Android SDK has been downloaded 750,000 times
since November 2007 [5].
Several vulnerabilities have been found in Android's core libraries for
CVE-2011-2894: Spring Framework and Spring Security serialization-based remoting vulnerabilities
Severity: Critical
Versions Affected:
Spring Framework:
3.0.0 to 3.0.5
Spring Security:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory: Cisco Unified Communications Disaster
Recovery Framework Command Execution Vulnerability
Advisory ID: cisco-sa-20080403-drf
http://www.cisco.com/warp/public/707/cisco-sa-20080403-drf.shtml
Next Page>>
|
