Next Page >>
previous versions
consuming of CPU resources (and some consuming of RAM resources, besides in
those browsers, where there is no freeze, after closing of tab with exploit
the memory is not released, so large amount of memory stays in use until
closing of the browser).
In Mozilla Firefox 3.0.5 and previous versions there is CPU Overload with
freezing, at this in Firefox 3.0.13 there is only CPU Overload. In IE6 the
exploit leads to CPU Overload with freezing. In Chrome 1.0.154.48 and
previous versions the exploit leads to CPU Overload. But if to open empty
tab and to close tab with the exploit, then on empty tab the browser can
take 100% of CPU and freezes.
refresh: 0; URL=javascript:alert(document.cookie)
The code will work in context of this site.
Vulnerable version is Mozilla 1.7.x and previous versions.
Vulnerable version is Mozilla Firefox 3.0.8 and previous versions.
Vulnerable version is Internet Explorer 6 (6.0.2900.2180) and previous
versions. And potentially next versions (IE7 and IE8).
http://websecurity.com.ua/uploads/2009/Firefox,%20IE%20&%20Opera%20DoS%20Exploit2.html
With this exploit Firefox crashes, IE6 consumes resources of CPU and RAM,
Opera freezes at that consumes resources of CPU and RAM, and Chrome crashes.
Vulnerable version is Mozilla Firefox 3.0.11 and previous versions (and also
Firefox 3.5).
Vulnerable version is Internet Explorer 6 (6.0.2900.2180) and previous
versions. And potentially next versions (IE7 and IE8).
http://websecurity.com.ua/uploads/2009/Firefox,%20IE%20&%20Opera%20DoS%20Exploit2.html
With this exploit Firefox crashes, IE6 consumes resources of CPU and RAM,
Opera freezes at that consumes resources of CPU and RAM, and Chrome crashes.
Vulnerable version is Mozilla Firefox 3.0.11 and previous versions (and also
Firefox 3.5).
Vulnerable version is Internet Explorer 6 (6.0.2900.2180) and previous
versions. And potentially next versions (IE7 and IE8).
As I checked this DoS vulnerability today, it also works in IE7, besides
IE6.
Vulnerable version is Internet Explorer 7 (7.0.6000.16473) and previous
versions (and potentially next versions).
P.S.
Also I wrote to Ruben Reguero two days ago, and told him that it was strange
that in Firefox 3.5 he had no problems (with this exploit). And maybe he has
needed that backups were saving at the site (at least for some time).
WP-DB-Backup - it's popular plugin (which shipped with WordPress 2.0.x),
which only from the site wordpress.org was downloaded 546218 times (at the
state of 30.07.2010).
Affected products: WordPress 2.0.11 and previous versions, with which plugin
WordPress Database Backup was shipped, and also all versions of WordPress
(2.9.2 and previous versions) at using of this plugin (officially it
compatible with WP 2.9.2 and previous versions and potentially can work with
WP 3.0 and 3.0.1).
vulnerability in WordPress (http://securityvulns.ru/Sdocument460.html). And
from version 2.5 in WP new authorization method via cookies is using, but
even in new versions of engine the leakage of backups is still dangerous and
it's better not to allow it.
Affected products: WordPress 2.0.11 and previous versions, with which plugin
WordPress Database Backup was shipped. Also vulnerable are plugin
WP-DB-Backup 2.0 and previous versions in any versions of WordPress (WP
2.9.2 and previous versions and potentially WP 3.0 and 3.0.1).
------------------------------
3.0.11) prohibition on JavaScript code execution in refresh header. But in
Firefox 3.0.11 and Google Chrome you can't get to cookies this way, but it's
possible in old Mozilla (and in those versions of Firefox where there is
relation between data: page and original page).
Vulnerable version is Mozilla 1.7.x and previous versions.
Vulnerable version is Mozilla Firefox 3.0.11 and previous versions (and 3.5
should be also vulnerable).
Vulnerable version is Google Chrome 1.0.154.48 and previous versions (and
>
> With this exploit Firefox crashes, IE6 consumes resources of CPU and RAM,
> Opera freezes at that consumes resources of CPU and RAM, and Chrome
> crashes..
>
> Vulnerable version is Mozilla Firefox 3.0.11 and previous versions (and
> also
> Firefox 3.5).
>
> Vulnerable version is Internet Explorer 6 (6.0.2900.2180) and previous
> versions. And potentially next versions (IE7 and IE8).
-------------------------
Checked in WordPress 2.0.11, 2.6.2, 2.7, 2.8, 2.9.2, 3.0.1. Versions 2.0.
are not vulnerable, because they have not such functionality. Vulnerable to
different vulnerabilities are WordPress 2.6 - 3.0.1 and potentially previous
versions.
----------
Details:
----------
>>> -----------------------------
>>> Advisory: Vulnerability in CB Captcha for Joomla and Mambo
>>> -----------------------------
>>> URL: http://websecurity.com.ua/4087/
>>> -----------------------------
>>> Affected products: CB Captcha 1.0.2 and previous versions (developed by
>>> Kotofeich), CB Captcha 2.2 and previous versions (developed by Beat).
>>> -----------------------------
>>> Timeline:
>>> 17.03.2010 - found vulnerability.
>>> 31.03.2010 - disclosed at my site.
'ClientConnection.cpp', and they are:
. 'ClientConnection::CheckBufferSize'
. 'ClientConnection::CheckFileZipBufferSize'
These functions are used in UltraVNC - 1.0.2 (and previous versions):
. 'ClientConnection::ReadServerCutText() : 3859'
. 'ClientConnection::Authenticate() : 1701'
And in TightVNC - 1.3.9 (and previous versions):
> -----------------------------
> Advisory: Vulnerability in CB Captcha for Joomla and Mambo
> -----------------------------
> URL: http://websecurity.com.ua/4087/
> -----------------------------
> Affected products: CB Captcha 1.0.2 and previous versions (developed by
> Kotofeich), CB Captcha 2.2 and previous versions (developed by Beat).
> -----------------------------
> Timeline:
> 17.03.2010 - found vulnerability.
> 31.03.2010 - disclosed at my site.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0590
http://www.openssl.org/news/secadv_20090325.txt
Description:
Previous versions of OpenSSL were vulnerable to denial of
service (crash) that could be caused when SSL enabled
applications called the ASN1_STRING_print_ex function to print
a BMPString or UniversalString.
Additionally, previous versions of the OpenSSL package in rPath
>> -----------------------------
>> Advisory: Vulnerability in CB Captcha for Joomla and Mambo
>> -----------------------------
>> URL: http://websecurity.com.ua/4087/
>> -----------------------------
>> Affected products: CB Captcha 1.0.2 and previous versions (developed by
>> Kotofeich), CB Captcha 2.2 and previous versions (developed by Beat).
>> -----------------------------
>> Timeline:
>> 17.03.2010 - found vulnerability.
>> 31.03.2010 - disclosed at my site.
>> -----------------------------
>> Advisory: Vulnerability in CB Captcha for Joomla and Mambo
>> -----------------------------
>> URL: http://websecurity.com.ua/4087/
>> -----------------------------
>> Affected products: CB Captcha 1.0.2 and previous versions (developed by
>> Kotofeich), CB Captcha 2.2 and previous versions (developed by Beat).
>> -----------------------------
>> Timeline:
>> 17.03.2010 - found vulnerability.
>> 31.03.2010 - disclosed at my site.
>> -----------------------------
>> Advisory: Vulnerability in CB Captcha for Joomla and Mambo
>> -----------------------------
>> URL: http://websecurity.com.ua/4087/
>> -----------------------------
>> Affected products: CB Captcha 1.0.2 and previous versions
>> (developed by
>> Kotofeich), CB Captcha 2.2 and previous versions (developed by Beat).
>> -----------------------------
>> Timeline:
>> 17.03.2010 - found vulnerability.
-----------------------------
Advisory: Vulnerability in CB Captcha for Joomla and Mambo
-----------------------------
URL: http://websecurity.com.ua/4087/
-----------------------------
Affected products: CB Captcha 1.0.2 and previous versions (developed by
Kotofeich), CB Captcha 2.2 and previous versions (developed by Beat).
-----------------------------
Timeline:
17.03.2010 - found vulnerability.
31.03.2010 - disclosed at my site.
CaptchaSecurityImages.php is different).
Resulting list of affected software:
Affected products: MiniManager for Project MANGOS 0.15 and previous
versions, Land of Legends Manager, WoWCrackz MaNGOS.
Concerning vulnerabilities in HoloCMS (http://websecurity.com.ua/4068/) and
in addition to GunCMS and PhoenixCMS PHP Edition
(http://websecurity.com.ua/4075/):
>>
>> http://websecurity.com.ua/uploads/2010/Firefox,%20IE,%20Chrome%20&%20Opera%20DoS%20Exploit2.html
>>
>> This exploit for news protocol works in Mozilla Firefox 3.0.19 (and
>> besides
>> previous versions, it must work in 3.5.x and 3.6.x), Internet Explorer 6
>> (6.0.2900.2180), Internet Explorer 8 (8.0.7600.16385), Google Chrome
>> 1.0.154.48 and Opera 9.52.
>>
>> In all mentioned browsers occurs blocking and overloading of the system
>> from
IV. DETECTION
iDefense confirmed this vulnerability exists in version 12.0 of the
Macrovision InstallShield InstallScript One-Click Install ActiveX
Control. Previous versions of the control are reported to be vulnerable
to variations of this attack. Previous versions are known to use
different CLSIDs.
V. WORKAROUND
> http://websecurity.com.ua/uploads/2010/Firefox,%20IE,%20Chrome%20&%20Opera%20DoS%20Exploit2.html
>
>
> This exploit for news protocol works in Mozilla Firefox 3.0.19 (and
> besides
> previous versions, it must work in 3.5.x and 3.6.x), Internet Explorer 6
> (6.0.2900.2180), Internet Explorer 8 (8.0.7600.16385), Google Chrome
> 1.0.154.48 and Opera 9.52.
>
> In all mentioned browsers occurs blocking and overloading of the
> system from
DoS:
http://websecurity.com.ua/uploads/2010/Firefox,%20IE,%20Chrome%20&%20Opera%20DoS%20Exploit2.html
This exploit for news protocol works in Mozilla Firefox 3.0.19 (and besides
previous versions, it must work in 3.5.x and 3.6.x), Internet Explorer 6
(6.0.2900.2180), Internet Explorer 8 (8.0.7600.16385), Google Chrome
1.0.154.48 and Opera 9.52.
In all mentioned browsers occurs blocking and overloading of the system from
starting of Opera, which appeared as news-client at my computer, and IE8
>>>
>>> http://websecurity.com.ua/uploads/2010/Firefox,%20IE,%20Chrome%20&%20Opera%20DoS%20Exploit2.html
>>>
>>> This exploit for news protocol works in Mozilla Firefox 3.0.19 (and
>>> besides
>>> previous versions, it must work in 3.5.x and 3.6.x), Internet Explorer 6
>>> (6.0.2900.2180), Internet Explorer 8 (8.0.7600.16385), Google Chrome
>>> 1.0.154.48 and Opera 9.52.
>>>
>>> In all mentioned browsers occurs blocking and overloading of the system
>>> from
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3142
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3143
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3144
Description:
Previous versions of the python package are vulnerable to multiple
attacks, the most serious of which may allow an attacker to execute
arbitrary code.
Additionally, previous versions of the python package on rPath Linux 2
and rPath Appliance Platform Linux Service 2 did not provide the bsddb
At page http://site/xampp/adodb.php
cds where 1=0 union select version(),0,0,0
In field Selected table.
Vulnerable are XAMPP 1.6.8 and previous versions. And potentially next
versions (including last version XAMPP 1.7.1).
-----------------------------
Advisory #4
-----------------------------
leads to that after running of the exploit the browser begun taking 100% of
CPU resources and freezes.
The attack was based on using nested marquee tags (this hole was already
found in Firefox 1.0 and 1.5). Vulnerable were Mozilla Firefox 3.0.1 and
previous versions. This vulnerability was first publicly disclosed DoS in
Firefox 3. My exploit don't use JavaScript (as Juan's exploit), just only
use HTML. For attacking purposes it's better to use plain HTML exploit,
which allows to bypass such protections as turning off JavaScript or using
addons like NoScript.
Vulnerability in xamppsecurity.php.
http://websecurity.com.ua/uploads/2009/XAMPP%20XSS.html
Vulnerable are XAMPP 1.6.8 and previous versions. And potentially next
versions (including last version XAMPP 1.7.1).
-----------------------------
Advisory #2
-----------------------------
During access to admin panel and if SMTP Service (Mercury Mail) is turned on
it's possible to send spam due to lack of protection from automated
requests.
Vulnerable are XAMPP 1.6.8 and previous versions. And potentially next
versions (including last version XAMPP 1.7.1).
-----------------------------
Advisory #6
-----------------------------
Secure Network - Security Research Advisory
Vuln name: Simple PHP Blog Multiple Vulnerabilities
Systems affected: simplePHPBlog 0.5.0.1, simplePHPBlog 0.4.8 and all previous versions
Systems not affected: -
Severity: Medium
Local/Remote: Remote
Vendor URL: http://www.simplephpblog.com/
Author(s): Luca "ikki" Carettoni - luca.carettoni@securenetwork.it, Luca "Daath" De Fulgentis - daath@webapptest.org
Vendor disclosure: 14th September 2007
Next Page>>
|
