Next Page >>
reports
to a privilege escalation, denial of service or information leak. The Common
Vulnerabilities and Exposures project identifies the following problems:
CVE-2010-2524
David Howells reported an issue in the Common Internet File System (CIFS).
Local users could cause arbitrary CIFS shares to be mounted by introducing
malicious redirects.
CVE-2010-3875
Amateur Radio AX.25 Level 2 protocol. Local users may obtain access to
sensitive kernel memory.
CVE-2011-0695
Jens Kuehnel reported an issue in the InfiniBand stack. Remote attackers can
exploit a race condition to cause a denial of service (kernel panic).
CVE-2011-0711
Dan Rosenberg reported an issue in the XFS filesystem. Local users may
Products both on Mac OS 10.5 (Leopard) and iPhone 1.1.4,
and intends to send them in several phases to Apple Inc.
2008/03/08 Apple Inc. replies to n.runs AG providing their public
pgp key. Apple Inc. states that the Apple Inc. RFP will
be used instead of the n.runs RFP
2008/03/08 n.runs AG responds that vulnerability reporting will
only happen under n.runs AG RFP
2008/03/11 Apple Inc. confirms to n.runs AG that the n.runs AG RFP
is aligned to their RFP, and that n.runs may continue
with further communication and bug reporting
2008/03/11 n.runs AG sends PoCs for various issues to Apple Inc.
systems.
Besides the recommendation of a secure network architecture with strict
network access control measures, OS hardening and other sound system
administration practices a specific workaround for the vulnerability
reported in this advisory is provided below.
The vulnerability is located in the ODBC server service, vulnerable
organizations that do not require ODBC connectivity may disable the
service with no adverse effects to the CitectSCADA software.
Installations that require ODBC connectivity to SQL databases,
1. Users of AIM can upgrade to the latest version of the AIM beta client
at beta.aol.com.
Acknowledgments
AOL would like to thank Core Security Technologies for responsibly
reporting this issue to AOL and for working with AOL on testing and
mitigating these issues.
*Other workarounds (un-official)*
Workaround #1: Users running AIM on Microsoft Windows XP SP2 or Windows
Server 2003 SP1 may implement Microsoft's "Internet Explorer Local Machine
1. Users of AIM can upgrade to the latest version of the AIM beta client
at beta.aol.com.
Acknowledgments
AOL would like to thank Core Security Technologies for responsibly
reporting this issue to AOL and for working with AOL on testing and
mitigating these issues.
*Other workarounds (un-official)*
Workaround #1: Users running AIM on Microsoft Windows XP SP2 or Windows
Server 2003 SP1 may implement Microsoft's "Internet Explorer Local Machine
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been reported in Mozilla Firefox,
Thunderbird, SeaMonkey and XULRunner, some of which may allow
user-assisted execution of arbitrary code.
Background
==========
Dear bugtraq@securityfocus.com,
Vulnerabilities reported by different Russian speaking authors to
http://securityvulns.ru
1. Elekt(Antichat.ru) reports protection bypass vulnerability in PHP 4
and 5.
disable_functions feature can be bypassed by using functions alias. A
list of aliases is given in http://php.net/aliases/. For example,
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been reported in Mozilla Firefox,
Thunderbird, SeaMonkey and XULRunner, some of which may allow
user-assisted execution of arbitrary code.
Background
==========
We have also started adding more classifications to each incident. In
addition to the attack method we now track for each incident its geography,
the outcome of the attack and the industry sector it occured at. We are
going to use this information in the our first annual Web Incidents summary
report to be issued in early January.
So if you know of a web hacking incident that you feel should be in the
database and is not (or you could not find it), send me an e-mail at ofer at
shezaf.com, so it will be there in time for the annual report.
We have also started adding more classifications to each incident. In
addition to the attack method we now track for each incident its geography,
the outcome of the attack and the industry sector it occured at. We are
going to use this information in the our first annual Web Incidents summary
report to be issued in early January.
So if you know of a web hacking incident that you feel should be in the
database and is not (or you could not find it), send me an e-mail at ofer at
shezaf.com, so it will be there in time for the annual report.
>
> We have also started adding more classifications to each incident. In
> addition to the attack method we now track for each incident its geography,
> the outcome of the attack and the industry sector it occured at. We are
> going to use this information in the our first annual Web Incidents summary
> report to be issued in early January.
>
> So if you know of a web hacking incident that you feel should be in the
> database and is not (or you could not find it), send me an e-mail at ofer at
> shezaf.com, so it will be there in time for the annual report.
>
We have also started adding more classifications to each incident. In
addition to the attack method we now track for each incident its geography,
the outcome of the attack and the industry sector it occured at. We are
going to use this information in the our first annual Web Incidents summary
report to be issued in early January.
So if you know of a web hacking incident that you feel should be in the
database and is not (or you could not find it), send me an e-mail at ofer at
shezaf.com, so it will be there in time for the annual report.
to a privilege escalation, denial of service or information leak. The Common
Vulnerabilities and Exposures project identifies the following problems:
CVE-2010-0435
Gleb Napatov reported an issue in the KVM subsystem that allows virtual
machines to cause a denial of service of the host machine by executing mov
to/from DR instructions.
CVE-2010-3699
8.2. *Memory Corruption related to Graphic Description [MSRC case 9562]*
Core Security Technologies reported a second bug in Excel which resulted
non exploitable. In its investigation, MSRC has analyzed BIFF5++, BIFF4,
and BIFF2 file formats for exploitability of this vulnerability. MSRC
has been unable to reproduce it in such a way that an exploitable
condition occurs.
=======
Summary
=======
Name: Websense (Triton 7.6) Authentication-bypass in report management UI
Release Date: 30 April 2012
Reference: NGS00138
Discoverer: Ben Williams <ben.williams@ngssecure.com>
Vendor: Websense
Vendor Reference:
Systems Affected:
may lead to a denial of service or privilege escalation. The Common
Vulnerabilities and Exposures project identifies the following problems:
CVE-2009-4537
Fabian Yamaguchi reported a missing check for Ethernet frames larger
than the MTU in the r8169 driver. This may allow users on the local
network to crash a system, resulting in a denial of service.
CVE-2010-0727
Problem Description:
Security issues were identified and fixed in firefox:
Security researcher regenrecht reported (via TippingPoint's Zero Day
Initiative) a potential reuse of a deleted image frame in Firefox 3.6's
handling of multipart/x-mixed-replace images. Although no exploit was
shown, re-use of freed memory has led to exploitable vulnerabilities
in the past (CVE-2010-0164).
8.1. *URLMON sniffing vulnerability*
In CoreLabs Security Advisory CORE-2008-0826 [2] a vulnerability that
allowed attackers to gain access to any file on the local filesystem of
a computer running vulnerable versions of Internet Explorer was
disclosed. During the vulnerability reporting process Core provided
Proof-of-Concept code to the vendor that successfully exploited the bug
on Internet Explorer 8 which at the time was deemed not vulnerable by
Microsoft because the bug had been patched prior to RTM. Upon further
investigation, the vendor determined that the proof-of-concept provided
by Core was actually exploiting a different bug than the one originally
Problem Description:
Security issues were identified and fixed in firefox:
Security researcher regenrecht reported (via TippingPoint's Zero Day
Initiative) a potential reuse of a deleted image frame in Firefox 3.6's
handling of multipart/x-mixed-replace images. Although no exploit was
shown, re-use of freed memory has led to exploitable vulnerabilities
in the past (CVE-2010-0164).
Availability Impact - Complete
CVSS Temporal Score - 8.3
Exploitability - Functional
Remediation Level - Official-Fix
Report Confidence - Confirmed
CSCsk21863 - DNS Response Parsing Stack Overflow
CVSS Base Score - 10.0
Access Vector - Network
print '[-] Must specify a filename. Remember to change the pop pop ret
address! :)'
else:
createMaliciousFile(argv[1])
*Report Timeline*
2007-09-13: Email to IBM AIX security requesting security contact
information for Lotus Notes
2007-09-14: Reply from IBM AIX security team with contact information of
the IBM Lotus Notes security team
2007-09-17: Email to IBM Lotus Notes security notifying Core’s intent to
Problem Description:
Security issues were identified and fixed in firefox:
Security researchers Yosuke Hasegawa and Masatoshi Kimura reported that
the x-mac-arabic, x-mac-farsi and x-mac-hebrew character encodings are
vulnerable to XSS attacks due to some characters being converted to
angle brackets when displayed by the rendering engine. Sites using
these character encodings would thus be potentially vulnerable to
script injection attacks if their script filtering code fails to
Problem Description:
Security issues were identified and fixed in firefox:
Security researchers Yosuke Hasegawa and Masatoshi Kimura reported that
the x-mac-arabic, x-mac-farsi and x-mac-hebrew character encodings are
vulnerable to XSS attacks due to some characters being converted to
angle brackets when displayed by the rendering engine. Sites using
these character encodings would thus be potentially vulnerable to
script injection attacks if their script filtering code fails to
Problem Description:
Security issues were identified and fixed in firefox:
Security researchers Yosuke Hasegawa and Masatoshi Kimura reported that
the x-mac-arabic, x-mac-farsi and x-mac-hebrew character encodings are
vulnerable to XSS attacks due to some characters being converted to
angle brackets when displayed by the rendering engine. Sites using
these character encodings would thus be potentially vulnerable to
script injection attacks if their script filtering code fails to
. Microsoft virtualization products that are based on Hyper-V technology.
6. *Vendor Information, Solutions and Workarounds*
This issue was reported to Microsoft in August 2009. The vendor has
acknowledged the report and after extensive analysis indicated that it
plans to solve the problem in future updates to the associated products.
We recommend affected users to run all mission critical Windows
applications on non-virtualized systems or to use virtualization
Problem Description:
Security issues were identified and fixed in firefox 3.0.x:
Security researcher Alin Rad Pop of Secunia Research reported a
heap-based buffer overflow in Mozilla's string to floating point
number conversion routines. Using this vulnerability an attacker
could craft some malicious JavaScript code containing a very long
string to be converted to a floating point number which would result
in improper memory allocation and the execution of an arbitrary memory
Problem Description:
Security issues were identified and fixed in firefox 3.0.x:
Security researcher Alin Rad Pop of Secunia Research reported a
heap-based buffer overflow in Mozilla's string to floating point
number conversion routines. Using this vulnerability an attacker
could craft some malicious JavaScript code containing a very long
string to be converted to a floating point number which would result
in improper memory allocation and the execution of an arbitrary memory
I am used to stupid answers. However what happened here bears no description.
Short Guerilla Version of the Timeline (complete timeline below):
-------------------------------------------------------------------
- Hey Thierry sorry, we did not get your report, we'll keep you updated!
We have IBM written on the proventia boxes but don't send reports to IBM!!
- Post official statement to IBM website that IBM is NOT affected and
forgetting to inform Thierry
TZ> I am used to stupid answers. However what happened here bears no description.
TZ> Short Guerilla Version of the Timeline (complete timeline below):
TZ> -------------------------------------------------------------------
TZ> - Hey Thierry sorry, we did not get your report, we'll keep you updated!
TZ> We have IBM written on the proventia boxes but don't send reports to IBM!!
TZ> - Post official statement to IBM website that IBM is NOT affected and
TZ> forgetting to inform Thierry
Next Page>>
|
