GO IT WORLD | IT TECH | IT NEWS » Security Bulletin

Cisco IOS Software IPv6 Denial of Service Vulnerability

jason — Tue, 04 Oct 2011 12:43:07 +0000

Advisory ID: cisco-sa-20110928-ipv6

http://www.cisco.com/warp/public/707/cisco-sa-20110928-ipv6.shtml

Revision 1.1

Last Updated 2011 September 30 2330 UTC (GMT)

For Public Release 2011 September 28 1600 UTC (GMT)

Summary
Affected Products
Details
Vulnerability Scoring Details
Impact
Software Versions and Fixes
Workarounds
Obtaining Fixed Software
Exploitation and Public Announcements
Status of this Notice: FINAL
Distribution
Revision History
Cisco Security Procedures

Summary

Cisco IOS Software contains a vulnerability in the IP version 6 (IPv6) protocol stack implementation that could allow an unauthenticated, remote attacker to… Read the rest

Microsoft Excel Record Integer Signedness Vulnerability

jason — Fri, 16 Sep 2011 05:44:50 +0000

I. BACKGROUND

Excel is the spreadsheet application included with Microsoft Corp.’s Office productivity software suite. More information is available at the following website:

http://office.microsoft.com/excel/

II. DESCRIPTION

Remote exploitation of an integer signedness vulnerability in Microsoft Corp.’s Excel could allow an attacker to execute arbitrary code with the privileges of the current user.

The vulnerability is an integer signedness issue that leads to an invalid array indexing vulnerability. It is triggered by a certain record with a negative ‘iax’ field.

It is possible to pass negative 16-bit values, which are later sign extended to 32 bits. The sign… Read the rest

cPanel < 11.30.2 Multiple CSRF Vulnerabilities

jason — Wed, 14 Sep 2011 07:20:52 +0000

Test Code:

[+] Info=======================================================

[-] Exploit Title: cPanel < 11.30.2 Multiple CSRF Vulnerabilities
[-] Author: Net.Edit0r
[-] Home : Black-HG.Org ~ h4ckcity.org
[-] Version: 11.30.2
[-] Software Link: http://cpanel.net
[-] Email : Black.hat.tm[at]Gmail[dot]Com / Net.Edit0r[at]att[dot]net
[-] Date : 27/08/2011
[-] CVE : N/A
[-] Vedio Demo : http://www.black-hg.org/Vedioz/cpanel.rar
[-] Tnx2 : A.Cr0x & 3H34N & 4m!n & Cyrus & tHe.k!ll3r & Mr.XHat & Mikili

[+] Exploit=====================================================

[-] Introduction :

cPanel versions below and excluding 11.30.2 , are vulnerable to CSRF which
leads to Change email address script of

… Read the rest

Apache Tomcat Authentication bypass and information disclosure

jason — Fri, 02 Sep 2011 15:03:23 +0000

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected:
- Tomcat 7.0.0 to 7.0.20
- Tomcat 6.0.0 to 6.0.33
- Tomcat 5.5.0 to 5.5.33
- Earlier, unsupported versions may also be affected

Description:
Apache Tomcat supports the AJP protocol which is used with reverse
proxies to pass requests and associated data about the request from the
reverse proxy to Tomcat. The AJP protocol is designed so that when a
request includes a request body, an unsolicited AJP message is sent to
Tomcat that includes the first part (or possibly all) of… Read the rest

Linux Kernel < 2.6.37-rc2 ACPI custom_method Privilege Escalation

jason — Fri, 05 Aug 2011 03:57:03 +0000

This custom_method file allows to inject custom ACPI methods into the ACPI interpreter tables. This control file was introduced with world writeable permissions in Linux Kernel 2.6.33.

/*
* american-sign-language.c
*
* Linux Kernel < 2.6.37-rc2 ACPI custom_method Privilege Escalation
* Jon Oberheide <jon@oberheide.org>
* http://jon.oberheide.org
*
* Information:
*
*   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4347
*
*   This custom_method file allows to inject custom ACPI methods into the ACPI
*   interpreter tables. This control file

… Read the rest

Mozilla Foundation Security Advisory 2011-20

jason — Thu, 23 Jun 2011 14:53:49 +0000

Title: Use-after-free vulnerability when viewing XUL document with script disabled
Impact: Critical
Announced: June 21, 2011
Reporter: Martin Barbella
Products: Firefox, Thunderbird, SeaMonkey
Fixed in: Firefox 5
Firefox 3.6.18
Thunderbird 3.1.11

Description

Security researcher Martin Barbella reported that under certain conditions, viewing a XUL document while JavaScript was disabled caused deleted memory to be accessed. This flaw could potentially be used by an attacker to crash a victim’s browser and run arbitrary code on their computer.

References

oBlog Persistant XSS, CSRF, Admin Bruteforce

jason — Wed, 16 Dec 2009 10:52:27 +0000

[-------------------------------------------------------------------------------------------------]
[   Application: oBlog                                                                            ]
[   Version: the only one there is :)                                                             ]
[   Download: http://www.dootzky.com/images/projects/oBlog.zip                                    ]
[   Author of this full disclosure: Milos Zivanovic                                               ]
[   Vulnerabilities: Persistant XSS, CSRF, Admin Bruteforce...                                    ]
[-------------------------------------------------------------------------------------------------]
Author of the application is contacted and author of this paper is not responsible for anything
you do after reading this text.
[#] Content:
|–Persistant XSS
| |
| |–Vulnerable function
| |–XSS in article comments
| |–XSS in add new article / Edit… Read the rest

phpCollegeExchange 0.1.5c Multiple SQL Injection Vulnerabilities

jason — Mon, 14 Dec 2009 05:57:33 +0000

Name phpCollegeExchange
Vendor http://phpcollegeex.sourceforge.net
Versions Affected 0.1.5c

Author            Salvatore Fresta aka Drosophila
Website           http://www.salvatorefresta.net
Contact           salvatorefresta [at] gmail [dot] com
Date              2009-12-11

X. INDEX

I.    ABOUT THE APPLICATION
II.   DESCRIPTION
III. ANALYSIS
IV.   SAMPLE CODE
V.    FIX
VI.   DISCLOSURE TIMELINE

I. ABOUT THE APPLICATION

PhpCollegeExchange is a full fledged college community
website.

II. DESCRIPTION

This application is affected by many SQL Injection
security flaws. In order… Read the rest

Invision Power Board SQL Injection Vulnerabilities

jason — Mon, 07 Dec 2009 03:32:13 +0000

Version:

Invision Power Services Invision Power Board 2.3.6
Invision Power Services Invision Power Board 3.0.4

Description:

The attacker can exploit the SQL-injection vulnerabilities to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Test

http://www.example.com/?app=forums&module=moderate&section=moderate&f=1&do=prune_move&df=3&pergo=50&dateline=0&state=open&ignore_pin=1&max=0&s
tarter=1%20AND%20starter_id=1%20OR%20substr(version(),1,1)=5%20AND%20sleep(15)%20–%20skip%20&auth_key=c4276b77602767228faa9760eb4a5abd

http://www.example.com/forum/?act=mod&f=1&CODE=prune_move&df=3&pergo=50&dateline=0&state=open&ignore_pin=1&max=0&starter=1%20AND%20starter_id=1%20OR
%20substr(version(),1,1)=5%20AND%20sleep(16)%20–%20skip%20&auth_key=040c4a6e768d626b4c05a4bb0fbf315c

FreeBSD Security Advisories (security-advisories freebsd org)

jason — Sat, 05 Dec 2009 07:12:01 +0000

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1
========================================================================
=====
FreeBSD-SA-09:17.freebsd-update Security Advisory
The FreeBSD Project
Topic: Inappropriate directory permissions in freebsd-update(8)
Category: core
Module: usr.sbin
Announced: 2009-12-03
Credits: KAMADA Ken’ichi
Affects: All supported versions of FreeBSD.
Corrected: 2009-12-03 09:18:40 UTC (RELENG_8, 8.0-STABLE)
2009-12-03 09:18:40 UTC (RELENG_8_0, 8.0-RELEASE-p1)
2009-12-03 09:18:40 UTC (RELENG_7, 7.2-STABLE)
2009-12-03 09:18:40 UTC (RELENG_7_2, 7.2-RELEASE-p5)
2009-12-03 09:18:40 UTC (RELENG_7_1, 7.1-RELEASE-p9)
2009-12-03 09:18:40 UTC (RELENG_6, 6.4-STABLE)
2009-12-03 09:18:40 UTC (RELENG_6_4, 6.4-RELEASE-p8)
2009-12-03 09:18:40 UTC (RELENG_6_3, 6.3-RELEASE-p14)
For general information regarding… Read the rest

GO IT WORLD | IT TECH | IT NEWS » Security Bulletin

Cisco IOS Software IPv6 Denial of Service Vulnerability

Advisory ID: cisco-sa-20110928-ipv6

http://www.cisco.com/warp/public/707/cisco-sa-20110928-ipv6.shtml

Revision 1.1

Last Updated 2011 September 30 2330 UTC (GMT)

For Public Release 2011 September 28 1600 UTC (GMT)

Contents

Summary

Microsoft Excel Record Integer Signedness Vulnerability

I. BACKGROUND

II. DESCRIPTION

cPanel < 11.30.2 Multiple CSRF Vulnerabilities

Apache Tomcat Authentication bypass and information disclosure

Linux Kernel < 2.6.37-rc2 ACPI custom_method Privilege Escalation

Mozilla Foundation Security Advisory 2011-20

Description

References

oBlog Persistant XSS, CSRF, Admin Bruteforce

phpCollegeExchange 0.1.5c Multiple SQL Injection Vulnerabilities

Invision Power Board SQL Injection Vulnerabilities

FreeBSD Security Advisories (security-advisories freebsd org)