Posts Tagged ‘vulnerability’

« Older Pages

Internet Explorer 6-7-8 => Remote Code Execution

Tuesday, January 19th, 2010

Summary:
Microsoft is investigating reports of limited, targeted attacks against customers of Internet Explorer 6, using a vulnerability in Internet Explorer.

Affected:
Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4 is not affected, and that Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4, and Internet Explorer 6, Internet Explorer 7 and Internet Explorer 8 on supported editions of Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 are vulnerable.

Vulnerability:
The vulnerability exists as an invalid pointer reference within Internet Explorer. It is possible under certain conditions for the invalid pointer to be accessed after an object is deleted. In a specially-crafted attack, in attempting to access a freed object, Internet Explorer can be caused to allow remote code execution.
In a Web-based attack scenario, an attacker could host a Web site that contains a Web page that is used to exploit this vulnerability. In addition, compromised Web sites and Web sites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability. In all cases, however, an attacker would have no way to force users to visit these Web sites. Instead, an attacker would have to convince users to visit the Web site, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes users to the attacker’s Web site.
An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights.

NOTE: This is the vulnerability used by China hackers to spy and scam Gmail Accounts.

Tags: , , , , , , , , ,
Posted in Articles, Exploits, Hacking, News | Comments Off

vBulletin 3.8.4/3.7.6/3.6.12 XSS Vulnerability

Friday, October 9th, 2009

vBulletin 3.8.4/3.7.6/3.6.12 XSS Vulnerability Cross site scripting redirection

An Cross Site Scripting Vulnerability in vBulletin Board versions 3.8.4,3.7.6,3.6.12 within the user profile page allows an attacker to carry out an action as a user or obtain access to a user’s account. The “Home Page” field in the user profile was only checking the user input for either “www” or the following regular expression written in normal text.
The output in the Home Page field is encoded with most likely htmlspecialchars(),however before the patch it did not check if a user would create a link that would send an unknowing user to either the data: or javascript URI scheme.
This means that we should avoid since that becomes " .. The other characters like < will become < which is %3C which is almost the same. Please see how htmlentities() and htmlspecialchars() works in PHP.

javascript://%0adocument.write(”)

It can be used for external javascript inclusion or to show an home page alert.

Affected :
3.8.4 / 3.7.6 / 3.6.12
Patches :
3.8.4PL1 / 3.7.6PL1 / 3.6.12PL1

Vendor References :
http://www.vbulletin.com/forum/showthread.php?t=319572

Tags: , , , , ,
Posted in Exploits, Hacking, Infosecurity, PoC, Webappsec | Comments Off

Gentoo Certificate validation error Vulnerability

Sunday, September 27th, 2009

Gentoo Certificate validation error Vulnerability

An error in the X.509 certificate handling of cURL might enable remote attackers to conduct man-in-the-middle attacks. cURL that is a command line tool for transferring files with URL syntax,supporting numerous protocols, does not properly handle fields in X.509 certificates that contain an ASCII NUL (\0) character. Specifically, the processing of such fields is stopped at the first occurence of a NUL character. This type of vulnerability was recently discovered by Dan Kaminsky and Moxie Marlinspike.
A remote attacker might employ a specially crafted X.509 certificate (that for instance contains a NUL character in the Common Name field) to conduct man-in-the-middle attacks.

emerge –sync
emerge –ask –oneshot –verbose =net-misc/curl-7.19.6

Tags: , , , , , , ,
Posted in Bsd and *nix, Exploits, Infosecurity, Music, PoC, Stuffs | Comments Off

Orion Application Server XSS Vulnerability

Sunday, September 27th, 2009

Orion Application Server XSS Vulnerability

A vulnerability in Orion Application Server (Java) allows an attacker to cause execution of malicious scripting code in the browser of a user who clicks on a link to a Orion Application server site. Such code would run within the security context of the target domain. This type of attack can result in non-persistent defacement of the target site, or the redirection of confidential information (i.e.: session IDs) to unauthorised third parties.

/examples/jsp/sessions/carts.jsp?item=

/examples/jsp/checkbox/checkresult.jsp?fruit=

/examples/jsp/cal/cal2.jsp?time=

Tags: , , , , ,
Posted in Exploits, Hacking, Infosecurity, PoC | 1 Comment »

Cisco IOS Software Tunnels Vulnerability

Friday, September 25th, 2009

Cisco Security Advisory: Cisco IOS Software Tunnels Vulnerability
Advisory : cisco-tunnels

Cisco devices running affected versions of Cisco IOS Software are vulnerable to a denial of service (DoS) attack if configured for IP tunnels and Cisco Express Forwarding.
Cisco has released free software updates that address this vulnerability.

Affected :
Cisco devices are vulnerable when running an affected version of Cisco IOS Software and configured for Generic Routing Encapsulation (GRE), IPinIP, Generic Packet Tunneling in IPv6 or IPv6 over IP tunnels with Cisco Express Forwarding enabled. The Cisco IOS Point to Point Tunneling Protocol (PPTP) feature creates GRE tunnels that are transparent to the user. Therefore systems configured for PPTP are also vulnerable.
The Cisco multicast Virtual Private Network (MVPN) feature also creates GRE tunnels that are transparent to the user, however MVPN configurations are not vulnerable, unless there are other tunnels that are configured explicitly.

Impact :
Successful exploitation of the vulnerability may result in the reload of an affected system, causing a DoS condition.

Tags: , , , , , , ,
Posted in Exploits, Hacking, Infosecurity, News, PoC | 2 Comments »

« Older Pages