#2011-001 Chyrp input sanitization errors

Description:

The Chyrp framework, an open source blogging engine, suffers from cross-site
scripting (XSS) and local file inclusion (LFI) vulnerabilities.

Insufficient input sanitization on the parameters passed to pages related to
administration settings

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

CVE-2011-2526: Apache Tomcat Information disclosure and availability
vulnerabilities

Severity: low

Vendor:
The Apache Software Foundation

Versions Affected:
Tomcat 7.0.0 to 7.0.18
Tomcat 6.0.0 to 6.0.32
Tomcat 5.5.0 to 5.0.33
Previous,

[ more ]  [ reply ]

On 13/07/11 18:47, Major Malfunction wrote:

>
> When:
>
> Tuesday 25th January 2011

OMG I'm a f*kwit (again).

I meant Tuesday 19th July 2011, obviously!!!

cheers,
MM
--
"In DEFCON, we have no names..." errr... well, we do... but silly ones...

[ more ]  [ reply ]

OK, you know the drill... We have monthly meetings. This is one of them.
Be there!

What:

Shaun Colley - Jumping the guard page for fun and profit

"Stack overflows, generally due to recursion, have long been brushed
aside as 'not exploitable..DoS only'. This isn't true - stack overflows
ARE

[ more ]  [ reply ]

This appears to be a duplicate of bug 5374[1], originally reported by Alexander Koeppe. It was fixed in Wireshark 1.4.2, which was released on November 19, 2010. I can reproduce the problem here with Wireshark 1.4.0 and 1.4.1 but not Wireshark 1.4.2 or the current 1.4 code.

[1] https://bugs.wires

[ more ]  [ reply ]

Name: Torque Server Buffer Overflow Vulnerability
Author: Adam Zabrocki (<pi3 (at) itsec (dot) pl [email concealed]>)
Bartlomiej Balcerek (<bartol (at) pwr.wroc (dot) pl [email concealed]>)
Maciej Kotowicz
(<maciej.kotowicz (at) pwr.wroc (dot) pl [email concealed]>)
Date:

[ more ]  [ reply ]

<!--
Dell IT Assistant detectIESettingsForITA.ocx ActiveX Control
readRegVal() Remote Registry Dump Vulnerability

download uri:
ftp://ftp.us.dell.com/sysman/OM-ITAssistant-Dell-Web-WIN-6.5.0-2247_A01.
21.exe

ActiveX settings:

CLSID: {6286EF1A-B56E-48EF-90C3-743410657F3C}
ProgID: DETECTIESETTINGS.d

[ more ]  [ reply ]

Vulnerability ID: HTB23026
Reference: http://www.htbridge.ch/advisory/paltalk_messenger_activex_control_multip
le_insecure_methods.html
Product: Paltalk Messenger
Vendor: Paltalk ( http://www.paltalk.com )
Vulnerable Version: 10.0 and probably prior
Tested on: 10.0
Vendor Notification: 22 June 2011

[ more ]  [ reply ]

Hello All,

As you know, we recently released the July issue with Metasploit as the theme (http://chmag.in/issue/jul2011).
And ClubHack Mag is seeking submissions for next issue, Issue19-August 2011.

Topics of interest include, but not limited to:-
Mobile (Cellular), VOIP Exploitation and Security

[ more ]  [ reply ]

Advisory: Persistent Cross Site Scripting Vulnerability in Oracle I-Recruitment File Uploading Module- E-Business Suite

CVE-2010-2404

Version Affected - 11.5.10.2, 12.0.6, 12.1.3

About: Oracle I-Recruitment Suite
Oracle iRecruitment is a web based full-cycle recruiting solution that
gives manager

[ more ]  [ reply ]

German ISP 'Alice' has been shipping custom embedded devices (DSL
modems/routers etc.) for the past few years. Their first self-branded
DSL modem, Alice Modem 1111, using firmware version 4.19, is prone to at
least the following two security vulnerabilities (after it has passed
initial configuration

[ more ]  [ reply ]

NIST is preparing the fourth Static Analysis Tool Expostion (SATE IV). Briefly, participating tool makers run their tool on a set of programs. Researchers led by NIST analyze the tool reports. The results and experiences are reported at a workshop. The tool reports and analysis are made publicly a

[ more ]  [ reply ]

ZDI-11-235: TrendMicro Control Manager CASProcessor.exe BLOB Remote Code Execution Vulnerability

http://www.zerodayinitiative.com/advisories/ZDI-11-235

July 12, 2011

-- CVSS:
10, (AV:N/AC:L/Au:N/C:C/I:C/A:C)

-- Affected Vendors:
Trend Micro

-- Affected Products:
Trend Micro Control Manager

--

[ more ]  [ reply ]

Dear All, here we are with issue18 of ClubHack Mag for the month of July2011. Like most of the times, this issue is also theme based and the theme for issue18 is Metasploit.

We have some good news for our readers. CHMag is now partners with Hakin9 and PenTestMag. Also starting from June 2011, CHMa

[ more ]  [ reply ]

===================================================================
Tugux CMS 1.2 Multiple vulnerability (BLIND sql & xss)
===================================================================

Software: Tugux CMS
Vendor: www.tugux.com
Vuln Type: BLind SQL Injection
Download link: http:/

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-2276-2 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Luciano Bello
July 11, 2011

[ more ]  [ reply ]

ZDI-11-234: Trend Micro Control Manager CasLogDirectInsertHandler.cs Remote Code Execution Vulnerability

http://www.zerodayinitiative.com/advisories/ZDI-11-234

July 11, 2011

-- CVSS:
9, (AV:N/AC:L/Au:N/C:P/I:P/A:C)

-- Affected Vendors:
Trend Micro

-- Affected Products:
Trend Micro Control Manag

[ more ]  [ reply ]

This is a reminder that the Call for Papers for the 9th annual
HITBSecConf in Malaysia is closing this Friday, 15th of July. The event
takes place from the 10th - 13th of October at the Intercontinental
Kuala Lumpur.

As always, talks that are more technical or that discuss new and never
before seen

[ more ]  [ reply ]

The 6th international hacking and security conference "POC2011" by hackers will be held
in Seoul, Korea on November 3 ~ 4.
'POC' means ?Power of Community?.
POC believes that the power of community can make the world safer.
POC doesn?t pursue money. So POC is free to show real hacking and securit

[ more ]  [ reply ]

########################## www.BugReport.ir
#######################################
#
# AmnPardaz Security Research Team
#
# Title: Ferdows CMS Pro <=1.1.0 and Ferdows CMS <=9.0.5 Multiple
Vulnerabilities
# Vendor: www.fcms.ir
# Exploit: Available
# Vulnerable Version: 1.1.0 (Pro) & 9.0.5 (CMS

[ more ]  [ reply ]

Wireshark 1.4.0 Malformed IKE Packet Denial of Service

------------------------------------------------------------------
I. Summary

A flaw has been identified in Wireshark 1.4.0 when send a specific malformed IKE packet that will cause a denial of service .

--------------------------------------

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-2277-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Nico Golde
July 10, 2011

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-2276-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Luciano Bello
July 10, 2011

[ more ]  [ reply ]

It's a nice attempt, but no. The social engineering required to pull
that off exceeds what's required to get somebody to download and
execute setup.exe, and we don't call that RCE either.

Hundreds of false bugs are blinding you to probably a dozen real bugs.
Likely more. In security as in financ

[ more ]  [ reply ]

Ok, Dan, just for you:

Launch Internet Explorer 9 on Windows 7 (probably other IE/Win works too), go to File->Open (or press Ctrl+O), browse to Test.html and open it. No double-clicking and you couldn't launch an executable this way. Better?

Cheers,
Mitja

On Jul 8, 2011, at 9:10 PM, Dan Kaminsky

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] bind (SSA:2011-189-01)

New bind packages are available for Slackware 13.37, and -current to
fix a security issue.

Here are the details from the Slackware 13.37 ChangeLog:
+--------------------------+
patches/packages/bind-9.7.3

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] mozilla-thunderbird (SSA:2011-189-02)

New mozilla-thunderbird packages are available for Slackware 13.0, 13.1, 13.37,
and -current to fix security issues.

Here are the details from the Slackware 13.37 ChangeLog:
+-------------

[ more ]  [ reply ]

I'm flooded with requests for a POC and many doubt that these
vulnerabilities are exploitable. And since this vulnerability is
rather technically interesting I believe many could learn from it.

http://ha.xxor.se/2011/07/phpmyadmin-3x-pregreplace-rce-poc.html

[ more ]  [ reply ]

And here's where your exploit stops being one:

===
Suppose the current version of Apple Safari (5.0.5) is our default web
browser. If we put the above files in the same directory (on a local
drive or a remote share) and double-click Test.html, what happens is
the following:
===

At this point, Test

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c02896506
Version: 1

HPSBUX02689 SSRT100494 rev.1 - HP-UX Running OpenSSL, Remote Denial of Service (DoS)

NOTICE: The information in this Security Bulletin should be acted upon as soon as possibl

[ more ]  [ reply ]