SecuriTeam.com

Cisco BBSM Captive Portal Cross-site Scripting

Wed, 14 May 2008 21:39 GMT

A non-persistent XSS vulnerability is present within the AccessCodeStart.asp page. A malicious user may leverage this to possibly gain access client information in captive portal/hotspot locations using this software.

Cisco Unified Communications Manager Denial of Service Vulnerabilities

Wed, 14 May 2008 20:49 GMT

Cisco Unified Communications Manager, formerly Cisco CallManager, contains multiple denial of service (DoS) vulnerabilities that may cause an interruption in voice services, if exploited. These vulnerabilities were discovered internally by Cisco. The following Cisco Unified Communications Manager services are affected:

Novell eDirectory Unauthenticated Access to SOAP Interface

Mon, 12 May 2008 19:41 GMT

The Novell eDirectory's eMBox utility is vulnerable to unauthenticated attacks. Successful exploit of this vulnerability could result in DoS or access to local files.

Call of Duty Denial of Service

Mon, 12 May 2008 19:38 GMT

Call of Duty 4 (CoD4) is "the most recent and played game of the homonym series created by Infinity Ward with over 15000 internet servers". A vulnerability in the CoD game allows remote attackers to cause the game to crash by sending it malform data.

Wonderware SuiteLink Denial of Service Vulnerability

Wed, 07 May 2008 09:02 GMT

WonderWare is supplier of industrial automation and information software solutions. According to the company's website [1]: "one third of the world's plants run Wonderware software solutions. Having sold more than 500,000 software licenses in over 100,000 plants worldwide, Wonderware has customers in virtually every global industry - including Oil & Gas, Food & Beverage, Utilities, Pharmaceuticals, Electronics, Metals, Automotive and more".

SSL Capable NetCat

Sun, 27 Apr 2008 12:33 GMT

ProxyStrike - Active Web Application Proxy

Wed, 09 Apr 2008 16:13 GMT

McGrew Security RAM Dumper

Mon, 03 Mar 2008 15:04 GMT

Creddump - Extracts Credentials from Windows Registry Hives

Mon, 25 Feb 2008 19:31 GMT

w3af - Web Application Attack and Audit Framework

Fri, 15 Feb 2008 09:02 GMT

Multiple Vendor rdesktop Vulnerabilities

Wed, 07 May 2008 15:16 GMT

rdesktop is "an open source client that speaks the Remote Desktop Protocol (RDP). This allows Unix-based users to login to Windows Terminal Servers". Multiple vulnerabilities have been found in the rdesktop client, these vulnerabilities could be used to cause the program to execute arbitrary code.

PHP GENERATE_SEED() Weak Random Number Seed Vulnerability

Wed, 07 May 2008 07:48 GMT

"PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML." Weak random number seed might lead to security problems in PHP applications using random numbers.

PHP Multibyte Shell Command Escaping Bypass Vulnerability

Wed, 07 May 2008 07:45 GMT

"PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML." Several PHP shell locales with support for east asian variable width encodings allow bypassing PHP's shell command escaping functions, safe_mode and disable_functions.

SugarCRM Community Edition Local File Disclosure Vulnerability

Wed, 30 Apr 2008 14:01 GMT

SugarCRM Community Edition is vulnerable to local file contents disclosure This vulnerability can be exploited by a malicious user to disclose potentially sensitive information. The flaw is caused due to a lack of input filtering in the SugarCRM RSS module, which can be exploited to disclose the content of local files.

Wordpress Cookie Integrity Protection Vulnerability

Mon, 28 Apr 2008 14:31 GMT

An attacker, who is able to register a specially crafted username on a Wordpress 2.5 installation, is able to generate authentication cookies for other chosen accounts.

Vulnerability in Microsoft Publisher Allows Code Execution (MS08-027)

Wed, 14 May 2008 12:04 GMT

This security update resolves a privately reported vulnerability in Microsoft Publisher that could allow remote code execution if a user opens a specially crafted Publisher file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Microsoft Word CSS Processing Memory Corruption Vulnerability

Wed, 14 May 2008 11:48 GMT

Microsoft Word is a word processing application that is distributed with Microsoft Office. Cascading Style Sheets (CSS) is a stylesheet language used to describe the presentation of a document written in a markup language. Remote exploitation of a memory corruption vulnerability in Microsoft Corp.'s Word could allow attackers to execute arbitrary code with the privileges of the logged in user.

Vulnerabilities in Microsoft Word Allows Code Execution (MS08-026)

Tue, 13 May 2008 21:02 GMT

This security update resolves several privately reported vulnerabilities in Microsoft Word that could allow remote code execution if a user opens a specially crafted Word file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Microsoft Windows I2O Filter Utility Driver (i2omgmt.sys) Local Privilege Escalation Vulnerability

Tue, 13 May 2008 08:41 GMT

Intelligent Input/Output (I2O) is "a defunct computer input/output (I/O) specification. i2omgmt.sys is a Windows driver for the I2O Utility Filter". Local exploitation of an input validation vulnerability within version 5.1.2600.2180 of i2omgmt.sys, as included with Microsoft Corp's Windows XP operating system, could allow an attacker to execute arbitrary code in the context of the kernel.

Novell eDirectory DoS via HTTP Headers

Mon, 12 May 2008 19:33 GMT

A vulnerability in Novell's eDirectory allows Connection: HTTP headers to be used to cause dhost.exe to consume 100% of a CPU. Multiple requests submitted can comsume time on all CPUs.

Intel Centrino 2200BG Wireless Driver Probe Overflow

Mon, 21 Apr 2008 19:51 GMT

A vulnerability in Intel Centrino 220BG Wireless driver allows remote attackers via a malformed beacon packet to cause the driver to overflow an internal buffer which in turn can be used to execute arbitrary code. The following exploit code can be used to test the vulnerability.

SCO UnixWare pkgadd Local Root (Exploit)

Sun, 06 Apr 2008 09:21 GMT

A vulnerability in SCO UnixWare's pkgadd command line program allows local attackers to gain elevated privileges.

SCO UnixWare Reliant HA Local Root (Exploit)

Sun, 06 Apr 2008 09:20 GMT

A vulnerability in SCO UnixWare's Reliant HA program allows local attackers to overflow an internal buffer in the program causing it to execute arbitrary code.

SCO UnixWare Merge mcd Local Root (Exploit)

Sun, 06 Apr 2008 09:18 GMT

A vulnerability in SCO UnixWare's Merge mcd command allows local attackers to gain elevated privileges by overflowing an internal buffer used by the program.

TFTP Server for Windows Buffer Overflow (Exploit)

Mon, 31 Mar 2008 13:09 GMT

Multithreaded TFTP Server for "PXEBOOT, Router image load, supports tsize, blksize, Interval and Server Port Ranges, Block Number Rollover for Large Files. Can be installed as Service/daemon. Single Port version also available. Freeware Software Download". A buffer overflow vulnerability has been discovered in the TFTP Server for Windows, this vulnerability allows remote attackers to cause the product to execute arbitrary code.

Lateral SQL Injection: a New Class of Vulnerability in Oracle

Sun, 27 Apr 2008 14:27 GMT

A new class of vulnerabilities have been discovered in Oracle, these vulnerabilities can be exploited through the use of Oracle's ability to allow users to manipluate the way certain internal functions work.

Microsoft Windows DNS Stub Resolver Cache Poisoning (MS08-020)

Wed, 09 Apr 2008 16:37 GMT

The Windows DNS stub resolver is a Windows service used by Windows desktop software to resolve DNS names into IP addresses. The DNS stub resolver forwards DNS queries to the DNS server configured for the workstation (or server) and returns the DNS server s response to the requesting software.

Cold Boot Attacks on Disk Encryption

Mon, 25 Feb 2008 19:15 GMT

The below linked paper shows that disk encryption, the standard approach to protecting sensitive data on laptops, can be defeated by relatively simple methods. The paper also demonstrates the methods by using them to defeat three popular disk encryption products: BitLocker, which comes with Windows Vista; FileVault, which comes with MacOS X; and dm-crypt, which is used with Linux.

OpenBSD DNS Cache Poisoning and Multiple O/S Predictable IP ID Vulnerability

Wed, 13 Feb 2008 12:03 GMT

A serious weakness has been discovered in OpenBSD's PRNG, which allows an attacker to predict the next transaction ID (typically up to 8-10 guesses) given a series of consecutive 12-15 transaction IDs.

Exploiting WDM Audio Drivers

Mon, 07 Jan 2008 18:55 GMT

For those researchers who are interested in the driver security and also for driver writers, the paper "Exploiting WDM Audio Drivers" has been released.