Vulnerable InforMation And IT News

Digital Security Research Group [DSecRG] Advisory #DSECRG-09-010
http://dsecrg.com/pages/vul/show.php?id=110

Application: Oracle Database 10G
Versions Affected: Oracle 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4
Vendor URL: http://oracle.com
Bugs: PL/SQL Injections
Exploits: YES
Reported: 29.01.2008
Vendor response:

[Read All About This Article]

ShineShadow Security Report 28102009-13

TITLE

Rising Multiple Products Local Privilege Escalation Vulnerability

BACKGROUND

RISING has introduced a variety of operating system based antivirus software, firewall software and enterprise antivirus wall, firewall, network security warning system and other hardware products. RISING is the third company in the world and the only one in China to provide a full range of information security products and professional

[Read All About This Article]

/// File Name: vmware86.tar.gz
Description:
VMWare Workstation Virtual 8086 Linux Local ring0 exploit.
Author: Julien Tinnes,Tavis Ormandy
File Size: 2320
Related CVE(s): CVE-2009-2267
Last Modified: Oct 27 17:56:54 2009
MD5 Checksum: f0fbf0b88d488847d728b1c5ed6154de

DOWNLOAD

[Read All About This Article]

2116a909dec5c424e471fd34ba817618000

[Read All About This Article]

A DEMO FOR YOU! ENJOY IT.

http://lrv.bplaced.net/wmp/wmp.php

[Read All About This Article]

Until now, it was considered infeasible for an attacker to discover your CSRF token using Brute Force Attacks on the server. I am going to change this belief by showing you a technique to quicky find csrf tokens without generating alerts.

Credit:
The information has been provided by Inferno at SecureThoughts.com and Jeremiah Grossman.

I was thinking about the problem of Cross Site Request Forgery and current mitigation strategies used in the Industry. In many of the real

[Read All About This Article]

The vulnerabilities could allow remote code execution (RCE) on systems running FTP Service on IIS 5.0, or denial of service (DoS) on systems running FTP Service on IIS 5.0, IIS 5.1, IIS 6.0 or IIS 7.0.

Credit:
The information has been provided by Kingcope and Microsoft.
The original article can be found at: http://www.microsoft.com/technet/security/bulletin/MS09-053.mspx

Vulnerable Systems:
* IIS 5.0 (FTP Service 5.0)
* IIS 5.1 (FTP Service 5.1)


[Read All About This Article]

The most severe of the vulnerabilities could allow elevation of privilege if an attacker logged on to the system and ran a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit any of these vulnerabilities. The vulnerabilities could not be exploited remotely or by anonymous users.

Credit:
The information has been provided by Tavis Ormandy, Neel Mehta and Microsoft.
The original article can be found at:

[Read All About This Article]

An XSS flaw within the user profile page has recently been discovered. This could allow an attacker to carry out an action as a user or obtain access to a user’s account. To resolve this issue, it has been necessary to release a patch level version of the active versions of vBulletin.

Credit:

The information has been provided by MaXe.
The original article can be found at: http://www.vbulletin.com/forum/showthread.php?t=319572

[Read All About This Article]

If it is not availabe,please tell me.

Researchers Toshihiro Ohigashi Hiroshima University and University of Morii Masakatu Kob able to crack WPA in just 1 minute, using a technique called Practical Attack Message forgery or practice of attack message forgery.

http://jwis2009.nsysu.edu.tw/location/paper/A%20Practical%20Message%20Falsification%20Attack%20on%20WPA.pdf

[Read All About This Article]