Vulnerable InforMation And IT News

CVE ID
CVE-2010-0821
Affected Vendors
Microsoft

Affected Products
Office Excel

TippingPoint™ IPS Customer Protection
TippingPoint IPS customers are protected against this vulnerability by Digital Vaccine protection filter ID 9244. For further product information on the TippingPoint IPS:
http://www.tippingpoint.com
Vulnerability Details
This vulnerability allows remote attackers to execute arbitrary code on vulnerable

[Read All About This Article]

The vulnerabilities could allow remote code execution (RCE) on systems running FTP Service on IIS 5.0, or denial of service (DoS) on systems running FTP Service on IIS 5.0, IIS 5.1, IIS 6.0 or IIS 7.0.

Credit:
The information has been provided by Kingcope and Microsoft.
The original article can be found at: http://www.microsoft.com/technet/security/bulletin/MS09-053.mspx

Vulnerable Systems:
* IIS 5.0 (FTP Service 5.0)
* IIS 5.1 (FTP Service 5.1)


[Read All About This Article]

The most severe of the vulnerabilities could allow elevation of privilege if an attacker logged on to the system and ran a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit any of these vulnerabilities. The vulnerabilities could not be exploited remotely or by anonymous users.

Credit:
The information has been provided by Tavis Ormandy, Neel Mehta and Microsoft.
The original article can be found at:

[Read All About This Article]

An XSS flaw within the user profile page has recently been discovered. This could allow an attacker to carry out an action as a user or obtain access to a user’s account. To resolve this issue, it has been necessary to release a patch level version of the active versions of vBulletin.

Credit:

The information has been provided by MaXe.
The original article can be found at: http://www.vbulletin.com/forum/showthread.php?t=319572

[Read All About This Article]

[o] Joomla Component com_gameserver 1.0 (id) SQL Injection Vulnerability

–==[ Author ]==–
[+] Author : v3n0m
[+] Contact : v3n0m666[at]live[dot]com
[+] Blog : http://0wnage.wordpress.com/
[+] Group : YOGYACARDERLINK
[+] Site : http://yogyacarderlink.web.id/
[+] Date : September, 03rd 2009 [INDONESIA]
*************************************************************************
–==[ Details ]==–
[+]

[Read All About This Article]

The blogosphere is abuzz over a newly publicized bug in Windows 7. I read about it yesterday on Chris123NT’s blog, where it was described as a “critical bug in Windows 7 RTM.” The story picked up momentum today when InfoWorld’s Randall Kennedy (the man behind the “Save XP” Astroturf campaign) published a sensational polemic: “Critical Windows 7 bug risks derailing product launch.” Tom Warren at Neowin called it “rather nasty” but sensibly concluded that it’s far from a

[Read All About This Article]

Recently held in Las Vegas Black Hat security conference (Black Hat security conference), there are researchers on how the model through a simple SMS, will be able to control the mobile phone they want to control from eavesdropping or theft of data. IPhone as a result mainly of a demonstration to the outside world that the iPhone will only affect users, but in fact quite a number of smartphone platforms, including Android and Windows Mobile, the SMS has the same flaw. The incident has aroused

[Read All About This Article]

Today,i get a paper from milw0rm.com,which was written by ZFO team.I saw most contet of it and found wordpress was hacked of the lastest version. And also found that Securityfous own this wordpress 0day but not published.In my opinion , ZFO underground team also owns this 0day.
We don’t know what is wordpress 0day is,sqlinjection?remote command execution?Remote file inclusion or Xss.
But it seems to me that hackers can get webshell easily by this 0day.So please update your

[Read All About This Article]