Vulnerable InforMation And IT News » vul news http://www.vul.kr vulnerable security xss sql injection exploit bugs 0day zero-day paper news code Wed, 08 Sep 2010 06:06:07 +0000 http://wordpress.org/?v=2.8.2 en hourly 1 Microsoft Office Excel SxView Record Parsing Remote Code Execution Vulnerability http://www.vul.kr/microsoft-office-excel-sxview-record-parsing-remote-code-execution-vulnerability http://www.vul.kr/microsoft-office-excel-sxview-record-parsing-remote-code-execution-vulnerability#comments Wed, 09 Jun 2010 08:39:23 +0000 admin http://www.vul.kr/?p=1371 CVE ID
CVE-2010-0821
Affected Vendors
Microsoft

Affected Products
Office Excel

TippingPoint™ IPS Customer Protection
TippingPoint IPS customers are protected against this vulnerability by Digital Vaccine protection filter ID 9244. For further product information on the TippingPoint IPS:
http://www.tippingpoint.com
Vulnerability Details
This vulnerability allows remote attackers to execute arbitrary code on vulnerable

[Read All About This Article]

]]> CVE ID
CVE-2010-0821
Affected Vendors
Microsoft

Affected Products
Office Excel

TippingPoint™ IPS Customer Protection
TippingPoint IPS customers are protected against this vulnerability by Digital Vaccine protection filter ID 9244. For further product information on the TippingPoint IPS:
http://www.tippingpoint.com
Vulnerability Details
This vulnerability allows remote attackers to execute arbitrary code on vulnerable

[Read All About This Article]

]]> http://www.vul.kr/microsoft-office-excel-sxview-record-parsing-remote-code-execution-vulnerability/feed 0 Microsoft IIS FTP Service Code Execution and DoS Vulnerability http://www.vul.kr/microsoft-iis-ftp-service-code-execution-and-dos-vulnerability http://www.vul.kr/microsoft-iis-ftp-service-code-execution-and-dos-vulnerability#comments Sat, 31 Oct 2009 05:47:37 +0000 admin http://www.vul.kr/?p=1280 The vulnerabilities could allow remote code execution (RCE) on systems running FTP Service on IIS 5.0, or denial of service (DoS) on systems running FTP Service on IIS 5.0, IIS 5.1, IIS 6.0 or IIS 7.0.

Credit:
The information has been provided by Kingcope and Microsoft.
The original article can be found at: http://www.microsoft.com/technet/security/bulletin/MS09-053.mspx

Vulnerable Systems:
* IIS 5.0 (FTP Service 5.0)
* IIS 5.1 (FTP Service 5.1)


[Read All About This Article]

]]> The vulnerabilities could allow remote code execution (RCE) on systems running FTP Service on IIS 5.0, or denial of service (DoS) on systems running FTP Service on IIS 5.0, IIS 5.1, IIS 6.0 or IIS 7.0.

Credit:
The information has been provided by Kingcope and Microsoft.
The original article can be found at: http://www.microsoft.com/technet/security/bulletin/MS09-053.mspx

Vulnerable Systems:
* IIS 5.0 (FTP Service 5.0)
* IIS 5.1 (FTP Service 5.1)


[Read All About This Article]

]]> http://www.vul.kr/microsoft-iis-ftp-service-code-execution-and-dos-vulnerability/feed 0 Windows Kernel Multiple Vulnerabilities http://www.vul.kr/windows-kernel-multiple-vulnerabilities http://www.vul.kr/windows-kernel-multiple-vulnerabilities#comments Sat, 31 Oct 2009 05:19:15 +0000 admin http://www.vul.kr/?p=1278 The most severe of the vulnerabilities could allow elevation of privilege if an attacker logged on to the system and ran a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit any of these vulnerabilities. The vulnerabilities could not be exploited remotely or by anonymous users.

Credit:
The information has been provided by Tavis Ormandy, Neel Mehta and Microsoft.
The original article can be found at:

[Read All About This Article]

]]> The most severe of the vulnerabilities could allow elevation of privilege if an attacker logged on to the system and ran a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit any of these vulnerabilities. The vulnerabilities could not be exploited remotely or by anonymous users.

Credit:
The information has been provided by Tavis Ormandy, Neel Mehta and Microsoft.
The original article can be found at:

[Read All About This Article]

]]> http://www.vul.kr/windows-kernel-multiple-vulnerabilities/feed 0 vBulletin Cross Site Scripting Vulnerability http://www.vul.kr/vbulletin-cross-site-scripting-vulnerability http://www.vul.kr/vbulletin-cross-site-scripting-vulnerability#comments Sat, 31 Oct 2009 05:15:18 +0000 admin http://www.vul.kr/?p=1276 An XSS flaw within the user profile page has recently been discovered. This could allow an attacker to carry out an action as a user or obtain access to a user’s account. To resolve this issue, it has been necessary to release a patch level version of the active versions of vBulletin.

Credit:

The information has been provided by MaXe.
The original article can be found at: http://www.vbulletin.com/forum/showthread.php?t=319572

[Read All About This Article]

]]> An XSS flaw within the user profile page has recently been discovered. This could allow an attacker to carry out an action as a user or obtain access to a user’s account. To resolve this issue, it has been necessary to release a patch level version of the active versions of vBulletin.

Credit:

The information has been provided by MaXe.
The original article can be found at: http://www.vbulletin.com/forum/showthread.php?t=319572

[Read All About This Article]

]]> http://www.vul.kr/vbulletin-cross-site-scripting-vulnerability/feed 1 Joomla Component com_gameserver 1.0 (id) SQL Injection Vulnerability http://www.vul.kr/joomla-component-com_gameserver-1-0-id-sql-injection-vulnerability http://www.vul.kr/joomla-component-com_gameserver-1-0-id-sql-injection-vulnerability#comments Thu, 03 Sep 2009 10:58:35 +0000 admin http://www.vul.kr/?p=1233 [o] Joomla Component com_gameserver 1.0 (id) SQL Injection Vulnerability

–==[ Author ]==–
[+] Author : v3n0m
[+] Contact : v3n0m666[at]live[dot]com
[+] Blog : http://0wnage.wordpress.com/
[+] Group : YOGYACARDERLINK
[+] Site : http://yogyacarderlink.web.id/
[+] Date : September, 03rd 2009 [INDONESIA]
*************************************************************************
–==[ Details ]==–
[+]

[Read All About This Article]

]]> [o] Joomla Component com_gameserver 1.0 (id) SQL Injection Vulnerability

–==[ Author ]==–
[+] Author : v3n0m
[+] Contact : v3n0m666[at]live[dot]com
[+] Blog : http://0wnage.wordpress.com/
[+] Group : YOGYACARDERLINK
[+] Site : http://yogyacarderlink.web.id/
[+] Date : September, 03rd 2009 [INDONESIA]
*************************************************************************
–==[ Details ]==–
[+]

[Read All About This Article]

]]> http://www.vul.kr/joomla-component-com_gameserver-1-0-id-sql-injection-vulnerability/feed 0 A killer Windows 7 bug? http://www.vul.kr/a-killer-windows-7-bug http://www.vul.kr/a-killer-windows-7-bug#comments Thu, 06 Aug 2009 01:38:26 +0000 admin http://www.vul.kr/?p=986 The blogosphere is abuzz over a newly publicized bug in Windows 7. I read about it yesterday on Chris123NT’s blog, where it was described as a “critical bug in Windows 7 RTM.” The story picked up momentum today when InfoWorld’s Randall Kennedy (the man behind the “Save XP” Astroturf campaign) published a sensational polemic: “Critical Windows 7 bug risks derailing product launch.” Tom Warren at Neowin called it “rather nasty” but sensibly concluded that it’s far from a

[Read All About This Article]

]]> The blogosphere is abuzz over a newly publicized bug in Windows 7. I read about it yesterday on Chris123NT’s blog, where it was described as a “critical bug in Windows 7 RTM.” The story picked up momentum today when InfoWorld’s Randall Kennedy (the man behind the “Save XP” Astroturf campaign) published a sensational polemic: “Critical Windows 7 bug risks derailing product launch.” Tom Warren at Neowin called it “rather nasty” but sensibly concluded that it’s far from a

[Read All About This Article]

]]> http://www.vul.kr/a-killer-windows-7-bug/feed 0 Not only the iPhone: there are serious loopholes in mobile phone SMS http://www.vul.kr/not-only-the-iphone-there-are-serious-loopholes-in-mobile-phone-sms http://www.vul.kr/not-only-the-iphone-there-are-serious-loopholes-in-mobile-phone-sms#comments Sun, 02 Aug 2009 09:10:39 +0000 admin http://www.vul.kr/?p=911 Recently held in Las Vegas Black Hat security conference (Black Hat security conference), there are researchers on how the model through a simple SMS, will be able to control the mobile phone they want to control from eavesdropping or theft of data. IPhone as a result mainly of a demonstration to the outside world that the iPhone will only affect users, but in fact quite a number of smartphone platforms, including Android and Windows Mobile, the SMS has the same flaw. The incident has aroused

[Read All About This Article]

]]> Recently held in Las Vegas Black Hat security conference (Black Hat security conference), there are researchers on how the model through a simple SMS, will be able to control the mobile phone they want to control from eavesdropping or theft of data. IPhone as a result mainly of a demonstration to the outside world that the iPhone will only affect users, but in fact quite a number of smartphone platforms, including Android and Windows Mobile, the SMS has the same flaw. The incident has aroused

[Read All About This Article]

]]> http://www.vul.kr/not-only-the-iphone-there-are-serious-loopholes-in-mobile-phone-sms/feed 0 Wordpress 0day Once More http://www.vul.kr/wordpress-0day-once-more http://www.vul.kr/wordpress-0day-once-more#comments Fri, 31 Jul 2009 08:16:29 +0000 admin http://www.vul.kr/?p=870 Today,i get a paper from milw0rm.com,which was written by ZFO team.I saw most contet of it and found wordpress was hacked of the lastest version. And also found that Securityfous own this wordpress 0day but not published.In my opinion , ZFO underground team also owns this 0day.
We don’t know what is wordpress 0day is,sqlinjection?remote command execution?Remote file inclusion or Xss.
But it seems to me that hackers can get webshell easily by this 0day.So please update your

[Read All About This Article]

]]> Today,i get a paper from milw0rm.com,which was written by ZFO team.I saw most contet of it and found wordpress was hacked of the lastest version. And also found that Securityfous own this wordpress 0day but not published.In my opinion , ZFO underground team also owns this 0day.
We don’t know what is wordpress 0day is,sqlinjection?remote command execution?Remote file inclusion or Xss.
But it seems to me that hackers can get webshell easily by this 0day.So please update your

[Read All About This Article]

]]> http://www.vul.kr/wordpress-0day-once-more/feed 0