http://www.secuobs.com Observatoire de la securite Internet fr webmaster@secuobs.com 2010-03-13 21:50:13 - Exploit DB updates : http://www.secuobs.com/revue/news/201403.shtmlhttp://www.secuobs.com/revue/news/201403.shtml 2010-03-13 21:50:13 - Exploit DB updates : http://www.secuobs.com/revue/news/201402.shtmlhttp://www.secuobs.com/revue/news/201402.shtml 2010-03-13 08:48:43 - Exploit DB updates : http://www.secuobs.com/revue/news/201324.shtmlhttp://www.secuobs.com/revue/news/201324.shtml 2010-03-13 08:03:13 - Exploit DB updates : http://www.secuobs.com/revue/news/201319.shtmlhttp://www.secuobs.com/revue/news/201319.shtml 2010-03-13 08:03:13 - Exploit DB updates : http://www.secuobs.com/revue/news/201318.shtmlhttp://www.secuobs.com/revue/news/201318.shtml 2010-03-12 22:09:40 - What's New Cenzic Security Blog : Weekly product update Cenzic detects an Apache Denial of Service Vulnerability As of March 12, 2010 Cenzic now detects an Apache mod_proxy_ajp Module Incoming Request Body Denial Of Service Vulnerability BugtraqID 38491 Successful exploits may allow remote attackers to cause denial-of-service conditions Background on Cenzic s SmartAttacks Every week, Cenzic s suite of products is updated with the latest vulnerabilities custom, commercial, and open-source to better detect holes in Web applications These Web application vulnerabilities include but not limited to cross site scripting, buffer overflow, path or directory traversal, SQL injection, HTTP response splitting, and other workflow types by Erin Swanson Eswanson cenziccom See Also Apache mod_proxy_ajp Module Incoming Request Body Denial Of Service Vulnerability Learn more about this vulnerability on Security Focus http://www.secuobs.com/revue/news/201216.shtmlhttp://www.secuobs.com/revue/news/201216.shtml 2010-03-12 21:36:44 - Exploit DB updates : http://www.secuobs.com/revue/news/201209.shtmlhttp://www.secuobs.com/revue/news/201209.shtml 2010-03-12 19:56:55 - Exploit DB updates : http://www.secuobs.com/revue/news/201180.shtmlhttp://www.secuobs.com/revue/news/201180.shtml 2010-03-12 17:07:43 - SearchSecurity Security Wire Daily News : Jeremiah Grossman told RSA Conference 2010 attendees that a successful defense against Web-based flaws requires both a secure browser and a secure website infrastructure IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/201125.shtmlhttp://www.secuobs.com/revue/news/201125.shtml 2010-03-12 13:57:28 - Exploit DB updates : http://www.secuobs.com/revue/news/201083.shtmlhttp://www.secuobs.com/revue/news/201083.shtml 2010-03-12 13:57:28 - Exploit DB updates : http://www.secuobs.com/revue/news/201082.shtmlhttp://www.secuobs.com/revue/news/201082.shtml 2010-03-12 13:57:28 - Exploit DB updates : http://www.secuobs.com/revue/news/201081.shtmlhttp://www.secuobs.com/revue/news/201081.shtml 2010-03-12 08:11:00 - HolisticInfoSec.org : As I was last year, I am again pleased to report that the vulnerabilities I've been happily and responsibly disclosing and posting have resulted in 6th place on the list of Top Vulnerability Discoverers of 2009 Thanks to Scott Moore of the IBM ISS Frequency X Blog who compiled the list for 2009 I remain both pleased and disconcerted to find myself on this list and wish to convey a few thoughts on the subject 1 First, a reminder that my work has focused entirely on vulnerable web apps and pales in comparison to the likes of others named on both the all-time list and the list for 2009 Congratulations and well done to you all 2 My efforts resulted in what the Frequency X post indicates is 48 unique web application vulnerabilities in 2009 This again serves as a stark reminder of what a challenged state of affairs the development process is for so many web application vendors May the SDL and its ilk prevail 3 I will continue my discovery and reporting efforts with the intention of somehow making a dent in the statistics unrealistic, I know I focused heavily on cross-site request forgery CSRF issues in 2009 and was not surprised to find that the average number of days for CSRF vulnerabilities to be resolved increased by 37 days to 93 days The above figure can be found on page 7 of the 8th Edition of WhiteHat's Website Security Statistics Report I believe, as the report states, that much of the reason CSRF issues linger unabated is that no one at the organization knows about, understands, or respects the issue I can tell you from personal experience, I heard this many times in 2009 It should therefore surprise no one that CSRF is number four on the 2010 CWE SANS Top 25 Most Dangerous Programming Errors Hopefully, each application discovered and reported as vulnerable to this issue leads to a downward statistical trend in the likes of the WhiteHat report I look forward to continued discussions of these issues with you, dear readers, and hope we can make a difference Cheers delicious digg Submit to Slashdot http://www.secuobs.com/revue/news/201018.shtmlhttp://www.secuobs.com/revue/news/201018.shtml 2010-03-12 04:30:08 - the electric stranger : This was getting some discussion on teh twitter today, but the list of affected VPN vendors was substantial enough, you might want peek at your own configs The hyperbole might not yet be warranted, but it might be worth a peek under your hood The description of the vuln implies potentially that some VPN vendors default http://www.secuobs.com/revue/news/200991.shtmlhttp://www.secuobs.com/revue/news/200991.shtml 2010-03-12 03:00:27 - Exploit DB updates : http://www.secuobs.com/revue/news/200959.shtmlhttp://www.secuobs.com/revue/news/200959.shtml 2010-03-12 03:00:27 - Exploit DB updates : http://www.secuobs.com/revue/news/200958.shtmlhttp://www.secuobs.com/revue/news/200958.shtml 2010-03-12 03:00:27 - Exploit DB updates : http://www.secuobs.com/revue/news/200956.shtmlhttp://www.secuobs.com/revue/news/200956.shtml 2010-03-12 02:34:25 - iDefense Public Vulnerability Disclosures : http://www.secuobs.com/revue/news/200954.shtmlhttp://www.secuobs.com/revue/news/200954.shtml 2010-03-12 01:49:48 - Exploit DB updates : http://www.secuobs.com/revue/news/200946.shtmlhttp://www.secuobs.com/revue/news/200946.shtml 2010-03-12 01:30:29 - Praetorian Prefect : We posted an aside yesterday referencing Microsoft's recent blog post for new security advisory 981374 referencing a new zero day vulnerability in Internet Explorer versions 6 and 7 New details have emerged since, and the exploit has moved from being what was described as part of limited targeted attacks to being widely accessible and available as a new module for the Metasploit framework http://www.secuobs.com/revue/news/200941.shtmlhttp://www.secuobs.com/revue/news/200941.shtml 2010-03-12 00:51:57 - Dan Griffin's Blog : If you re running Win 7, you re okay If you re running IE8 on a previous version of Window, you re okay Otherwise, I recommend using Microsoft s Fix it link for enabling Data Execution Prevention DEP in Internet Explorer choose the one on the left until a patch is released More info can be found here http://www.secuobs.com/revue/news/200916.shtmlhttp://www.secuobs.com/revue/news/200916.shtml 2010-03-11 23:01:44 - The Tech Herald Security News : For the first time in almost two years, Microsoft didn t include a patch rated critical in their monthly security updates The two that were released Tuesday, both rated important, were overshadowed by an Internet Explorer vulnerability that is being exploited online, and recently had exploit code published Patches On Tuesday, Microsoft released two bulletins that addressed eight vulnerabilities in Windows Movie Maker and Microsoft Producer 2003, as well as Excel http://www.secuobs.com/revue/news/200849.shtmlhttp://www.secuobs.com/revue/news/200849.shtml 2010-03-11 23:01:33 - The HP Security Laboratory Blog : HP and Fortify Colloborate on Static Analysis SAST Dynamic Analysis DAST HP and Fortify Software recently announced a joint collaboration that will help customers more efficiently manage and reduce critical security vulnerabilities across the read more IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/200848.shtmlhttp://www.secuobs.com/revue/news/200848.shtml 2010-03-11 20:59:16 - Exploit DB updates : http://www.secuobs.com/revue/news/200800.shtmlhttp://www.secuobs.com/revue/news/200800.shtml 2010-03-11 20:59:16 - Exploit DB updates : http://www.secuobs.com/revue/news/200799.shtmlhttp://www.secuobs.com/revue/news/200799.shtml 2010-03-11 13:59:42 - Exploit DB updates : http://www.secuobs.com/revue/news/200662.shtmlhttp://www.secuobs.com/revue/news/200662.shtml 2010-03-11 13:59:42 - Exploit DB updates : http://www.secuobs.com/revue/news/200659.shtmlhttp://www.secuobs.com/revue/news/200659.shtml 2010-03-11 00:34:49 - Salvatore Fresta : An ultra lightweight webserver with a very small memory usage http://www.secuobs.com/revue/news/200456.shtmlhttp://www.secuobs.com/revue/news/200456.shtml 2010-03-10 20:01:05 - Exploit DB updates : http://www.secuobs.com/revue/news/200345.shtmlhttp://www.secuobs.com/revue/news/200345.shtml 2010-03-10 20:01:05 - Exploit DB updates : http://www.secuobs.com/revue/news/200344.shtmlhttp://www.secuobs.com/revue/news/200344.shtml 2010-03-10 18:58:11 - Exploit DB updates : http://www.secuobs.com/revue/news/200322.shtmlhttp://www.secuobs.com/revue/news/200322.shtml 2010-03-10 14:09:23 - Exploit DB updates : http://www.secuobs.com/revue/news/200194.shtmlhttp://www.secuobs.com/revue/news/200194.shtml 2010-03-10 14:09:23 - Exploit DB updates : http://www.secuobs.com/revue/news/200193.shtmlhttp://www.secuobs.com/revue/news/200193.shtml 2010-03-10 14:09:23 - Exploit DB updates : http://www.secuobs.com/revue/news/200192.shtmlhttp://www.secuobs.com/revue/news/200192.shtml 2010-03-10 10:19:04 - iDefense Public Vulnerability Disclosures : http://www.secuobs.com/revue/news/200154.shtmlhttp://www.secuobs.com/revue/news/200154.shtml 2010-03-10 10:19:04 - iDefense Public Vulnerability Disclosures : http://www.secuobs.com/revue/news/200153.shtmlhttp://www.secuobs.com/revue/news/200153.shtml 2010-03-10 10:19:04 - iDefense Public Vulnerability Disclosures : http://www.secuobs.com/revue/news/200152.shtmlhttp://www.secuobs.com/revue/news/200152.shtml 2010-03-10 09:22:20 - iDefense Public Vulnerability Disclosures : http://www.secuobs.com/revue/news/200147.shtmlhttp://www.secuobs.com/revue/news/200147.shtml 2010-03-10 06:20:08 - SANS Internet Storm Center InfoCON green : Several readers have pointed us towards this advisory This Microsoft advisory outlines a vuln more http://www.secuobs.com/revue/news/200121.shtmlhttp://www.secuobs.com/revue/news/200121.shtml 2010-03-10 02:45:50 - SophosLabs blog : This patch Tuesday had been quiet, perhaps too quiet It turns out there is also a new advisory for Internet Explorer For a more complete list, please see the SophosLabs Vulnerability Analysis page http://www.secuobs.com/revue/news/200080.shtmlhttp://www.secuobs.com/revue/news/200080.shtml 2010-03-10 00:46:32 - Packet Storm Security Headlines : http://www.secuobs.com/revue/news/200022.shtmlhttp://www.secuobs.com/revue/news/200022.shtml 2010-03-09 23:32:10 - SearchSecurity Security Wire Daily News : Two bulletins address eight vulnerabilities in Microsoft Windows and Office Internet Explorer advisory warns of new zero-day vulnerability being used in targeted attacks IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/199964.shtmlhttp://www.secuobs.com/revue/news/199964.shtml 2010-03-09 23:26:58 - 4sysops : Serious Apache vulnerability disclosed Sysinternals updates AdExplorer v13, VMMap v26, Disk2vhd v15, LiveKd v314, Sigcheck v166 Copyright 2006-2010, 4sysops, Digital fingerprint 3db371642e7c3f4fe3ee9d5cf7666eb0 http://www.secuobs.com/revue/news/199954.shtmlhttp://www.secuobs.com/revue/news/199954.shtml 2010-03-09 23:20:13 - Optimal Security : Today s Patch Tuesday release is being overshadowed by a new zero-day vulnerability in Internet Explorer that can allow remote code execution The exploit reportedly is currently being used in targeted attacks in the wild It was reported today in an advisory by Microsoft - the same day they released the monthly patches for March 2010 From http://www.secuobs.com/revue/news/199951.shtmlhttp://www.secuobs.com/revue/news/199951.shtml 2010-03-09 23:01:41 - Exploit DB updates : http://www.secuobs.com/revue/news/199941.shtmlhttp://www.secuobs.com/revue/news/199941.shtml 2010-03-09 23:01:41 - Exploit DB updates : http://www.secuobs.com/revue/news/199940.shtmlhttp://www.secuobs.com/revue/news/199940.shtml 2010-03-09 21:21:20 - Microsoft Security Bulletins : Bulletin Severity Rating Important - This security update addresses a privately reported vulnerability in Windows Movie Maker and Microsoft Producer 2003 Windows Live Movie Maker, which is available for Windows Vista and Windows 7, is not affected by this vulnerability The vulnerability could allow remote code execution if an attacker sent a specially crafted Movie Maker or Microsoft Producer project file and persuaded the user to open the specially crafted file Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights http://www.secuobs.com/revue/news/199889.shtmlhttp://www.secuobs.com/revue/news/199889.shtml 2010-03-09 19:18:01 - Exploit DB updates : http://www.secuobs.com/revue/news/199847.shtmlhttp://www.secuobs.com/revue/news/199847.shtml 2010-03-09 19:18:01 - Exploit DB updates : http://www.secuobs.com/revue/news/199842.shtmlhttp://www.secuobs.com/revue/news/199842.shtml 2010-03-09 18:52:36 - Packet Storm Security Headlines : http://www.secuobs.com/revue/news/199833.shtmlhttp://www.secuobs.com/revue/news/199833.shtml 2010-03-09 15:17:03 - News : Opera Software will soon patch a vulnerability in its Web browser that could allow an attacker to run malicious software on a Windows computer IMAGE http://www.secuobs.com/revue/news/199734.shtmlhttp://www.secuobs.com/revue/news/199734.shtml 2010-03-09 15:16:32 - Help Net Security News : A highly critical buffer overflow vulnerability affecting the Opera browser has been discovered by Marcin Ressel of Secunia The vulnerability is caused due to an error when processing HTTP respons http://www.secuobs.com/revue/news/199732.shtmlhttp://www.secuobs.com/revue/news/199732.shtml 2010-03-09 10:53:57 - Rootsecure.net : Secunia Opera Content-Length Processing Buffer Overflow Vulnerability http://www.secuobs.com/revue/news/199677.shtmlhttp://www.secuobs.com/revue/news/199677.shtml 2010-03-09 09:04:42 - Microsoft Malware Protection Center : While recently analyzing a malicious PDF file, I noticed a vulnerability exploited by the sample which I've never encountered before After a bit of research I came to the conclusion that this specific sample exploited CVE-2010-0188 This is a fresh vulnerability, information about which was just published this February It is described as possibly leading to arbitrary code execution, which is exactly what s happeningWhen the PDF file is loaded, Adobe Reader opens and then closes, while an executable file named aexe is dropped directly onto the C drive The dropped executable, which is actually embedded into the PDF file, tries to connect to a biz registered domain to download other files JavaScript is again used to successfully exploit this vulnerability, so disabling it for unknown documents might be a good idea We currently detect the malicious file as Exploit Win32 PidiefAX SHA1 908ae499a474e3006253417c658e055a633e75a1 and the dropped malware as TrojanDownloader Win32 QaantizAFortunately Adobe has released an update to address the vulnerability which is offered automatically to all users Read Adobe's security bulletin here and upgrade to the latest version of Adobe Reader and Acrobat Users can pull down the 'help' menu and click on 'check for updates' to ensure that they're running the latest versionAs good practice, we advise every user to always update their programs as well as their operating system We also advise users not to open files whose origins they don't trustMarian Radu MMPC Dublin IMAGE http://www.secuobs.com/revue/news/199666.shtmlhttp://www.secuobs.com/revue/news/199666.shtml 2010-03-09 04:25:11 - Exploit DB updates : http://www.secuobs.com/revue/news/199616.shtmlhttp://www.secuobs.com/revue/news/199616.shtml 2010-03-09 00:40:36 - securitystream.info : Apache's HTTP web server has a flaw that enables remote server access and total control of a database, according to a security researcher Read the full article ZDNet Australia Shorten URL http threatpostcom en_us 3eJ Click to copy to clipboard or post to Twitter ZeroClipboardsetMoviePath 'http threatpostcom sites all modules threatpost_tweaks ZeroClipboardswf' var clip new ZeroClipboardClient clipsetHandCursor true clipsetText 'http threatpostcom en_us 3eJ' clipglue 'short_url_link' , 'short_url_cont' Related posts 1 Proxy Server Fix in Latest Apache Update 2 BIND Name Server Gets Patched Update 3 Adobe Patches Critical Flash Media Server Flaws http://www.secuobs.com/revue/news/199550.shtmlhttp://www.secuobs.com/revue/news/199550.shtml 2010-03-09 00:19:48 - Help Net Security News : A serious vulnerability in Apache's HTTP web server that enables the attacker to gain remote access to the server and total control of a database, has been discovered by Brett Gervasoni, a researcher http://www.secuobs.com/revue/news/199527.shtmlhttp://www.secuobs.com/revue/news/199527.shtml 2010-03-08 20:32:05 - Exploit DB updates : http://www.secuobs.com/revue/news/199421.shtmlhttp://www.secuobs.com/revue/news/199421.shtml 2010-03-08 20:32:05 - Exploit DB updates : http://www.secuobs.com/revue/news/199420.shtmlhttp://www.secuobs.com/revue/news/199420.shtml 2010-03-08 14:59:06 - Infosecurity.US : News, via The Register s highly respected US based correspondent - Dan Goodin, of severe vulnerabilities extant in the widely deployed Open Source Software OpenSSL secure tunneling interface University of Michigan computer scientists have cracked the public key cryptologic underpinnings of the product The fix entails properly salting the internal error checking subsystem More information inclusive Related Posts 1 OpenSSL Plugs DoS Flaws 2 FreeBSD Releases OpenSSL Security Advisory 3 OpenSuSE Security Advisement OpenSSL Certificate Verification Problem 4 Google Releases Public DNS, Touts Security, Speed, Reliability 5 12th IACR International Workshop on Practice and Theory in Public Key Cryptography http://www.secuobs.com/revue/news/199335.shtmlhttp://www.secuobs.com/revue/news/199335.shtml 2010-03-07 17:15:44 - Exploit DB updates : http://www.secuobs.com/revue/news/199146.shtmlhttp://www.secuobs.com/revue/news/199146.shtml 2010-03-07 16:41:38 - MX Logic Security News : Microsoft confirmed reports recently of a new web security vulnerability for users running Internet Explorer on Windows XP This is the third such hole reported to Microsoft so far in 2010 Earlier in the year, Microsoft addressed an issue presented to them following the highly publicized attack on Google Days later, at the Black Hat DC Conference in Washington, DC, a web security professional showed the company another flaw The company addressed the first two holes by issuing security updates, and it is reportedly investigating the latest breach Microsoft is investigating new public claims of a vulnerability involving the use of VBScript and Windows Help files within Internet Explorer, Jerry Bryant of Microsoft told Computer World The current state of our investigations shows that Windows Vista, Windows 7, Windows Server 2008 and Windows Server 2008 R2 are not affected Cyber criminals exploit the hole to upload malware onto users' hard drives Making the matter even more pressing for the company is the potential volume of exploitation Net Applications reported in February that Internet Explorer is the most widely used web browser in the worldADNFCR-1765-ID-19645676-ADNFCR http://www.secuobs.com/revue/news/199121.shtmlhttp://www.secuobs.com/revue/news/199121.shtml 2010-03-07 00:56:20 - Exploit DB updates : http://www.secuobs.com/revue/news/199038.shtmlhttp://www.secuobs.com/revue/news/199038.shtml 2010-03-06 16:19:26 - Exploit DB updates : http://www.secuobs.com/revue/news/198979.shtmlhttp://www.secuobs.com/revue/news/198979.shtml 2010-03-06 14:00:48 - Secumania Security Group Feeds : First remote code execution vulnerability affecting Microsoft Notepadvia innocent TXT documents Read the details http://www.secuobs.com/revue/news/198956.shtmlhttp://www.secuobs.com/revue/news/198956.shtml 2010-03-05 19:47:24 - What's New Cenzic Security Blog : Weekly product update Cenzic detects a PHP Validation Restriction-Bypass Vulnerability As of February 26, 2010 Cenzic now detects a PHP 'tempnam ' 'safe_mode' Validation Restriction-Bypass Vulnerability BugtraqID 38431 Successful exploits allow attackersto access files in unauthorized locations or create files in any writable directory This vulnerability is an issue in shared-hosting configurations where multiple users can create and execute arbitrary PHP script code the 'safe_mode' restrictions are assumed to isolate users from each other PHP 5212 and prior versions are affected Background on Cenzic s SmartAttacks Every week, Cenzic s suite of products is updated with the latest vulnerabilities custom, commercial, and open-source to better detect holes in Web applications These Web application vulnerabilities include but not limited to cross site scripting, buffer overflow, path or directory traversal, SQL injection, HTTP response splitting, and other workflow types by Erin Swanson Eswanson cenziccom See Also PHP Validation Restriction-Bypass Vulnerability Learn more about this vulnerability on Security Focus http://www.secuobs.com/revue/news/198743.shtmlhttp://www.secuobs.com/revue/news/198743.shtml 2010-03-05 18:17:17 - Exploit DB updates : http://www.secuobs.com/revue/news/198712.shtmlhttp://www.secuobs.com/revue/news/198712.shtml 2010-03-05 17:48:36 - SANS Internet Storm Center InfoCON green : Several mailing lists and readers Juha-Matti are reporting publicly available exploits for Opera 1 more http://www.secuobs.com/revue/news/198703.shtmlhttp://www.secuobs.com/revue/news/198703.shtml 2010-03-05 17:34:54 - Tenable Network Security : What Am I Doing Wrong I am often asked, What am I doing wrong in regard to security This question is usually in reaction to some event, such as a failed audit, a network outage as a result of malware http://www.secuobs.com/revue/news/198693.shtmlhttp://www.secuobs.com/revue/news/198693.shtml 2010-03-05 15:50:35 - Exploit DB updates : http://www.secuobs.com/revue/news/198673.shtmlhttp://www.secuobs.com/revue/news/198673.shtml 2010-03-05 13:46:48 - Exploit DB updates : http://www.secuobs.com/revue/news/198645.shtmlhttp://www.secuobs.com/revue/news/198645.shtml 2010-03-05 12:02:46 - Roger Halbheer on Security : Our security team just published an excellent post with a lot more details on the vulnerability we patched You should definitely read it http blogstechnetcom swi archive 2008 10 23 More-detail-about-MS08-067aspx Roger http://www.secuobs.com/revue/news/198512.shtmlhttp://www.secuobs.com/revue/news/198512.shtml 2010-03-05 12:02:46 - Roger Halbheer on Security : You might know Jeff Jones' work on the different vulnerability reports comparing different products and vendors Our goal is to understand and measure our progress and see where we stand with regards to the industry Today, Jeff release his OS Desktop vulnerability report for H1 2008, which shows to me some interesting results One is if you look at the Days of Risk say on average after disclosure how many days did it take a vendor to fix a vulnerability He weighted them as well based on whether they are critical or important or low Secondly he shows the number of vulnerabilities of all the vendors he is looking at And last but definitely not least he compares the different OSs There is one other interesting finding 25pourcents of the vulnerabilities are shared by more than one vendor So, if you want to download the report, here you find Jeff's post http blogstechnetcom security archive 2008 10 28 download-h1-2008-desktop-vuln-reportaspx Roger http://www.secuobs.com/revue/news/198509.shtmlhttp://www.secuobs.com/revue/news/198509.shtml 2010-03-05 12:02:46 - Roger Halbheer on Security : You know that I rarely blog on Advisories we publish unless they are heavily critical I just want to make sure that you have seen this MSRC the Microsoft Security Response Center constantly updates this advisory with workarounds Please take this very, very serious Microsoft Security Advisory 961051 Details on updates by MSRC Details from Security Vulnerability Research Defense Limited Exploitation of Microsoft Security Advisory 961051 Microsoft Malware Protection Center Roger http://www.secuobs.com/revue/news/198477.shtmlhttp://www.secuobs.com/revue/news/198477.shtml 2010-03-05 12:02:46 - Roger Halbheer on Security : Just as a short notice We just started to communicate that we will release a security update for the Internet Explorer vulnerability At the moment, the update is schedule to be released approx 10 00 am PST 19 00 CET tomorrow Have a look at the Advanced Notification which you can find here http wwwmicrosoftcom technet security bulletin ms08-decmspx Please start immediately with the preparation of the distribution of the update as well start to prepare for your internal risk assessment tomorrow evening Roger http://www.secuobs.com/revue/news/198474.shtmlhttp://www.secuobs.com/revue/news/198474.shtml 2010-03-05 12:02:46 - Roger Halbheer on Security : It is always interesting how some things spin off The claimed UAC vulnerability in Windows 7 in one of those events There are numerous blogs which claim that they found a huge vulnerability in Windows 7 The reason for that is that you can change the settings for UAC without getting a UAC prompt Let s have a look at it A lot of people complained about UAC in Windows Vista I guess you remember I heard all these statements I do not want to get all the UAC elevation prompt just because I change my Windows settings We heard you loud an clear So, we decided to do what you asked us Not show you an elevation prompt when you change settings in Windows So the default configuration in Windows 7 looks as shown below 2009,02,03pourcents20-pourcents20UACpourcents201 1 And guess what We do not notify you when you make changes to Windows settings UAC being one of those However, if you want to go further and put the slider up one level to Always notify , the same screen looks slightly different 2009,02,03pourcents20-pourcents20UACpourcents202 1 And again, guess what We notify you when you make changes to the Windows settings UAC being one of those So, basically to give you my view We did, what you asked us to do Reduce the number of UAC prompts especially when you change your Windows settings We do what the prompt tells you we are doing In my opinion, this is not a vulnerability We can debate now, when we should generally show a UAC prompt but this is a completely different debate than to claim this being a vulnerability And if you come to me now and say that we should show more UAC prompts, please carefully reconsider your statement before you comment and think about all the Windows Vista discussions BTW I am a big fan and supporter of UAC and think that the team did an outstanding job already in Windows Vista Roger http://www.secuobs.com/revue/news/198455.shtmlhttp://www.secuobs.com/revue/news/198455.shtml 2010-03-05 02:31:39 - iDefense Public Vulnerability Disclosures : http://www.secuobs.com/revue/news/198218.shtmlhttp://www.secuobs.com/revue/news/198218.shtml 2010-03-04 17:08:07 - SearchSecurity Threat Monitor : In a recent US-CERT advisory, clientless SSL VPN vulnerabilities were listed as posing serious threats to Web browser security In this tip, learn possible actions to take for Web browser protection IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/198047.shtmlhttp://www.secuobs.com/revue/news/198047.shtml 2010-03-04 17:03:38 - PenTestIT : So you have a great collection of exploits, script s, etc but all of it is unorganised Vulnerability Manager will help you with them Vulnerability Manager is a web-based application to automate many of the functions of an application security program It has been brought to us by the Denim Group Vulnerability manager will help you with IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/198037.shtmlhttp://www.secuobs.com/revue/news/198037.shtml 2010-03-04 15:22:04 - Exploit DB updates : http://www.secuobs.com/revue/news/198019.shtmlhttp://www.secuobs.com/revue/news/198019.shtml 2010-03-03 22:23:32 - MadIrish.net : Drupal 6 contains a cross site scripting XSS vulnerability in the Profile module http wwwmadirishnet article 450 from rss http://www.secuobs.com/revue/news/197741.shtmlhttp://www.secuobs.com/revue/news/197741.shtml 2010-03-03 22:13:35 - Exploit DB updates : http://www.secuobs.com/revue/news/197736.shtmlhttp://www.secuobs.com/revue/news/197736.shtml 2010-03-03 22:13:35 - Exploit DB updates : http://www.secuobs.com/revue/news/197735.shtmlhttp://www.secuobs.com/revue/news/197735.shtml 2010-03-03 19:56:54 - Help Net Security Articles : At the RSA Conference 2010 Innovation Sandbox, we met up with Ron Porat, CEO of Hacktics and recorded a short podcast in which he introduces their flagship product Seeker Seeker is a web ap http://www.secuobs.com/revue/news/197694.shtmlhttp://www.secuobs.com/revue/news/197694.shtml 2010-03-03 19:56:45 - Help Net Security News : At the RSA Conference 2010 Innovation Sandbox, we met up with Ron Porat, CEO of Hacktics and recorded a short podcast in which he introduces their flagship product Seeker Seeker is a web ap http://www.secuobs.com/revue/news/197693.shtmlhttp://www.secuobs.com/revue/news/197693.shtml 2010-03-03 18:02:35 - Cisco Security AdvisoriesSearch Cisco : A vulnerability exists in the Cisco Digital Media Player that could allow an unauthenticated attacker to inject video or data content into a remote display IMAGE http://www.secuobs.com/revue/news/197649.shtmlhttp://www.secuobs.com/revue/news/197649.shtml 2010-03-02 20:31:18 - CGISecurity Website and Application Security News : A new update to the Watcher passive vulnerability detection and security testing tool has been released Watcher is an open source addon to the Fiddler Web proxy that aids developers, auditors, and penetration testers in finding Web-application security issues as well as hot-spots for deeper review - Casabasecurity The full announcement can http://www.secuobs.com/revue/news/197256.shtmlhttp://www.secuobs.com/revue/news/197256.shtml 2010-03-02 16:57:42 - TrendLabs Malware Blog by Trend Micro : Asking for help in Windows could lead to more trouble A newly discovered vulnerability in Internet Explorer IE leverages the ability of a Visual Basic script to invoke a HLP Windows Help file format file, which could give a remote attacker the ability to run arbitrary code on an affected system Visual Basic uses the following syntax Post from TrendLabs Malware Blog - by Trend Micro Calling Windows for Help May Lead to Vulnerability http://www.secuobs.com/revue/news/197162.shtmlhttp://www.secuobs.com/revue/news/197162.shtml 2010-03-02 16:20:48 - Exploit DB updates : http://www.secuobs.com/revue/news/197147.shtmlhttp://www.secuobs.com/revue/news/197147.shtml 2010-03-02 15:13:11 - Exploit DB updates : http://www.secuobs.com/revue/news/197126.shtmlhttp://www.secuobs.com/revue/news/197126.shtml 2010-03-02 15:13:11 - Exploit DB updates : http://www.secuobs.com/revue/news/197125.shtmlhttp://www.secuobs.com/revue/news/197125.shtml 2010-03-02 14:02:41 - Exploit DB updates : http://www.secuobs.com/revue/news/197108.shtmlhttp://www.secuobs.com/revue/news/197108.shtml 2010-03-02 09:16:17 - iDefense Public Vulnerability Disclosures : http://www.secuobs.com/revue/news/197044.shtmlhttp://www.secuobs.com/revue/news/197044.shtml 2010-03-02 03:13:53 - Security Research Defense : The MSRC Engineering team has been investigating reports of a vulnerability involving the use of VBScript and Windows Help files What is the impact and affected platforms Our investigation has determined that Windows 7, Windows Server 2008, and Windows Vista are not impacted Only Windows 2000 and Windows XP are impacted by default Windows 2003 Server is also impacted, but the issue is mitigated in the default configuration due to the presence of the Internet Explorer Enhanced Security Configuration With this issue, it is possible for a malicious web page to display a dialog box which will trigger the execution of arbitrary code when the user presses the F1 key The prompt can appear repeatedly when dismissed, nagging the user to press the F1 key Platforms are affected regardless of the Internet Explorer version installed How would a malicious user leverage this vulnerability Windows Help files are an inherently unsafe file format That means these files can run arbitrary code, thus the browser must prevent remote Windows Help files from executing automatically VBScript functionality available from within Internet Explorer exposes the MsgBox function, allowing script on a web page to display a message to the user The parameters supplied to the MsgBox function may reference an associated Window Help file, though this functionality is limited when VBScript is used within the browser Though user interaction is required the F1 keyboard shortcut does enable an attack scenario In the exploit, a file path enables a HLP file to be loaded from the local filesystem, SMB, or WebDav Workarounds As an interim workaround, users are advised to avoid pressing F1 on dialogs presented from web pages or other Internet content If a dialog box appears repeatedly in an attempt to convince the user to press F1, users may log off the system or use Task Manager to kill the Internet Explorer process It is also possible to use the following command line to lock down the legacy Windows Help system, preventing it from loading cacls pourcentswindirpourcents winhlp32exe E P everyone N Command line to roll back this change cacls pourcentswindirpourcents winhlp32exe E R everyone As this vulnerability is driven by scripting, the following standard workarounds apply as well Set Internet and Local intranet security zone settings to High to prompt before running ActiveX Controls and Active Scripting in these zones You can help protect against exploitation of this vulnerability by changing your settings for the Internet security zone to prompt before running ActiveX controls and Active Scripting You can do this by setting your browser security to High To raise the browsing security level in Internet Explorer, follow these steps 1 On the Internet Explorer Tools menu, click Internet Options 2 In the Internet Options dialog box, click the Security tab, and then click the Internet icon 3 Under Security level for this zone, move the slider to High This sets the security level for all Web sites you visit to High Note If no slider is visible, click Default Level, and then move the slider to High Note Setting the level to High may cause some Web sites to work incorrectly If you have difficulty using a Web site after you change this setting, and you are sure the site is safe to use, you can add that site to your list of trusted sites This will allow the site to work correctly even with the security setting set to High Impact of workaround There are side effects to prompting before running ActiveX Controls and Active Scripting Many Web sites that are on the Internet or on an intranet use ActiveX or Active Scripting to provide additional functionality For example, an online e-commerce site or banking site may use ActiveX Controls to provide menus, ordering forms, or even account statements Prompting before running ActiveX Controls or Active Scripting is a global setting that affects all Internet and intranet sites You will be prompted frequently when you enable this workaround For each prompt, if you feel you trust the site that you are visiting, click Yes to run ActiveX Controls or Active Scripting If you do not want to be prompted for all these sites, use the steps outlined in Add sites that you trust to the Internet Explorer Trusted sites zone Add sites that you trust to the Internet Explorer Trusted sites zone After you set Internet Explorer to require a prompt before it runs ActiveX controls and Active Scripting in the Internet zone and in the Local intranet zone, you can add sites that you trust to the Internet Explorer Trusted sites zone This will allow you to continue to use trusted Web sites exactly as you do today, while helping to protect you from this attack on untrusted sites We recommend that you add only sites that you trust to the Trusted sites zone To do this, follow these steps 1 In Internet Explorer, click Tools, click Internet Options, and then click the Security tab 2 In the Select a Web content zone to specify its current security settings box, click Trusted Sites, and then click Sites 3 If you want to add sites that do not require an encrypted channel, click to clear the Require server verification https for all sites in this zone check box 4 In the Add this Web site to the zone box, type the URL of a site that you trust, and then click Add 5 Repeat these steps for each site that you want to add to the zone 6 Click OK two times to accept the changes and return to Internet Explorer Note Add any sites that you trust not to take malicious action on your system Two in particular that you may want to add are windowsupdatemicrosoftcom and updatemicrosoftcom These are the sites that will host the update, and it requires an ActiveX Control to install the update Configure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and Local intranet security zone You can help protect against exploitation of this vulnerability by changing your settings to prompt before running Active Scripting or to disable Active Scripting in the Internet and Local intranet security zone To do this, follow these steps 1 In Internet Explorer, click Internet Options on the Tools menu 2 Click the Security tab 3 Click Internet, and then click Custom Level 4 Under Settings, in the Scripting section, under Active Scripting, click Prompt or Disable, and then click OK 5 Click Local intranet, and then click Custom Level 6 Under Settings, in the Scripting section, under Active Scripting, click Prompt or Disable, and then click OK 7 Click OK two times to return to Internet Explorer Note Disabling Active Scripting in the Internet and Local intranet security zones may cause some Web sites to work incorrectly If you have difficulty using a Web site after you change this setting, and you are sure the site is safe to use, you can add that site to your list of trusted sites This will allow the site to work correctly Impact of workaround There are side effects to prompting before running Active Scripting Many Web sites that are on the Internet or on an intranet use Active Scripting to provide additional functionality For example, an online e-commerce site or banking site may use Active Scripting to provide menus, ordering forms, or even account statements Prompting before running Active Scripting is a global setting that affects all Internet and intranet sites You will be prompted frequently when you enable this workaround For each prompt, if you feel you trust the site that you are visiting, click Yes to run Active Scripting If you do not want to be prompted for all these sites, use the steps outlined in Add sites that you trust to the Internet Explorer Trusted sites zone Add sites that you trust to the Internet Explorer Trusted sites zone After you set Internet Explorer to require a prompt before it runs ActiveX controls and Active Scripting in the Internet zone and in the Local intranet zone, you can add sites that you trust to the Internet Explorer Trusted sites zone This will allow you to continue to use trusted Web sites exactly as you do today, while helping to protect you from this attack on untrusted sites We recommend that you add only sites that you trust to the Trusted sites zone To do this, follow these steps 1 In Internet Explorer, click Tools, click Internet Options, and then click the Security tab 2 In the Select a Web content zone to specify its current security settings box, click Trusted Sites, and then click Sites 3 If you want to add sites that do not require an encrypted channel, click to clear the Require server verification https for all sites in this zone check box 4 In the Add this Web site to the zone box, type the URL of a site that you trust, and then click Add 5 Repeat these steps for each site that you want to add to the zone 6 Click OK two times to accept the changes and return to Internet Explorer Note Add any sites that you trust not to take malicious action on your system Two in particular that you may want to add are windowsupdatemicrosoftcom and updatemicrosoftcom These are the sites that will host the update, and it requires an ActiveX Control to install the update The Group Policy setting to Turn off displaying the Internet Explorer Help Menu under the Category Path Computer Configuration Administrative Template Windows Components Internet Explorer is not a sufficient mitigation for this issue Acknowledgements Thanks to Robert Hensing for his work on the issue -David Ross, MSRC Engineering IMAGE http://www.secuobs.com/revue/news/196973.shtmlhttp://www.secuobs.com/revue/news/196973.shtml 2010-03-02 01:52:33 - Symantec Security Response Podcasts : A Symantec Security Response podcast featuring two high profile zero day vulnerabilities affecting Microsoft and the Broadcom Wireless device driver set This podcast features a technical discussion of the vulnerabilities and offers listeners insight on likely attack scenarios and mitigating strategies http://www.secuobs.com/revue/news/196877.shtmlhttp://www.secuobs.com/revue/news/196877.shtml 2010-03-02 00:23:42 - Exploit DB updates : http://www.secuobs.com/revue/news/196798.shtmlhttp://www.secuobs.com/revue/news/196798.shtml 2010-03-01 22:47:54 - SearchSecurity Security Wire Daily News : The software giant says a new flaw in the browser could allow attacker to run arbitrary code IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/196747.shtmlhttp://www.secuobs.com/revue/news/196747.shtml 2010-03-01 22:42:59 - Help Net Security News : Qualys introduced Qualys GO SECURE a new service that allows businesses of all sizes to test their web sites for the presence of malware, network and web application vulnerabilities, as well as SS http://www.secuobs.com/revue/news/196737.shtmlhttp://www.secuobs.com/revue/news/196737.shtml 2010-03-01 20:34:44 - Rootsecure.net : Net Security Severe IE vulnerability threatens Windows XP users http://www.secuobs.com/revue/news/196680.shtmlhttp://www.secuobs.com/revue/news/196680.shtml 2010-03-01 17:10:27 - Zero Day : Microsoft's security response team is investigating reports of a potentially dangerous code execution vulnerability in its flagship Internet Explorer browser IMAGE http://www.secuobs.com/revue/news/196606.shtmlhttp://www.secuobs.com/revue/news/196606.shtml 2010-03-01 16:08:53 - Help Net Security News : News of a newly discovered bug in VBScript and Windows Help files in Internet Explorer that could allow a remote attacker to run an arbitrary command has reached Microsoft on Friday and they immediate http://www.secuobs.com/revue/news/196593.shtmlhttp://www.secuobs.com/revue/news/196593.shtml 2010-03-01 11:57:54 - Security Database Tools Watch : Security-Database IT Vulnerability Threats Dashboard allows readers and others security professionals to visualize in a granular manner the evolution of the attacks and the vulnerabilities list for each products We use the worldwide references as well as CVE, CVSS, OVAL and CWE which guaranty a trusty and real information that comply to the standards Changelog Fully migration from SDcon H,M,L to CVSS v20 C,H,M,L New color brown for Critical Vulnerabilities CVSS Calculator v20 - Security Tools Metrics, Vulnerability Management IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/196541.shtmlhttp://www.secuobs.com/revue/news/196541.shtml 2010-02-28 20:59:29 - Exploit DB updates : http://www.secuobs.com/revue/news/196399.shtmlhttp://www.secuobs.com/revue/news/196399.shtml 2010-02-28 16:35:16 - Exploit DB updates : http://www.secuobs.com/revue/news/196385.shtmlhttp://www.secuobs.com/revue/news/196385.shtml 2010-02-28 15:48:18 - Exploit DB updates : http://www.secuobs.com/revue/news/196371.shtmlhttp://www.secuobs.com/revue/news/196371.shtml 2010-02-28 15:48:18 - Exploit DB updates : http://www.secuobs.com/revue/news/196370.shtmlhttp://www.secuobs.com/revue/news/196370.shtml 2010-02-28 15:48:18 - Exploit DB updates : http://www.secuobs.com/revue/news/196369.shtmlhttp://www.secuobs.com/revue/news/196369.shtml 2010-02-28 08:00:24 - Exploit DB updates : http://www.secuobs.com/revue/news/196342.shtmlhttp://www.secuobs.com/revue/news/196342.shtml 2010-02-28 08:00:24 - Exploit DB updates : http://www.secuobs.com/revue/news/196341.shtmlhttp://www.secuobs.com/revue/news/196341.shtml 2010-02-28 00:47:33 - Exploit DB updates : http://www.secuobs.com/revue/news/196313.shtmlhttp://www.secuobs.com/revue/news/196313.shtml 2010-02-27 22:02:46 - Exploit DB updates : http://www.secuobs.com/revue/news/196300.shtmlhttp://www.secuobs.com/revue/news/196300.shtml 2010-02-27 16:14:11 - Exploit DB updates : http://www.secuobs.com/revue/news/196276.shtmlhttp://www.secuobs.com/revue/news/196276.shtml 2010-02-27 16:14:11 - Exploit DB updates : http://www.secuobs.com/revue/news/196273.shtmlhttp://www.secuobs.com/revue/news/196273.shtml 2010-02-27 15:37:17 - Security Database Tools Watch : SAINT is the Security Administrator's Integrated Network Tool It is used to non-intrusively detect security vulnerabilities on any remote target, including servers, workstations, networking devices, and other types of nodes It will also gather information such as operating system types and open ports The SAINT graphical user interface provides access to SAINT's data management, scan configuration, scan scheduling, and data analysis capabilities through a web browser Different aspects of - Security Tools Saint, Vulnerability Scanner, Penetration testing Ethical Hacking IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/196271.shtmlhttp://www.secuobs.com/revue/news/196271.shtml 2010-02-27 10:06:00 - Security Shell : It is possible to invoke winhlp32exe from Internet Explorer 8,7,6 using VBScript Passing malicious HLP file to winhlp32 could allow remote attacker to run arbitrary command Additionally, there is a stack overflow vulnerability in winhlp32exe Afected Software Windows XP SP3 More info http isecpl http://www.secuobs.com/revue/news/196237.shtmlhttp://www.secuobs.com/revue/news/196237.shtml 2010-02-27 08:07:35 - Exploit DB updates : http://www.secuobs.com/revue/news/196229.shtmlhttp://www.secuobs.com/revue/news/196229.shtml 2010-02-27 08:07:35 - Exploit DB updates : http://www.secuobs.com/revue/news/196228.shtmlhttp://www.secuobs.com/revue/news/196228.shtml 2010-02-27 08:07:35 - Exploit DB updates : http://www.secuobs.com/revue/news/196227.shtmlhttp://www.secuobs.com/revue/news/196227.shtml 2010-02-27 08:07:35 - Exploit DB updates : http://www.secuobs.com/revue/news/196226.shtmlhttp://www.secuobs.com/revue/news/196226.shtml 2010-02-27 08:07:35 - Exploit DB updates : http://www.secuobs.com/revue/news/196225.shtmlhttp://www.secuobs.com/revue/news/196225.shtml 2010-02-27 08:07:35 - Exploit DB updates : http://www.secuobs.com/revue/news/196224.shtmlhttp://www.secuobs.com/revue/news/196224.shtml 2010-02-26 22:37:49 - ICSA Labs What's New for Network IPS : The criteria document used in ICSA Labs network IPS testing refers to a vulnerability set That vulnerability set is updated about once every nine months Referred to as the baseline set, it was updated following research and published today It contains vulnerabilities through the end of Q3 2009 Because of that fact, one might surmise that all network IPS products should be able to provide coverage protection for the vulnerabilities in this set But do they ICSA Labs will test to confirm that this is the case Tested network IPS product must provide 100pourcents coverage protection for this baseline set of vulnerabilities Of course, product vendors can attempt to repair their network IPS should it not be able to initially provide coverage no product has ever made it through network IPS testing without having to repair its coverage protection While there are some client-side vulnerabilities in the baseline set, another strictly client-side set of vulnerabilities has also existed since the inception of this testing program Testing against that set is optional So far no vendor has been successfully tested against the optional, client-side set Drop me an e-mail if you have comments or questions IMAGE http://www.secuobs.com/revue/news/196063.shtmlhttp://www.secuobs.com/revue/news/196063.shtml 2010-02-26 20:58:56 - What's New Cenzic Security Blog : Weekly product update Cenzic detects a Sun Java System App Server HTTP TRACE Information Disclosure Vulnerability As of February 26, 2010 Cenzic now detects a Sun Java System App Server HTTP TRACE Information Disclosure Vulnerability BugtraqID 37995 The Sun Java System Application Server is prone to a remote information-disclosure vulnerability Attackers can exploit this issue to obtain potentially sensitive information that can aid in further attacks Background on Cenzic s SmartAttacks Every week, Cenzic s suite of products is updated with the latest vulnerabilities custom, commercial, and open-source to better detect holes in Web applications These Web application vulnerabilities include but not limited to cross site scripting, buffer overflow, path or directory traversal, SQL injection, HTTP response splitting, and other workflow types by Erin Swanson Eswanson cenziccom See Also Sun Java System App Server HTTP TRACE Information Disclosure Vulnerability Learn more about this vulnerability on Security Focus http://www.secuobs.com/revue/news/196021.shtmlhttp://www.secuobs.com/revue/news/196021.shtml 2010-02-26 19:31:57 - TripleCheck Consulting Blog : Web Application Vulnerability Scanning and Identification is a hot topic for many customers, and there a number of excellent products which can help with the identification process Larry Suto has produced the second of his independent evaluations of these products and posted the results In addition the guys over at NTO have posted their response to the report which identifies some interesting debates and responses from the vendors based on the results This kind of transparency on the effectiveness of these tools is excellent and really highlights the challenges that ALL web application vulnerability scanners have - especially those tools that can't automatically find the vulnerabilities in their own test sites http://www.secuobs.com/revue/news/195990.shtmlhttp://www.secuobs.com/revue/news/195990.shtml 2010-02-26 12:42:15 - Roer.com Information Security blog : IMAGE Claims made of a major vulnerability in the Microsoft Windows operating system have been refuted Jan Fry, head of PCI at ProCheckUp Labs, claimed that the findings by 2X Software, revealed exclusively by SC Magazine yesterday, were a 'little sensationalist' Yesterday, 2X Software said that with a simple piece of code, an operating system from Windows 7 Server 2008 versions to Windows 2000 Server 2003 could be crashed with malicious applications installed However Fry refuted this, saying that the claims indicate that code needs to be run for the vulnerability to be exploited, so an attacker cannot just send some malicious traffic to a Microsoft server and crash it Fry said First scenario, someone is emailed a malicious application They run it once and their machine crashes This person is particularly stupid, so after rebooting, they run the executable again and once again the machine crashes By now, even a potato would see the correlation and would stop running the executable Read the article img wwwmaximumpccom http://www.secuobs.com/revue/news/195894.shtmlhttp://www.secuobs.com/revue/news/195894.shtml 2010-02-26 00:16:54 - CERT Announcements : On February 1, 2010, CERT hosted a workshop with vulnerability researchers and software vendors to discuss ideas, tools, and techniques used to find vulnerabilities http://www.secuobs.com/revue/news/195722.shtmlhttp://www.secuobs.com/revue/news/195722.shtml 2010-02-25 16:58:35 - WindowSecurity.com : Acunetix Web Vulnerability Scanner was selected the winner in the Web Application Security category of the WindowSecuritycom Readers' Choice Awards Defiance Threat Management System and N-Stalker Web Application Security Scanner were runner-up and second runner-up respectively http://www.secuobs.com/revue/news/195572.shtmlhttp://www.secuobs.com/revue/news/195572.shtml 2010-02-25 16:04:14 - Exploit DB updates : http://www.secuobs.com/revue/news/195551.shtmlhttp://www.secuobs.com/revue/news/195551.shtml 2010-02-25 16:04:14 - Exploit DB updates : http://www.secuobs.com/revue/news/195550.shtmlhttp://www.secuobs.com/revue/news/195550.shtml 2010-02-25 16:04:14 - Exploit DB updates : http://www.secuobs.com/revue/news/195549.shtmlhttp://www.secuobs.com/revue/news/195549.shtml 2010-02-25 16:04:14 - Exploit DB updates : http://www.secuobs.com/revue/news/195548.shtmlhttp://www.secuobs.com/revue/news/195548.shtml 2010-02-25 14:04:59 - Rootsecure.net : Cisco Zine Four new Cisco vulnerability http://www.secuobs.com/revue/news/195519.shtmlhttp://www.secuobs.com/revue/news/195519.shtml 2010-02-25 00:25:59 - Exploit DB updates : http://www.secuobs.com/revue/news/195301.shtmlhttp://www.secuobs.com/revue/news/195301.shtml 2010-02-24 22:48:30 - iDefense Public Vulnerability Disclosures : http://www.secuobs.com/revue/news/195277.shtmlhttp://www.secuobs.com/revue/news/195277.shtml 2010-02-24 20:36:45 - Exploit DB updates : http://www.secuobs.com/revue/news/195214.shtmlhttp://www.secuobs.com/revue/news/195214.shtml 2010-02-24 19:25:38 - Exploit DB updates : http://www.secuobs.com/revue/news/195189.shtmlhttp://www.secuobs.com/revue/news/195189.shtml 2010-02-24 19:25:38 - Exploit DB updates : http://www.secuobs.com/revue/news/195186.shtmlhttp://www.secuobs.com/revue/news/195186.shtml 2010-02-24 19:25:38 - Exploit DB updates : http://www.secuobs.com/revue/news/195185.shtmlhttp://www.secuobs.com/revue/news/195185.shtml 2010-02-24 16:06:29 - Exploit DB updates : http://www.secuobs.com/revue/news/195088.shtmlhttp://www.secuobs.com/revue/news/195088.shtml 2010-02-24 16:06:29 - Exploit DB updates : http://www.secuobs.com/revue/news/195087.shtmlhttp://www.secuobs.com/revue/news/195087.shtml 2010-02-24 14:01:35 - Harmony Security Blog : http://www.secuobs.com/revue/news/195060.shtmlhttp://www.secuobs.com/revue/news/195060.shtml 2010-02-24 14:00:21 - Exploit DB updates : http://www.secuobs.com/revue/news/195059.shtmlhttp://www.secuobs.com/revue/news/195059.shtml 2010-02-24 14:00:21 - Exploit DB updates : http://www.secuobs.com/revue/news/195058.shtmlhttp://www.secuobs.com/revue/news/195058.shtml 2010-02-24 14:00:21 - Exploit DB updates : http://www.secuobs.com/revue/news/195057.shtmlhttp://www.secuobs.com/revue/news/195057.shtml 2010-02-24 14:00:21 - Exploit DB updates : http://www.secuobs.com/revue/news/195055.shtmlhttp://www.secuobs.com/revue/news/195055.shtml 2010-02-24 11:16:13 - Help Net Security News : A critical vulnerability has been identified in the Adobe Download Manager This vulnerability CVE-2010-0189 could potentially allow an attacker to download and install unauthorized software onto a http://www.secuobs.com/revue/news/195016.shtmlhttp://www.secuobs.com/revue/news/195016.shtml 2010-02-23 23:53:23 - Exploit DB updates : http://www.secuobs.com/revue/news/194862.shtmlhttp://www.secuobs.com/revue/news/194862.shtml 2010-02-23 22:56:24 - Exploit DB updates : http://www.secuobs.com/revue/news/194840.shtmlhttp://www.secuobs.com/revue/news/194840.shtml 2010-02-23 14:26:43 - Exploit DB updates : http://www.secuobs.com/revue/news/194612.shtmlhttp://www.secuobs.com/revue/news/194612.shtml 2010-02-23 14:26:43 - Exploit DB updates : http://www.secuobs.com/revue/news/194611.shtmlhttp://www.secuobs.com/revue/news/194611.shtml 2010-02-23 14:26:43 - Exploit DB updates : http://www.secuobs.com/revue/news/194608.shtmlhttp://www.secuobs.com/revue/news/194608.shtml 2010-02-23 14:26:43 - Exploit DB updates : http://www.secuobs.com/revue/news/194607.shtmlhttp://www.secuobs.com/revue/news/194607.shtml 2010-02-23 14:26:43 - Exploit DB updates : http://www.secuobs.com/revue/news/194606.shtmlhttp://www.secuobs.com/revue/news/194606.shtml 2010-02-23 10:54:00 - Latest Security Products entries at ESecurity Planet Product Guide : Web Application Vulnerabilities Scanner Feb 22, 2010 http://www.secuobs.com/revue/news/194569.shtmlhttp://www.secuobs.com/revue/news/194569.shtml 2010-02-23 10:54:00 - Latest Security Products entries at ESecurity Planet Product Guide : Database scan-database security assessment tool for security vulnerability and attacks and risk management Feb 22, 2010 http://www.secuobs.com/revue/news/194566.shtmlhttp://www.secuobs.com/revue/news/194566.shtml 2010-02-23 04:33:59 - Hack In The Box : Security expert and researcher Aviv Raff has discovered a serious security vulnerability in Adobeâ s Download Manager, which is capable of being exploited by hackers wanting to install and execute malicious content on the PC of a user The Adobe Download Manager is used to install updates for the Reader and Flash software using Internet Explorer web browser and the vulnerability poses a serious threat to the PCs of the millions of users that use Adobeâ s popular applications According the blog post made by the security researcher, the attack exploiting the vulnerability can be mounted with a combination of a defect in Adobeâ s website and the bug in the download manager Mr Raff was able to successfully exploit the vulnerability, install and execute his own version of Windows Calculator while giving a demonstration to The Register http://www.secuobs.com/revue/news/194474.shtmlhttp://www.secuobs.com/revue/news/194474.shtml 2010-02-22 15:09:25 - Infosecurity USA Latest News : Adobe continued to fight fires on the security front last week, as a researcher discovered a second flaw in its Adobe Download Manager software tool http://www.secuobs.com/revue/news/194152.shtmlhttp://www.secuobs.com/revue/news/194152.shtml 2010-02-22 14:19:58 - Exploit DB updates : http://www.secuobs.com/revue/news/194139.shtmlhttp://www.secuobs.com/revue/news/194139.shtml 2010-02-22 14:19:58 - Exploit DB updates : http://www.secuobs.com/revue/news/194138.shtmlhttp://www.secuobs.com/revue/news/194138.shtml 2010-02-22 14:19:58 - Exploit DB updates : http://www.secuobs.com/revue/news/194137.shtmlhttp://www.secuobs.com/revue/news/194137.shtml 2010-02-22 14:19:58 - Exploit DB updates : http://www.secuobs.com/revue/news/194134.shtmlhttp://www.secuobs.com/revue/news/194134.shtml 2010-02-22 14:19:58 - Exploit DB updates : http://www.secuobs.com/revue/news/194132.shtmlhttp://www.secuobs.com/revue/news/194132.shtml 2010-02-22 14:19:58 - Exploit DB updates : http://www.secuobs.com/revue/news/194130.shtmlhttp://www.secuobs.com/revue/news/194130.shtml 2010-02-22 13:28:19 - Exploit DB updates : http://www.secuobs.com/revue/news/194114.shtmlhttp://www.secuobs.com/revue/news/194114.shtml 2010-02-22 12:40:00 - The Grey Corner : http://www.secuobs.com/revue/news/194095.shtmlhttp://www.secuobs.com/revue/news/194095.shtml 2010-02-22 12:40:00 - The Grey Corner : http://www.secuobs.com/revue/news/194094.shtmlhttp://www.secuobs.com/revue/news/194094.shtml 2010-02-20 17:22:07 - Exploit DB updates : http://www.secuobs.com/revue/news/193816.shtmlhttp://www.secuobs.com/revue/news/193816.shtml 2010-02-20 16:33:53 - Exploit DB updates : http://www.secuobs.com/revue/news/193810.shtmlhttp://www.secuobs.com/revue/news/193810.shtml 2010-02-20 03:54:57 - What's New Cenzic Security Blog : Weekly product update Cenzic detects a Sun Java System Web Server Denial Of Service Vulnerability As of February 19, 2010 Cenzic now detects a Sun Java System Web Server 'admin' Server Denial of Service Vulnerability BugtraqID 37909 The Sun Java System Web Server is prone to a Denial Of Service Vulnerability An attacker can exploit this issue to crash the effected application, denying service to legitimate users Sun Java System Web Server 70 Update 6 is affected other versions may also be vulnerable Background on Cenzic s SmartAttacks Every week, Cenzic s suite of products is updated with the latest vulnerabilities custom, commercial, and open-source to better detect holes in Web applications These Web application vulnerabilities include but not limited to cross site scripting, buffer overflow, path or directory traversal, SQL injection, HTTP response splitting, and other workflow types by Erin Swanson Eswanson cenziccom See Also Sun Java System Web Server 'admin' Server Denial of Service Vulnerability Learn more about this vulnerability on Security Focus http://www.secuobs.com/revue/news/193733.shtmlhttp://www.secuobs.com/revue/news/193733.shtml 2010-02-19 23:27:48 - 4sysops : The Browser Choice Screen for Europe What to Expect, When to Expect It Full scale roll-out will begin around March 1 The other Microsoft ballot screen Coming to an Office 2010 SKU near you in Europe Critical unpatched Firefox vulnerability already some weeks old better use IE until a patch is available http://www.secuobs.com/revue/news/193683.shtmlhttp://www.secuobs.com/revue/news/193683.shtml 2010-02-19 19:47:43 - Exploit DB updates : http://www.secuobs.com/revue/news/193627.shtmlhttp://www.secuobs.com/revue/news/193627.shtml 2010-02-19 17:13:06 - Exploit DB updates : http://www.secuobs.com/revue/news/193574.shtmlhttp://www.secuobs.com/revue/news/193574.shtml 2010-02-19 17:13:06 - Exploit DB updates : http://www.secuobs.com/revue/news/193572.shtmlhttp://www.secuobs.com/revue/news/193572.shtml 2010-02-19 17:13:06 - Exploit DB updates : http://www.secuobs.com/revue/news/193571.shtmlhttp://www.secuobs.com/revue/news/193571.shtml 2010-02-19 16:20:50 - Voice of VOIPSA : Olle Johansson recently alerted us that there is a dialstring injection vulnerability in Asterisk As Olle notes in his post about the vulnerability, this is similar to a SQL injection attack against a database where there is not enough filtering being done on strings that are being input to the system Olle writes Many VoIP http://www.secuobs.com/revue/news/193559.shtmlhttp://www.secuobs.com/revue/news/193559.shtml 2010-02-19 13:45:25 - Exploit DB updates : http://www.secuobs.com/revue/news/193529.shtmlhttp://www.secuobs.com/revue/news/193529.shtml 2010-02-19 12:12:41 - Anti Spam Appliance UTM Wifi Security Vulnerability Scanning : To learn how to start a new vulnerability scan http wwwyoutubecom secpoint p u 12 a533G65Qn98wwwSecPointcom http://www.secuobs.com/revue/news/193502.shtmlhttp://www.secuobs.com/revue/news/193502.shtml 2010-02-19 10:58:27 - Security Bloggers Network : For almost the last 10 years now, I ve worked for companies that sell Vulnerability Assessment and Management products as part of their portfolio I m very familiar with most of the VM products out there and what their capabilities are SC Magazine recently did reviews on most of the major VM products This got me thinking about http://www.secuobs.com/revue/news/193487.shtmlhttp://www.secuobs.com/revue/news/193487.shtml 2010-02-18 20:43:39 - Rootsecure.net : eWeek Google Patches Buzz Security Vulnerability Google fixes a bug affecting the mobile version of Google Buzz that left users open to having their accounts hijacked http://www.secuobs.com/revue/news/193281.shtmlhttp://www.secuobs.com/revue/news/193281.shtml 2010-02-18 14:41:00 - Exploit DB updates : http://www.secuobs.com/revue/news/193153.shtmlhttp://www.secuobs.com/revue/news/193153.shtml 2010-02-18 13:33:41 - Exploit DB updates : http://www.secuobs.com/revue/news/193143.shtmlhttp://www.secuobs.com/revue/news/193143.shtml 2010-02-18 13:33:41 - Exploit DB updates : http://www.secuobs.com/revue/news/193142.shtmlhttp://www.secuobs.com/revue/news/193142.shtml 2010-02-17 22:08:02 - Exploit DB updates : http://www.secuobs.com/revue/news/192913.shtmlhttp://www.secuobs.com/revue/news/192913.shtml 2010-02-17 20:51:42 - MSI State of Security : Much media attention has been focused on the recent Internet Explorer vulnerabilities and the attacks and compromises of several large companies Rumors are flying fast and furious around the Internet Come learn about the technical exposures of these vulnerabilities, the suggest options for protection of your organization, and a discussion about what your peers are http://www.secuobs.com/revue/news/192860.shtmlhttp://www.secuobs.com/revue/news/192860.shtml 2010-02-17 20:51:42 - MSI State of Security : If you were unable to join us for the chat today, covering the Aurora Vulnerability, you can now view the transcript here AuroraVulnChat 1-22-10 http://www.secuobs.com/revue/news/192859.shtmlhttp://www.secuobs.com/revue/news/192859.shtml 2010-02-17 18:00:56 - MadIrish.net : The ironically named Drupal Help Injection module suffers from an arbitrary HTML injection vulnerability http wwwmadirishnet article 448 from rss http://www.secuobs.com/revue/news/192791.shtmlhttp://www.secuobs.com/revue/news/192791.shtml 2010-02-17 17:42:57 - Cisco Security AdvisoriesSearch Cisco : IMAGE http://www.secuobs.com/revue/news/192782.shtmlhttp://www.secuobs.com/revue/news/192782.shtml 2010-02-17 15:55:05 - Exploit DB updates : http://www.secuobs.com/revue/news/192750.shtmlhttp://www.secuobs.com/revue/news/192750.shtml 2010-02-17 15:55:05 - Exploit DB updates : http://www.secuobs.com/revue/news/192749.shtmlhttp://www.secuobs.com/revue/news/192749.shtml 2010-02-17 15:55:05 - Exploit DB updates : http://www.secuobs.com/revue/news/192748.shtmlhttp://www.secuobs.com/revue/news/192748.shtml 2010-02-17 14:49:59 - Exploit DB updates : http://www.secuobs.com/revue/news/192733.shtmlhttp://www.secuobs.com/revue/news/192733.shtml 2010-02-17 14:49:59 - Exploit DB updates : http://www.secuobs.com/revue/news/192731.shtmlhttp://www.secuobs.com/revue/news/192731.shtml 2010-02-17 13:44:17 - Exploit DB updates : http://www.secuobs.com/revue/news/192713.shtmlhttp://www.secuobs.com/revue/news/192713.shtml 2010-02-17 13:17:53 - Anti Spam Appliance UTM Wifi Security Vulnerability Scanning : Learn more about what a vulnerability iswwwSecPointcom http://www.secuobs.com/revue/news/192709.shtmlhttp://www.secuobs.com/revue/news/192709.shtml 2010-02-17 13:06:20 - Security Bloggers Network : February 2010 Vulnerability Report This month's report covers the Microsoft Tuesday advisories for February 2010 and a whole bunch of Snow at Sourcefire HQ http://www.secuobs.com/revue/news/192701.shtmlhttp://www.secuobs.com/revue/news/192701.shtml 2010-02-17 08:12:26 - Exploit DB updates : http://www.secuobs.com/revue/news/192647.shtmlhttp://www.secuobs.com/revue/news/192647.shtml 2010-02-17 08:12:26 - Exploit DB updates : http://www.secuobs.com/revue/news/192646.shtmlhttp://www.secuobs.com/revue/news/192646.shtml 2010-02-17 08:12:26 - Exploit DB updates : http://www.secuobs.com/revue/news/192645.shtmlhttp://www.secuobs.com/revue/news/192645.shtml 2010-02-17 08:12:26 - Exploit DB updates : http://www.secuobs.com/revue/news/192644.shtmlhttp://www.secuobs.com/revue/news/192644.shtml 2010-02-16 22:45:33 - Exploit DB updates : http://www.secuobs.com/revue/news/192470.shtmlhttp://www.secuobs.com/revue/news/192470.shtml