-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian Security Advisory DSA-2577-1 secur...@debian.org
http://www.debian.org/security/ Yves-Alexis Perez
December 01, 2012
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
ESA-2012-052: RSA NetWitness Informer Cross-Site Request Forgery and
Click-jacking Vulnerabilities
EMC Identifier: ESA-2012-052
CVE Identifier: CVE-2012-4608
CVE Identifier: CVE-2012-4609
Severity Rating: CVSS v2 Base Score: 6. 8 (AV:N/AC:
Summary
The web browser which comes as part of the RIM BlackBerry PlayBook OS can be
tricked into disclosing the contents of local files through the
planting of a malicious HTML file through the standard download mechanism.
It should be noted that in order to exploit this issue, user interactio
Title:
==
FortiGate FortiDB 2kB 1kC & 400B - Cross Site Vulnerability
Date:
=
2012-11-29
References:
===
http://www.vulnerability-lab.com/get_content.php?id=558
VL-ID:
=
558
Common Vulnerability Scoring System:
2.5
Introduction:
===
Title:
==
FortiWeb 4kC,3kC,1kC & VA - Cross Site Vulnerabilities
Date:
=
2012-12-01
References:
===
http://www.vulnerability-lab.com/get_content.php?id=702
VL-ID:
=
702
Common Vulnerability Scoring System:
2.1
Introduction:
IBM System Director Remote System Level Exploit (CVE-2009-0880 extended zeroday)
Copyright (C) 2012 Kingcope
IBM System Director has the port 6988 open. By using a special request
to a vulnerable server,
the attacker can force to load a dll remotely from a WebDAV share.
The following exploit will
(see attachment)
Cheerio,
Kingcope
mysql_bufferoverrun.pl
Description: Binary data
(see attachment)
Cheerio,
Kingcope
mysql_heapoverrun.pl
Description: Binary data
(see attachment)
Cheerio,
Kingcope
mysql_privilege_elevation.pl
Description: Binary data
(see attachment)
Kingcope
5.5.19-log on SuSE Linux
DoS exploit:
use Net::MySQL;
use Unicode::UTF8 qw[decode_utf8 encode_utf8];
$|=1;
my $mysql = Net::MySQL->new(
ho
(see attachment)
Cheerio,
Kingcope
mysql_userenum.pl
Description: Binary data
Hi Kingcope,
# As seen below $edx and $edi are fully controlled,
# the current instruction is
# => 0x83a6b24 : mov(%edx),%edi
# this means we landed in a place where 4 bytes can be controlled by 4 bytes
# with this function pointers and GOT entries can be rewritten to
execute arbritrary code
Hi Kingcope,
MySQL Server exploitable stack based overrun
Ver 5.5.19-log for Linux and below (tested with Ver 5.1.53-log
for suse-linux-gnu too) unprivileged user (any account
(anonymous account?), post auth) as illustrated below the
instruction pointer is overwritten with 0x4141414
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 12/01/2012 02:26 PM, king cope wrote:
> (see attachment)
>
> Cheerio, Kingcope
So normally for MySQL issues Oracle would assign the CVE #. However in
this case we have a bit of a time constraint (it's a weekend and this
is blowing up quickly) and
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 12/01/2012 02:26 PM, king cope wrote:
> (see attachment)
>
> Cheerio,
>
> Kingcope
So normally for MySQL issues Oracle would assign the CVE #. However in
this case we have a bit of a time constraint (it's a weekend and this
is blowing up quickly)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 12/01/2012 02:26 PM, king cope wrote:
> (see attachment)
>
> Cheerio,
>
> Kingcope
So normally for MySQL issues Oracle would assign the CVE #. However in
this case we have a bit of a time constraint (it's a weekend and this
is blowing up quickly)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 12/01/2012 02:26 PM, king cope wrote:
> (see attachment)
>
> Kingcope
So normally for MySQL issues Oracle would assign the CVE #. However in
this case we have a bit of a time constraint (it's a weekend and this
is blowing up quickly) and the impa
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 12/01/2012 02:26 PM, king cope wrote:
> (see attachment)
>
> Cheerio,
>
> Kingcope
So normally for MySQL issues Oracle would assign the CVE #. However in
this case we have a bit of a time constraint (it's a weekend and this
is blowing up quickly)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 12/01/2012 11:41 AM, king cope wrote:
> *** FARLiGHT ELiTE HACKERS LEGACY R3L3ASE ***
>
> Attached is the MySQL Windows Remote Exploit (post-auth, udf
> technique) including the previously released mass scanner. The
> exploit is mirrored at the fa
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 12/01/2012 02:26 PM, king cope wrote:
> (see attachment)
>
> Cheerio,
>
> Kingcope
So normally for MySQL issues Oracle would assign the CVE #. However in
this case we have a bit of a time constraint (it's a weekend and this
is blowing up quickly)
Hi, Kurt!
This is CVE-2012-5579 that we've been discussing recently.
A test case it different, but it triggers exactly the same code.
MariaDB is not vulnerable as of 5.1.66, 5.2.13, 5.3.11, 5.5.28a.
Latest released MySQL versions are still affected, but Oracle knows
about this issue, so next vers
On 12/02/2012 11:30 AM, Kurt Seifried wrote:
So normally for MySQL issues Oracle would assign the CVE #. However in
this case we have a bit of a time constraint (it's a weekend and this
is blowing up quickly) and the impacts are potentially quite severe.
So I've spoken with some other Red Hat SR
Hi, Huzaifa!
Here's the vendor's reply:
On Dec 02, Huzaifa Sidhpurwala wrote:
>
> * CVE-2012-5611 MySQL (Linux) Stack based buffer overrun PoC Zeroday
> http://seclists.org/fulldisclosure/2012/Dec/4
> https://bugzilla.redhat.com/show_bug.cgi?id=882599
A duplicate of CVE-2012-5579
Already fixed
On dim., 2012-12-02 at 21:17 +0100, king cope wrote:
> My opinion is that the FILE to admin privilege elevation should be patched.
> What is the reason to have FILE and ADMIN privileges seperated when
> with this exploit
> FILE privileges equate to ALL ADMIN privileges.
Maybe because you might no
Correct, I tell that from experience because I've seen many
configurations where the least privileged user has file privs enabled.
If we leave it that way the attackers will be more happy, it's not
decision to patch it or not, just a hint .
Regard,
Kingcope
2012/12/2 Yves-Alexis Perez :
> On di
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -
Debian Security Advisory DSA-2580-1 secur...@debian.org
http://www.debian.org/security/Moritz Muehlenhoff
December 02, 2012
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:176
http://www.mandriva.com/security/
_
Hi, king cope!
On Dec 02, king cope wrote:
> Hi,
> My opinion is that the FILE to admin privilege elevation should be
> patched. What is the reason to have FILE and ADMIN privileges
> seperated when with this exploit FILE privileges equate to ALL ADMIN
> privileges.
> I understand that it's insec
=
tinymcpuk xss vulnerability
=
# Exploit Title: tinymcpuk xss vulnerability
# Google Dork: n/a
# Date: 1/12/2012 (GMT+7)
# Exploit Author: eidelweiss (@randyarios)
#
SEC Consult Vulnerability Lab Security Advisory < 20121203-0 >
===
title: Unauthenticated local file inclusion
product: F5 FirePass SSL VPN
vulnerable version: <= 7.0.0 HF-70-6
fixe
All SQL queries have been replaced with parameterized statements in version
2.0.0.
31 matches
Mail list logo
