, Sep 13, 2010 at 9:59 PM, Rohit Patnaik quanti...@gmail.com wrote:
DLL Hijacking is highly effective in combination with use of Social
Engineering Toolkit.
-- Rohit Patnaik
On Wed, Sep 8, 2010 at 3:36 AM, YGN Ethical Hacker Group li...@yehg.net
wrote:
A vulnerability is a vulnerability.
A SQL
.
Software Vendors who bundle this version of QuickTime in their
software packages should update it.
8. VENDOR
Apple Inc
http://www.apple.com/quicktime/
9. CREDIT
This vulnerability was discovered by Aung Khant, http://yehg.net, YGN
Ethical Hacker Group, Myanmar.
10. DISCLOSURE TIME-LINE
N
/
http://www.altools.com
9. CREDIT
This vulnerability was discovered by Aung Khant, http://yehg.net, YGN
Ethical Hacker Group, Myanmar.
10. DISCLOSURE TIME-LINE
N/A: vulnerability discovered
09-11-2010: notified vendor
09-12-2010: vulnerability disclosed
11. REFERENCES
Original Advisory URL
the WebClient service
Please see workaround solution links in References section.
8. VENDOR
ESTsoft Corp.
http://www.estsoft.com/
http://www.altools.com
9. CREDIT
This vulnerability was discovered by Aung Khant, http://yehg.net, YGN
Ethical Hacker Group, Myanmar.
10. DISCLOSURE TIME-LINE
N
workaround solution links in References section.
8. VENDOR
SoMud Software
http://www.somud.com
9. CREDIT
This vulnerability was discovered by Aung Khant, http://yehg.net, YGN
Ethical Hacker Group, Myanmar.
10. DISCLOSURE TIME-LINE
09-11-2010: notified vendor
09-13-2010: vulnerability
flash internals to call dwmapi.dll that exists
only in Vista and up.
2010/9/13 MustLive mustl...@websecurity.com.ua:
Hello YGN Ethical Hacker Group!
Nice vulnerability and nice video. As I see from your list of DLL Hijacking
vulnerabilities in different applications, published in FD mailing
links in References section.
8. VENDOR
Sorax Software
http://www.soraxsoft.com/
9. CREDIT
This vulnerability was discovered by Aung Khant, http://yehg.net, YGN
Ethical Hacker Group, Myanmar.
10. DISCLOSURE TIME-LINE
09-11-2010: notified vendor
09-13-2010: vulnerability disclosed
11
shares
- Disable the WebClient service
Please see workaround solution links in References section.
8. VENDOR
Nuance Communications
http://www.nuance.com/
9. CREDIT
This vulnerability was discovered by Aung Khant, http://yehg.net, YGN
Ethical Hacker Group, Myanmar.
10. DISCLOSURE TIME-LINE
09
workaround solution links in References section.
8. VENDOR
Nitro PDF Pty Ltd
http://www.nitropdf.com/
9. CREDIT
This vulnerability was discovered by Aung Khant, http://yehg.net, YGN
Ethical Hacker Group, Myanmar.
10. DISCLOSURE TIME-LINE
09-09-2010: notified vendor
09-13-2010: vulnerability
the WebClient service
Please see workaround solution links in References section.
8. VENDOR
Informative Graphics Corporation
http://www.bravaviewer.com/reader.htm
9. CREDIT
This vulnerability was discovered by Aung Khant, http://yehg.net, YGN
Ethical Hacker Group, Myanmar.
10. DISCLOSURE TIME
network shares
- Disable the WebClient service
Please see workaround solution links in References section.
8. VENDOR
Global Graphics Software Ltd.
http://www.globalgraphics.com/en/gdoc/gdoc-fusion
9. CREDIT
This vulnerability was discovered by Aung Khant, http://yehg.net, YGN
Ethical Hacker Group
.
http://www.e-press.com
9. CREDIT
This vulnerability was discovered by Aung Khant, http://yehg.net, YGN
Ethical Hacker Group, Myanmar.
10. DISCLOSURE TIME-LINE
09-11-2010: notified vendor
09-13-2010: vulnerability disclosed
11. REFERENCES
Original Advisory URL:
http://core.yehg.net/lab/pr0js
was discovered by Aung Khant, http://yehg.net, YGN
Ethical Hacker Group, Myanmar.
10. DISCLOSURE TIME-LINE
09-11-2010: notified vendor
09-13-2010: vulnerability disclosed
11. REFERENCES
Original Advisory URL:
http://core.yehg.net/lab/pr0js/advisories/dll_hijacking/[kingsoft_office
network shares
- Disable the WebClient service
Please see workaround solution links in References section.
8. VENDOR
Celframe
http://www.celframe.com/
9. CREDIT
This vulnerability was discovered by Aung Khant, http://yehg.net, YGN
Ethical Hacker Group, Myanmar.
10. DISCLOSURE TIME-LINE
09-11
. VENDOR
IBM Corporation
http://symphony.lotus.com/
http://www.ibm.com/
9. CREDIT
This vulnerability was discovered by Aung Khant, http://yehg.net, YGN
Ethical Hacker Group, Myanmar.
10. DISCLOSURE TIME-LINE
09-11-2010: notified vendor
09-13-2010: vulnerability disclosed
11. REFERENCES
Original
://yehg.net, YGN
Ethical Hacker Group, Myanmar.
10. DISCLOSURE TIME-LINE
09-12-2010: notified vendor
09-13-2010: vulnerability disclosed
11. REFERENCES
Original Advisory URL:
http://core.yehg.net/lab/pr0js/advisories/dll_hijacking/[ultraedit]_16.10.0.1036_insecure_dll_hijacking
Workaround Solution
A lot of black hats will intentionally launch a whole mess of
nmap and nessus scans from zillions of throw-away zombies, just so their
*real*
attack can fly under the wire.
Totally agree.
Intrusion attempts, port scanning, ..etc takes place all the time in
Internet space. Who really cares?
untrusted sources to Desktop location
8. VENDOR
Adobe Inc (http://www.adobe.com)
9. CREDIT
This vulnerability was discovered by Aung Khant, http://yehg.net, YGN
Ethical Hacker Group, Myanmar.
10. DISCLOSURE TIME-LINE
09-02-2010: vulnerability discovered
09-03-2010: notified vendor
09-10-2010
Hi Christian
The reason I use Clean doesn't mean (or I'm not accusing) your
Windows is infected.
It's better to test DLL Hijacking in Clean Copy of Windows without any
prior applications messup.
Please take a look at
http://core.yehg.net/lab/pr0js/texts/when_testing_for_dll_hijacking.txt
We
If, say, DWM.dll is exploitable, why not point *that* out rather than
point out the many applications that are using it (wrongly)?
As I might have said in earlier mail, I have to do this so that
vulnerability news site such as secunia , securiteam authors can get
enough information for each
is too ethical to do dns lookups! you blackhat you!!!
2010/9/8 p8x l...@p8x.net mailto:l...@p8x.net
# host websecurity.com.ua http://websecurity.com.ua/
websecurity.com.ua http://websecurity.com.ua/ has address 62.149.9.65
On 8/09/2010 9:00 PM, YGN Ethical Hacker Group wrote
, http://yehg.net, YGN
Ethical Hacker Group, Myanmar.
10. DISCLOSURE TIME-LINE
09-09-2010: vulnerability discovered
09-09-2010: notified vendor
09-09-2010: vulnerability disclosed
11. REFERENCES
Original Advisory URL:
http://core.yehg.net/lab/pr0js/advisories/dll_hijacking/[pgp_desktop]_9x
A vulnerability is a vulnerability.
A SQL Injection is a type of Vulnerability.
For each type of Vulnerability, there will be thousands of web
applications that might be vulnerable to it.
DLL Hijacking is same.
We do each post rather than a list so that security vulnerability news
site can get
Good job, Dude
You didn't even bother to hide your track.
[snip]
Received: from a (shalb.com [62.149.9.65])
by lists.grok.org.uk (Postfix) with SMTP id F1F06324
for full-disclosure@lists.grok.org.uk;
Wed, 8 Sep 2010 04:41:17 +0100 (BST)
[/snip]
I must say I can't take your word according to my testing.
I've tested on Clean Licensed Windows 7 Professional Edition 64-bit
with latest windows updates applied (as of Today -sept 09 2010). I
used Acros Security's 64 bit demo.
Should I make movie to prove that like
1- Updating Windows (check
The fixed version KeePass 2.13 has been released.
http://keepass.info/news/n100906_2.13.html
But failure to describe DLL Hijacking was fixed.
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted
I found this Microsoft Internet explorer 8 DLL Hijacking at Inject0r db
http://inj3ct0r.com/exploits/13898
This one is a similar variant of IE 7
http://www.exploit-db.com/exploits/2929/
It can be triggered only if attackers can put a IESHIMS.DLL file in
user's desktop.
However, there are
Yes, I've found it too.
On Thu, Sep 2, 2010 at 12:05 PM, p8x l...@p8x.net wrote:
Hi Christian,
I noticed MS pushed out an update a couple of days ago - on the PC's
that have had the update applied the POC does not work for me, where as
an unpatched machine the POC works.
Has that
http://www.moovida.com/
9. CREDIT
This vulnerability was discovered by Aung Khant, http://yehg.net, YGN
Ethical Hacker Group, Myanmar.
10. DISCLOSURE TIME-LINE
08-28-2010: vulnerability discovered
08-28-2010: notified vendor via support ticket
09-02-2010: notified vendor via support forum
09
Is your Windows 7 64-bit ?
Your DLL is 64-bit compatible?
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Very Cool! :)
I think/wish there will be more demos.
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
://keepass.info
9. CREDIT
This vulnerability was discovered by Aung Khant, http://yehg.net, YGN
Ethical Hacker Group, Myanmar.
10. DISCLOSURE TIME-LINE
08-29-2010: vulnerability discovered
08-29-2010: notified vendor
08-29-2010: patch released
09-01-2010: vulnerability disclosed
11. REFERENCES
Original
service
Please see workaround solution links in References section.
8. VENDOR
Notepad++ Developers Team
http://notepad-plus-plus.org/
9. CREDIT
This vulnerability was discovered by Aung Khant, http://yehg.net, YGN
Ethical Hacker Group, Myanmar.
10. DISCLOSURE TIME-LINE
08-28-2010
Limited
http://www.maxthon.com/
9. CREDIT
This vulnerability was discovered by Aung Khant, http://yehg.net, YGN
Ethical Hacker Group, Myanmar.
10. DISCLOSURE TIME-LINE
08-28-2010: vulnerability discovered
08-28-2010: notified vendor
08-28-2010: vulnerability disclosed
11. REFERENCES
Original
http://logic-ware.net/
http://www.qtweb.net/
9. CREDIT
This vulnerability was discovered by Aung Khant, http://yehg.net, YGN
Ethical Hacker Group, Myanmar.
10. DISCLOSURE TIME-LINE
08-29-2010: vulnerability discovered
08-29-2010: notified vendor
08-29-2010: vulnerability disclosed
11
like to ask, are these vulnerabilities existent in world-public OR
registered users part (OR both)?
Regards,
Chris.
On Fri, Aug 20, 2010 at 6:32 PM, YGN Ethical Hacker Group li...@yehg.net
wrote:
==
phpMyAdmin
at 08-15-2010. It is now supposed to be safe.
It is suggested that any web sites that use this component ask the
vendor for the updated version.
8. VENDOR
Blastchat
http://www.blastchat.com
9. CREDIT
This vulnerability was discovered by Aung Khant, http://yehg.net, YGN
Ethical Hacker Group
, http://yehg.net, YGN
Ethical Hacker Group, Myanmar.
10. DISCLOSURE TIME-LINE
08-11-2010: discovered vulnerability
08-11-2010: notified vendor
08-11-2010: vendor fixed vulnerability
08-14-2010: vendor released patched version - 3.4
08-26-2010: vulnerability disclosed
11. REFERENCES
Original
. CREDIT
This vulnerability was discovered by Aung Khant, http://yehg.net, YGN
Ethical Hacker Group, Myanmar.
10. DISCLOSURE TIME-LINE
08-11-2010: discovered vulnerability
08-11-2010: notified vendor
08-15-2010: vendor fixed vulnerability
08-26-2010: vulnerability disclosed
11. REFERENCES
Original
Which I presume means it affects the system only with a registered (and a
logged in) account.
Yes. Affecting only currently logged-in users.
If you're sure that you could never be fooled by someone through any
means, you're safe not to patch this upgrade.
It's been completely fixed.
Thanks, ad bard guys.
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
2wire support just replied that this has been fixed and new version
(6.x.x.x) has been released.
The advisory has been updated accordingly.
http://yehg.net/lab/pr0js/advisories/2wire/[2wire]_session_hijacking_vulnerability
___
Full-Disclosure - We
8. VENDOR
phpMyAdmin (http://www.phpmyadmin.net)
9. CREDIT
This vulnerability was discovered by Aung Khant, http://yehg.net, YGN
Ethical Hacker Group, Myanmar.
10. DISCLOSURE TIME-LINE
08-09-2010: vulnerability discovered
08-10-2010: notified vendor
08-20-2010: vendor released fix
08-20
-
Best regards,
YGN Ethical Hacker Group
Yangon, Myanmar
http://yehg.net
Our Lab | http://yehg.net/lab
Our Directory | http://yehg.net/hwd
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
As the adbard.net has tons of ad publishers and advertisers, attackers
can exploit this flaw for fun and profit.
6. VENDOR
Ad Bard Network
- http://adbard.net
7. CREDIT
This vulnerability was discovered by Aung Khant, http://yehg.net, YGN
Ethical Hacker Group, Myanmar.
8. DISCLOSURE TIME-LINE
08-10-2010
exploit these flaws for fun and profit.
6. VENDOR
LinkBucks.com
-http://linkbucks.com
7. CREDIT
This vulnerability was discovered by Aung Khant, http://yehg.net, YGN
Ethical Hacker Group, Myanmar.
8. DISCLOSURE TIME-LINE
07-10-2010: vulnerability discovered
07-13-2010: got contact from linksbuck
section.
8. VENDOR
2Wire Inc
http://www.2wire.com
About 2Wire - http://www.2wire.com/index.php?p=486
9. CREDIT
This vulnerability was discovered by Aung Khant, http://yehg.net, YGN
Ethical Hacker Group, Myanmar.
10. DISCLOSURE TIME-LINE
07-25-2010: vulnerability discovered
07-29-2010: notified
must be aware of other unfixed vulnerabilities
stated in references section.
8. VENDOR
2Wire Inc
http://www.2wire.com
About 2Wire - http://www.2wire.com/index.php?p=486
9. CREDIT
This vulnerability was discovered by Aung Khant, http://yehg.net, YGN
Ethical Hacker Group, Myanmar.
10
CVE ID hasn't been assigned yet.
-
Best regards,
YGN Ethical Hacker Group
Yangon, Myanmar
http://yehg.net
Our Lab | http://yehg.net/lab
Our Directory | http://yehg.net/hwd
On Tue, Aug 10, 2010 at 2:23 AM, Henri Salo he...@nerv.fi wrote:
On Mon, 9 Aug 2010 23:12
This is to confirm FreeSSHD 1.2.6 , latest version, is still vulnerable to this:
http://www.exploit-db.com/exploits/11842/
The bug report can't be submitted on the author site - http://www.freesshd.com
because of a php bug in form submission.
But it was sent to emails from its commercial site -
=
HP System Management Homepage(SMH) | URL Redirection Abuse
=
by
Aung Khant
YGN Ethical Hacker Group, Myanmar
http://yehg.net/
Product:
HP System Management Homepage
==
TinyBrowser (TinyMCE Editor File browser) 1.41.6 - Multiple Vulnerabilities
==
Discovered by
Aung Khant, YGN Ethical Hacker Group, Myanmar
.
Or else users will say 'just forget about it. image upload makes no
problem.'
On Wed, Jul 29, 2009 at 5:30 AM, laurent gaffie laurent.gaf...@gmail.comwrote:
***this also affect any joomla! 1.5.* ***
2009/7/28 YGN Ethical Hacker Group (http://yehg.net) li...@yehg.net
==
PHP Support Ticket 2.2 = Multiple Vulnerabilities
==
Discovered by
Aung Khant, YGN Ethical Hacker Group, Myanmar http://yehg.net/ ~
believe
=
DOMPDF Arbitrary File Read = 0.5.1
=
Discovered by:
Aung Khant, YGN Ethical Hacker Group, Myanmar
http://yehg.net/ ~ believe in full disclosure
Advisory URL:
http://yehg.net/lab/pr0js/view.php/Apache%20Security%20Bypass%20Vul
==
GMAIL-LITE Arbitrary File Upload 0.10 =
==
Discovered by
br0, YGN Ethical Hacker Group, Myanmar
http://yehg.net ~believe in full disclosure
CodeIgniter Global XSS Filtering Bypass Vulnerability
Discovered by:
Aung Khant, YGN Ethical Hacker Group, Myanmar
http://yehg.net/ ~ believe in full disclosure
Product : CodeIgniter http://www.codeigniter.com
101 - 157 of 157 matches
Mail list logo