headers
Carlo Di Dato | 1 Aug 2012 09:38

Re: AxMan ActiveX fuzzing <== Memory Corruption PoC

Mr. Moore,
I am surprised you didn't released immediately a patch to address this 
critical vulnerability :-)

P.S.
I can't understand why Awsome coolkaveh didn't sell this vuln to ZDI or 
stuff like that :-)

Il 31.07.2012 16:19 HD Moore ha scritto:
> In other news, running local commands grants code execution :)
>
> I am surprised you didn't allocate a CVE,
>
> -HD
>
> -----Original Message-----
> From: full-disclosure-bounces <at> lists.grok.org.uk
> [mailto:full-disclosure-bounces <at> lists.grok.org.uk] On Behalf Of kaveh
> ghaemmaghami
> Sent: Saturday, July 28, 2012 7:21 PM
> To: full-disclosure <at> lists.grok.org.uk
> Subject: [Full-disclosure] AxMan ActiveX fuzzing <== Memory 
> Corruption PoC
>
> Exploit Title: AxMan ActiveX fuzzing <== Memory Corruption PoC
> Crash : http://imageshack.us/f/217/axman.jpg/
> Date: July 28, 2012
> Author: coolkaveh
> coolkaveh <at> rocketmail.com
> Https://twitter.com/coolkaveh
(Continue reading)

Permalink | Reply | 1 comment |
headers
Giles Coochey | 1 Aug 2012 12:29

Re: AxMan ActiveX fuzzing <== Memory Corruption PoC

When can we expect a metasploit module for this l33t c0d3?;-)

On 01/08/2012 08:38, Carlo Di Dato wrote:
> Mr. Moore,
> I am surprised you didn't released immediately a patch to address this
> critical vulnerability :-)
>
> P.S.
> I can't understand why Awsome coolkaveh didn't sell this vuln to ZDI or
> stuff like that :-)
>
> Il 31.07.2012 16:19 HD Moore ha scritto:
>> In other news, running local commands grants code execution :)
>>
>> I am surprised you didn't allocate a CVE,
>>
>> -HD
>>
>> -----Original Message-----
>> From: full-disclosure-bounces <at> lists.grok.org.uk
>> [mailto:full-disclosure-bounces <at> lists.grok.org.uk] On Behalf Of kaveh
>> ghaemmaghami
>> Sent: Saturday, July 28, 2012 7:21 PM
>> To: full-disclosure <at> lists.grok.org.uk
>> Subject: [Full-disclosure] AxMan ActiveX fuzzing <== Memory
>> Corruption PoC
>>
>> Exploit Title: AxMan ActiveX fuzzing <== Memory Corruption PoC
>> Crash : http://imageshack.us/f/217/axman.jpg/
>> Date: July 28, 2012
(Continue reading)

Permalink | Reply | 0 comments |
headers
Kyle Creyts | 1 Aug 2012 01:38
Picon

sandboxed browsing

Who uses something other than a browser in a virtual machine to follow
suspicious/possibly malicious links?

If you do, what do you use, and how did you choose it?

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Permalink | Reply | 13 comments |
headers
Dave Airlie | 1 Aug 2012 02:10
Picon
Gravatar

nvidia linux binary driver priv escalation exploit

First up I didn't write this but I have executed it and it did work here,

I was given this anonymously, it has been sent to nvidia over a month
ago with no reply or advisory and the original author wishes to remain
anonymous but would like to have the exploit published at this time,
so I said I'd post it for them.

It basically abuses the fact that the /dev/nvidia0 device accept
changes to the VGA window and moves the window around until it can
read/write to somewhere useful in physical RAM, then it just does an
priv escalation by writing directly to kernel memory.

Dave.
Attachment (pub.c): text/x-csrc, 17 KiB
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Permalink | Reply | 1 comment |
headers
Vulnerability Lab | 1 Aug 2012 05:30
Favicon

Barracuda Appliances - Validation Filter Bypass Vulnerability

Title:
======
Barracuda Appliances - Validation Filter Bypass Vulnerability

Date:
=====
2012-07-16

References:
===========
http://www.vulnerability-lab.com/get_content.php?id=661

VL-ID:
=====
661

Common Vulnerability Scoring System:
====================================
5.5

Abstract:
=========
The Vulnerability Laboratory Research Team discovered a input validation filter bypass vulnerability
in Barracudas Network appliance products.

Report-Timeline:
================
2012-06-09:	Researcher Notification & Coordination
2012-06-10:	Vendor Notification
2012-07-12:	Vendor Response/Feedback
(Continue reading)

Permalink | Reply | 0 comments |
headers
Vulnerability Lab | 1 Aug 2012 05:34
Favicon

Barracuda SSL VPN 680 - Cross Site Scripting Vulnerabilities

Title:
======
Barracuda SSL VPN 680 - Cross Site Scripting Vulnerabilities

Date:
=====
2012-07-16

References:
===========
http://vulnerability-lab.com/get_content.php?id=561

Barracuda Networks Security ID: BNSEC-278

VL-ID:
=====
561

Common Vulnerability Scoring System:
====================================
3

Introduction:
=============
The Barracuda SSL VPN is an integrated hardware and software solution enabling secure, clientless remote 
access to internal network resources from any Web browser. Designed for remote employees and road
warriors, 
the Barracuda SSL VPN provides comprehensive control over file systems and Web-based applications
requiring 
external access. The Barracuda SSL VPN integrates with third-party authentication mechanisms to
(Continue reading)

Permalink | Reply | 0 comments |
headers
Vulnerability Lab | 1 Aug 2012 05:48
Favicon

ME Application Manager 10 - Multiple Web Vulnerabilities

Title:
======
ME Application Manager 10 - Multiple Web Vulnerabilities

Date:
=====
2012-07-04

References:
===========
http://www.vulnerability-lab.com/get_content.php?id=627

VL-ID:
=====
627

Common Vulnerability Scoring System:
====================================
7.2

Introduction:
=============
ManageEngine Applications Manager is a server and application performance monitoring software that
helps businesses 
ensure high availability and performance for their business applications by ensuring servers and
applications have 
high uptime. The application performance management capability includes server monitoring,
application server 
monitoring, database monitoring, web services monitoring, virtualization monitoring, cloud
monitoring and an array of
(Continue reading)

Permalink | Reply | 0 comments |
headers
Vulnerability Lab | 1 Aug 2012 05:53
Favicon

Distimo Monitor 6.0 - Multiple Cross Site Vulnerabilities

Title:
======
Distimo Monitor 6.0 - Multiple Cross Site Vulnerabilities

Date:
=====
2012-07-05

References:
===========
http://www.vulnerability-lab.com/get_content.php?id=631

VL-ID:
=====
631

Common Vulnerability Scoring System:
====================================
2

Introduction:
=============
Distimo Monitor allows developers to track their daily download and revenue figures from all app stores in
one convenient place. 
View application rankings in all countries, and benchmark your application(s) versus the competition
and the rest of the market. 
No code-insert in the developer application is required. Distimo provides device manufacturers,
carriers and developers with the 
best insight into the mobile app store market, in order to and steer their app strategy. Distimo Monitor is
the free cross-
(Continue reading)

Permalink | Reply | 0 comments |
headers
Vulnerability Lab | 1 Aug 2012 05:54
Favicon

ME Mobile Application Manager v10 - SQL Vulnerabilities

Title:
======
ME Mobile Application Manager v10 - SQL Vulnerabilities

Date:
=====
2012-07-04

References:
===========
http://www.vulnerability-lab.com/get_content.php?id=628

VL-ID:
=====
628

Common Vulnerability Scoring System:
====================================
8.1

Introduction:
=============
ManageEngine Mobile Applications Manager is a server and application performance monitoring software
that helps businesses 
ensure high availability and performance for their business applications by ensuring servers and
applications have 
high uptime. The application performance management capability includes server monitoring,
application server 
monitoring, database monitoring, web services monitoring, virtualization monitoring, cloud
monitoring and an array of
(Continue reading)

Permalink | Reply | 0 comments |
headers
Secunia Research | 1 Aug 2012 06:18
Favicon

Secunia Research: Citrix Access Gateway Plug-in for Windows nsepacom ActiveX Control Integer Overflow

====================================================================== 

                     Secunia Research 01/08/2012

              - Citrix Access Gateway Plug-in for Windows -
          - "nsepacom" ActiveX Integer Overflow Vulnerability -

====================================================================== 
Table of Contents

Affected Software....................................................1
Severity.............................................................2
Vendor's Description of Software.....................................3
Description of Vulnerability.........................................4
Solution.............................................................5
Time Table...........................................................6
Credits..............................................................7
References...........................................................8
About Secunia........................................................9
Verification........................................................10

====================================================================== 
1) Affected Software 

* Citrix Access Gateway Plug-in for Windows version 9.3.49.5.

NOTE: Other versions may also be affected.

====================================================================== 
2) Severity
(Continue reading)

Permalink | Reply | 0 comments |

Gmane