System7 » vulnerability

I Spy

Thu, 14 Jul 2011 15:38:48 +0000

I was in the process of purchasing tickets to a show when I noticed something strange in my address bar. See anything that makes you think twice from purchasing from this vendor?

Recent WordPress vulns and the Open Source Vuln DB

Thu, 12 May 2011 22:52:43 +0000

There’s been too many WordPress vulnerabilities for my liking. Fortunately they seem to be quick to patch but software updates are always a pain. How long before everyone starts to adopt Chrome’s auto update feature?

Luckily, I’m a fan of the Open Source Vuln Database which makes staying on top of security updates that matter to you easy. Using the OSVDB is as simple as creating an account and search alerts for any software you’re interested in. Here’s what I recently received regarding WP:

Osama, new or updated vulnerabilities that match your search watch list have been foundSEARCH ID: 14

OSVDB_ID: 72173
URL: http://osvdb.org/show/osvdb/72173

Title: WordPress Arbitrary File Upload
Disclosure Date: Apr 26, 2011Description: WordPress fails to properly validate uploaded files, allowing a remote attacker to upload a .phtml file with an appended extension (such as .gif) to execute arbitrary PHP code.

SophosLabs Released Free Tool to Validate Microsoft Shortcut

Tue, 27 Jul 2010 09:42:46 +0000

I read this on the Internet Storm Center yesterday. Sophos has released a tool that will provide detection against the Windows shortcut exploit announced last week (originally being used to exploit Siemens SCADA machines). Be careful, this is a nasty vulnerability with a large scope — the entire Windows family of OS going back to NT as far I’m aware. If you want to play with the vulnerability yourself it has to be added to Metasploit — thanks hd!

SophosLabs has made a video available on what is the exploit and how the tool works here and the tool is available for downloaded here.

Trend Officescan – Proof of concept

Sat, 06 Jun 2009 19:19:29 +0000

In April a Trend vulnerability was discovered. The Trend real time scan service can be exploited by running a scan on a long directory name. It’s surprising that this vulnerability was discovered and yet is still exploitable in the latest release of Trend — which I’ve confirmed today. What’s neat is someone who only has user level privilege on a machine would be able to halt the Trend service and then potentially run some nasty code.

Here’s a VB project that will generate a long directory name and then attempt to run the scan: Trend POC (I’ve also compiled the source for those who don’t have VB — rename the .exe_ to .exe)

I’m running AVG Free on my Windows machine and happy with that.