Microsoft Patches Serious 34 Vulnerabilities

In today's Patch Tuesday, Microsoft released 16 bulletins addressing 34 vulnerabilities in Microsoft Windows, Microsoft Office, Internet Explorer, .NET, SQL, Visual Studio, Silverlight, VML and ISA. Nine of the bulletins are rated Critical, with seven rated as Important. Wolfgang Kandek, Qualys CTO, comments: "The only bulletin with a known expoit in the wild is MS11-046, a local privilege escalation flaw in the "afd.sys" driver. IT admins can check with their end-point security providers for coverage, but should include this bulletin high on their to-do lists in any case, as it is only a matter of time until we see more attackers use malware taking advantage of this exploit to gain control of your workstations."

Here are the bulletins:-

Vulnerability in OLE Automation 
This security update resolves a privately reported vulnerability in Microsoft Windows Object Linking and Embedding (OLE) Automation. The vulnerability could allow remote code execution if a user visits a Web site containing a specially crafted Windows Metafile (WMF) image. In all cases, however, an attacker would have no way to force users to visit such a Web site. Instead, an attacker would have to convince users to visit a malicious Web site, typically by getting them to click a link in an e-mail message or Instant Messenger request.

Vulnerability in .NET Framework and Microsoft Silverlight
This security update resolves a privately reported vulnerability in Microsoft .NET Framework and Microsoft Silverlight. The vulnerability could allow remote code execution on a client system if a user views a specially crafted Web page using a Web browser that can run XAML Browser Applications (XBAPs) or Silverlight applications. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The vulnerability could also allow remote code execution on a server system running IIS, if that server allows processing ASP.NET pages and an attacker succeeds in uploading a specially crafted ASP.NET page to that server and then executes the page, as could be the case in a Web hosting scenario. This vulnerability could also be used by Windows .NET applications to bypass Code Access Security (CAS) restrictions.

Vulnerability in Threat Management Gateway Firewall Client 
This security update resolves a privately reported vulnerability in the Microsoft Forefront Threat Management Gateway (TMG) 2010 Client, formerly named the Microsoft Forefront Threat Management Gateway Firewall Client. The vulnerability could allow remote code execution if an attacker leveraged a client computer to make specific requests on a system where the TMG firewall client is used.

Vulnerability in Windows Kernel-Mode Drivers
This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user visits a network share (or visits a web site that points to a network share) containing a specially crafted OpenType font (OTF). In all cases, however, an attacker would have no way to force a user to visit such a web site or network share. Instead, an attacker would have to convince a user to visit the web site or network share, typically by getting them to click a link in an e-mail message or Instant Messenger message.

Vulnerabilities in Distributed File System
This security update resolves two privately reported vulnerabilities in the Microsoft Distributed File System (DFS). The more severe of these vulnerabilities could allow remote code execution when an attacker sends a specially crafted DFS response to a client-initiated DFS request. An attacker who successfully exploited this vulnerability could execute arbitrary code and take complete control of an affected system. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed.

Vulnerability in SMB Client
This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker sent a specially crafted SMB response to a client-initiated SMB request. To exploit the vulnerability, an attacker must convince the user to initiate an SMB connection to a specially crafted SMB server.

Vulnerability in .NET Framework
This security update resolves a publicly disclosed vulnerability in Microsoft .NET Framework. The vulnerability could allow remote code execution on a client system if a user views a specially crafted Web page using a Web browser that can run XAML Browser Applications (XBAPs). Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The vulnerability could also allow remote code execution on a server system running IIS, if that server allows processing ASP.NET pages and an attacker succeeds in uploading a specially crafted ASP.NET page to that server and then executes the page, as could be the case in a Web hosting scenario. This vulnerability could also be used by Windows .NET applications to bypass Code Access Security (CAS) restrictions.

Cumulative Security Update for Internet Explorer
This security update resolves eleven privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Vulnerability in Vector Markup Language
This security update resolves a privately reported vulnerability in the Microsoft implementation of Vector Markup Language (VML). This security update is rated Critical for Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8 on Windows clients; and Moderate for Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8 on Windows servers. Internet Explorer 9 is not affected by the vulnerability.

The vulnerability could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Vulnerability in MHTML
This security update resolves a publicly disclosed vulnerability in the MHTML protocol handler in Microsoft Windows. The vulnerability could allow information disclosure if a user opens a specially crafted URL from an attacker's Web site. An attacker would have to convince the user to visit the Web site, typically by getting them to follow a link in an e-mail message or Instant Messenger message.

Vulnerabilities in Microsoft Excel
This security update resolves eight privately reported vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Installing and configuring Office File Validation (OFV) to prevent the opening of suspicious files blocks the attack vectors for exploiting the vulnerabilities described in CVE-2011-1272, CVE-2011-1273, and CVE-2011-1279. Microsoft Excel 2010 is only affected by CVE-2011-1273 described in this bulletin. The automated Microsoft Fix it solution, "Disable Edit in Protected View for Excel 2010," available in Microsoft Knowledge Base Article 2501584, blocks the attack vectors for exploiting CVE-2011-1273.

Vulnerability in Ancillary Function Driver
This security update resolves a publicly disclosed vulnerability in the Microsoft Windows Ancillary Function Driver (AFD). The vulnerability could allow elevation of privilege if an attacker logs on to a user's system and runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit the vulnerability.

Vulnerability in Hyper-V Could
This security update resolves a privately reported vulnerability in Windows Server 2008 Hyper-V and Windows Server 2008 R2 Hyper-V. The vulnerability could allow denial of service if a specially crafted packet is sent to the VMBus by an authenticated user in one of the guest virtual machines hosted by the Hyper-V server. An attacker must have valid logon credentials and be able to send specially crafted content from a guest virtual machine to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users.

Vulnerability in SMB Server
This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow denial of service if an attacker created a specially crafted SMB packet and sent the packet to an affected system. Firewall best practices and standard default firewall configurations can help protect networks from attacks originating outside the enterprise perimeter that would attempt to exploit this vulnerability.

Vulnerability in the Microsoft XML Editor
This security update resolves a privately reported vulnerability in Microsoft XML Editor. The vulnerability could allow information disclosure if a user opened a specially crafted Web Service Discovery (.disco) file with one of the affected software listed in this bulletin. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to produce information that could be used to try to further compromise the affected system.

Vulnerability in Active Directory Certificate Services Web Enrollment
This security update resolves a privately reported vulnerability in Active Directory Certificate Services Web Enrollment. The vulnerability is a cross-site scripting (XSS) vulnerability that could allow elevation of privilege, enabling an attacker to execute arbitrary commands on the site in the context of the target user. An attacker who successfully exploited this vulnerability would need to send a specially crafted link and convince a user to click the link. In all cases, however, an attacker would have no way to force a user to visit the Web site. Instead, an attacker would have to persuade a user to visit the Web site, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes the user to the vulnerable Web site.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Microsoft Patches Serious 34 Vulnerabilities"https://www.voiceofgreyhat.com/2011/06/microsoft-patches-serious-34.html</a>

Nessus 5.0 Vulnerability Scanner Released

Nessus 5.0 Vulnerability Scanner Released 

Tenable Network Security officially announced the availability of Nessus 5.0 vulnerability scanner. This release introduces key features and improvements, separated into the four major phases of the vulnerability scanning process:

1. Installation and management (for enhanced usability)
2. Scan policy creation and design (for improved effectiveness)
3. Scan execution (for improved efficiency)
4. Report customization and creation (for improved communication with all parts of the organization).

Installation & Management:-
Nessus 5.0 simplifies the installation and configuration for non-technical users:

• Installation: Nessus v5.0 has a browser-based installation wizard — no special knowledge required. Users on a wide variety of platforms — Windows, Mac, Linux, or UNIX — can have Nessus v5.0 installed within minutes.

• Configuration and management: Nessus v5.0 configuration and management is now done 100% through the GUI.

• With all configuration and management now done through the web interface, the Nessus user experience is the same for all users, regardless of OS.

• With the touch of a button on the GUI, Nessus users can now quickly initiate plugin updates and see last update information.

Scan Policy Creation & Design:-
Users now enjoy improved effectiveness when creating scan policies:

• Over two dozen new pre-built plugin filters make it easy for security and compliance professionals to simplify policy creation for laser-focused scans on the areas that matter most. Users can quickly select multiple filter criteria, such as, Vulnerability Publication Date, public vulnerability database ID (OSVDB, Bugtraq, CERT Advisory, and Secunia), Plugin type (local or remote), information assurance vulnerability alert (IAVA), and more, to quickly identify easily-exploitable vulnerabilities. For example:

• Scan for all easily remotely-exploitable vulnerabilities for which there is an exploit published in your favorite exploit framework.

• Scan for local third-party client software that is unpatched.

• Scan for systems that have been missing patches for more than a year.

• Policies can be configured to produce reports that are locked to prevent editing.

Scan Execution: Improved efficiency:-
Nessus 5.0 users can take advantage of real-time scan results, on-the-fly filtering and sorting, and streamlined results navigation:

• New criticality level: Nessus v5.0 now has five severity levels — Informational, Low Risk, Medium Risk, High Risk, and Critical Risk. The Informational level quickly identifies non-vulnerability information and separates it from the vulnerability detail.

• Example: A user may want to run a query against all hosts running web servers not on the normal http or https ports, port 80 or port 443. The Informational level allows a user to quickly identify information that may be useful, but does not require immediate attention — keeping the focus on the actionable results.

• New vulnerability summary: A new vulnerability summary and redesigned host summary make it easy to see risk level without even running a report.

• Streamlined results navigation: One click to jump from a critical vulnerability to see the host(s) that is vulnerable to the details of the vulnerability.

• Take advantage of real-time results: As the scan is being run, not only can you see the results as they are being gathered, but navigate and filter on them as well. This allows you to easily act upon the vulnerability data while the scan is happening.

Report Customization:-
New reporting features allow for improved communication of vulnerability results with all parts of the organization:

• Results filtering and report creation: Results filtering and report creation is more flexible than ever before. Users can apply multiple result filtering criteria, and targeted reports can be generated against the filtered results.

• Create reports that contain only exploitable vulnerabilities, multiple risk levels (e.g., only show critical and high risk findings), filter on CVE or Bugtraq ID, plugin name, and more!

• Reports customized by audience: Reports can be customized for executives, systems administrators, or auditors. A user can exclude particular vulnerabilities from a report before it is generated, allowing delivery of results targeted to specific audiences.

• Example: During an internal scan, Nessus will report that a DNS server allows recursive queries, which is its function on the internal network. As this is a known condition, a user can suppress this result in the generated report to keep focus on true vulnerabilities.

• With four new pre-configured report formats — Compliance Check, Compliance Check (Executive), Vulnerabilities by Host, and Vulnerabilities by Plugin — users can quickly create reports by chapters.

• Example: The company’s compliance policy dictates that passwords be greater than ten characters in length. Nessus v5.0 runs a scan against the baseline, and the Compliance Check (Executive) report shows a pass/fail result to indicate if all hosts on the network are compliant with the minimum password length. With pass/fail results, the Compliance Check (Executive) report provides a quick snapshot of the company’s compliance checklist status.

• Report formats: Reports can be generated in native Nessus formats, HTML, and now PDF formats (requires Oracle Java be installed on the Nessus server).

• The new PDF report format makes it easier to share reports.

• Combined reports: Multiple report templates can be combined into one report.

• A single report can now contain vulnerabilities sorted by host and by IP address/hostname.

To Download Nessus click Here

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Nessus 5.0 Vulnerability Scanner Released"https://www.voiceofgreyhat.com/2012/02/nessus-50-vulnerability-scanner.html</a>

Microsoft Announces Coordinated Vulnerability Disclosure Procedures And First Two Vulnerability Advisories

Microsoft announced that it will be actively demonstrating its commitment to Coordinated Vulnderability Disclosure (CVD) by publishing CVD documents and releasing Microsoft Vulnerability Research (MSVR) Advisories on vulnerabilities discovered by Microsoft but fixed by affected vendors. Microsoft hopes that these documents will provide more transparency and insight into their disclosure philosophy and about how they go through the process.

CVD documents clarify how Microsoft responds as a vendor impacted by the vulnerabilities in their own products and services. These documents also demonstrate how Microsoft acts as a finder of vulnerabilities in third-party products and services, and how they act as a coordinator of such vulnerabilities. Read more on CVDs here (word document).

MSVR advisories cover security vulnerabilities that Microsoft or other security researchers discovered in third-party products or services. Microsoft discloses the vulnerabilities to the affected vulnerabilities using procedures described in the Coordinated Vulnerbility Disclosure.

Additionally, yesterday, Microsoft released the first two MSVR advisories which cover issues discovered by Microsoft in third party products, MSVR11-001 and MSVR11-002. Vulnerability 001 covers a vulnerability affecting the Google Chrome browser in versions prior to 6.0.472.59. This vulnerability affects the Sandbox in Chrome and could actually allow an attacker to run arbitrary code inside of Chrome's Sandbox. If the attacker fully exploited this vulnerability your browser would become unresponsive and/or exit unexpectedly; the attacker could run arbitrary code. Vulnerability 002 affects Google Chrome versions 8.0.552.210 and earlier, and Opera versions 10.62 and earlier; 002 addresses an information disclosure vulnerability which exists in the implementation of HTML5 in these browsers. If an attacker successfully exploited this vulnerability they could obtain private information from you.

As always, you should keep your system and programs on automatic update to get the most up to-date bug-free versions. To learn more about each vulnerability visit the Microsoft Vulnerability Research Advisories page.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Microsoft Announces Coordinated Vulnerability Disclosure Procedures And First Two Vulnerability Advisories"https://www.voiceofgreyhat.com/2011/04/vulnerablity.html</a>

DDoS Vulnerability in Cisco Video Surveillance IP Cameras

Denial of Service Vulnerability found in Cisco Video Surveillance IP Cameras.
According to CISCO:-

A denial of service (DoS) vulnerability exists in the Cisco Video Surveillance IP Cameras 2421, 2500 series and 2600 series of devices. An unauthenticated, remote attacker could exploit this vulnerability by sending crafted RTSP TCP packets to an affected device. Successful exploitation prevents cameras from sending video streams, subsequently causing a reboot. The camera reboot is done automatically and does not require action from an operator.
There are no workarounds available to mitigate exploitation of this vulnerability that can be applied on the Cisco Video Surveillance IP Cameras.  Mitigations that can be deployed on Cisco devices within the network are available.

Vulnerable Products:-

Cisco Video Surveillance IP Cameras 2421, 2500 series, and 2600 series are affected by this vulnerability. For Cisco Video Surveillance 2421 and 2500 series IP Cameras, all 1.1.x software releases and releases prior 2.4.0 are affected by this vulnerability. For Cisco Video Surveillance 2600 IP Camera, all software releases before 4.2.0-13 are affected by this vulnerability.

Details:-

The Cisco Video Surveillance IP Cameras are feature-rich digital cameras designed to provide superior performance in a wide variety of video surveillance applications.
Cisco Video Surveillance IP Cameras RTSP Crafted Packet Vulnerability. The Cisco Video Surveillance IP Cameras 2421, 2500 series, and 2600 series of devices are affected by a RSTP TCP crafted packets denial of service vulnerability that may allow an unauthenticated attacker to cause the device to reload by sending a series of crafted packets. This vulnerability can be exploited from both wired and wireless segments.

• For more information click Here

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">DDoS Vulnerability in Cisco Video Surveillance IP Cameras"https://www.voiceofgreyhat.com/2011/10/ddos-vulnerability-in-cisco-video.html</a>

SQL Injection Vulnerability In Google Lab Database System found by Shadman Tanjim

SQL Injection Vulnerability In Google Lab Database System found by Shadman Tanjim (Admin Bangladesh Cyber Army). Here is the report Submitted By Shadman to VOGH. 

REPORT:-

Very Big and Critical Vulnerability detect in Google Lab System. Vendor is already reported. But they don’t take positive step in this case this vulnerability is now exposed and open in public. Now I tell details About the Vulnerability in Google Lab System.
Google Lab Website has SQL Injection Vulnerability and Dangerous thing is this
Vulnerability is Exploitable. We can get Tables, columns and data. Google Lab
Database has his own customize DB system. But Interesting things is their database system is Similar as Ms Access database. In this case Ms Access SQL Injection System is Also Work on Google Lab Database system. And this vulnerability is 100% real and Now We can see this in our eyes. 

Now I give you Step by step proof about this Vulnerability.

1. Website: www.googlelabs.com or labs.google.com

2. Vulnerability type: SQL Injection

3. Vulnerable url: http://www.googlelabs.com/?q=%27&apps=Search+Labs

4. Injection Area in Link:
http://www.googlelabs.com/?q=%27&apps=%Inject_Here%Search+Labs 

Info:

6. Host IP: 209.85.175.141
7. Web Server: Google Frontend
8. Keyword Found: Fast
9. Injection type is Integer
10. Keyword corrected: Swirl

Let’s Check Exploiting this Vulnerable link. Here I use 3 Famous SQL Injection
tools. They are:

1. Havij Advance SQL Injection Tool

Website: http://itsecteam.com/en/projects/project1.htm

2. Safe3 SQL Injector v8.4

Website: http://www.safe3.com.cn/en/safe3si.htm

3. Pangolin SQL Injection Tool

Website: http://www.nosec-inc.com/en/

You Can Download the Video Of This Vulnerability VIDEO LINK

To Download the Full PDF report Click HERE

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">SQL Injection Vulnerability In Google Lab Database System found by Shadman Tanjim"https://www.voiceofgreyhat.com/2011/06/sql-injection-vulnerability-in-google.html</a>

Internet Explorer Vulnerability Allowing Hackers to Track Your Mouse Cursor

Internet Explorer Vulnerability Allowing Hackers to Track Your Mouse Cursor, Still Microsoft is Apathetic 

Yet again Microsoft Internet Explorer have fallen victim in front of hackers. Spider.io a website analytics firm has discovered a security vulnerability in all current versions of Internet Explorer that allows attackers to trace mouse cursors anywhere on users' screens even if the Internet Explorer window is minimized  The vulnerability is particularly troubling because it compromises the security of virtual keyboards and virtual keypads. Spider.io said -The vulnerability is notable because it compromises the security of virtual keyboards and virtual keypads.

As a user of Internet Explorer, your mouse movements can be recorded by an attacker even if you are security conscious and you never install any untoward software. An attacker can get access to your mouse movements simply by buying a display ad slot on any webpage you visit. This is not restricted to lowbrow porn and file-sharing sites. Through today’s ad exchanges, any site from YouTube to the New York Times is a possible attack vector. Indeed, the vulnerability is already being exploited by at least two display ad analytics companies across billions of webpage impressions each month. As long as the page with the exploitative advertiser’s ad stays open—even if you push the page to a background tab or, indeed, even if you minimize Internet Explorer—your mouse cursor can be tracked across your entire display.

Vulnerability Disclosure
Package: Microsoft Internet Explorer
Affected: Tested on versions 6–10
BugTraq Link: seclists.org/bugtraq/2012/Dec/81

Spider.io has set a demo page to demonstrate how the vulnerability is working. According to sources, Microsoft Security Research Center has acknowledged the vulnerability, but unfortunate that Microsoft are not in a hurry to patch this vulnerability in existing versions of its popular browser. "There are no immediate plans to patch this vulnerability in existing versions of the browser."  said MSRC

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Internet Explorer Vulnerability Allowing Hackers to Track Your Mouse Cursor "https://www.voiceofgreyhat.com/2012/12/IE-Vulnerability-Allowing-Hackers-to-Track-Mouse-Cursor.html</a>

iTunes Store Vulnerability Exposed, later Apple fixed that

Apple's iTunes Store had a vulnerability that accepted incorrect passwords from America Online (AOL) users, that could have been exploited by hackers.

Security researcher Joshua Long said he discovered the vulnerability more than six months ago but kept silent until Apple could fix the flaw."Apple recently worked with AOL to fix a vulnerability that has been discovered in the iTunes Store authentication process ... This vulnerability seemed to be a problem in the way Apple integrated AOL user names and passwords into its services," he said in his blog.Before the vulnerability was fixed, he said Apple would accept incorrect passwords from users logging into the store using an AOL Screen Name. Incomplete passwords, passwords with incorrect letter case, passwords with incorrect or extra characters at the end, or a combination of any or all of these, were accepted by Apple. "Knowledge of this vulnerability could potentially have been used by attackers, leading to disclosure of personally identifiable information, identity theft, and fraudulent purchases," he said.Long said the vulnerability took the whole six-month disclosure time limit to be announced.He said Apple was at first unresponsive to the problem and then when it did respond, it was initially unable to reproduce it. "When I discovered this security vulnerability last year, I felt that it was serious enough to warrant submitting it to a responsible third-party vulnerability management organization rather than only to Apple or AOL. I have submitted reports to both companies in the past, and I have found that sometimes it can take them a very long time to respond to a security issue," Long said.He noted that up to now, AOL "still doesn't seem to care about encrypting its Web-based e-mail service, in spite of Firesheep shining a spotlight on the problem last year.""I hoped that bringing in a third party to work with the vendor would help encourage the vendor to take the issue seriously and fix it more quickly," he said.He eventually asked upSploit to help inform the affected parties about the vulnerability and the date on which it will be disclosed to the public. "I believe that upSploit's persistence was a major factor in motivating the vendor to take action and to resolve the issue," he said. 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">iTunes Store Vulnerability Exposed, later Apple fixed that"https://www.voiceofgreyhat.com/2011/06/itunes-store-vulnerability-exposed.html</a>

VOGH Exclusive: URL Redirection Vulnerability Found In Facebook

VOGH Exclusive: URL Redirection Vulnerability Found In Facebook [The Vulnerability Still Active & Not Been Patched]

Facebook -the world's largest social networking site with registered users of more than one billion, is considered among one of the safest site of the cyber space. To maintain such reputation Facebook Inc has done all the required steps, that one could possibly take. Like other high profile and very popular websites, Facebook also stand as one of the hot target of almost every cyber criminals of the world. To get rid of this and make FB safe and secure, the company have introduced what it called 'Bug Bounty' offer; where you can submit vulnerabilities to FB and get rewarded. We have seen many security researchers and hackers across the globe has done this and get their award. But not every time, and today I will talk about that- few days ago a reader of VOGH, who also goes by the nick name of 'Dr41DeY' has figured out a URL redirection vulnerability in Facebook. One of the link in Facebook App which is apps.facebook.com is posing URL redirection vulnerability. The hacker has demonstrated how any one can use  the vulnerability  in order to manipulate millions of innocent Facebook users. Let see  

Before publishing this, one of our VOGH representative have talked with Facebook Security regarding this security vulnerability, but due to some reason FB might overlooked this issue. Finally after waiting for almost a week, we the Team VOGH decided to bring this in-front of our reader. Let briefly go through with the vulnerable link- 

https://apps.facebook.com/a.php?u=http://www.voiceofgreyhat.com&mac=AQLy7nyXi5NBt31j&__tn__=*B&eid=AQLpbizR7KEf3cyD0VTN7fNtv99fMZABDp2gdWhvL-MQocJIPy3w4hUG7_7hrmSMqDq7QLCI9k_0LbB95NEz_6GUDHGNgTDsGP_rX-VWRHxfg5a--VlnN1K9FdG3NAek8r2JPWENkb2Mu56EckbZCGXcPie27OnHxE-H7MBufQel0Pr-ZjpCWB6QF5xHeWsdKqyHzjK2woBGGrjk9Dlgnzcw3d9ZWPzrwbGpm6MSkpks3mqEphXnTP2Vd9UDQxIs68NnTaO35XIwKq5t3CSdb11iU_34gzjfLgvvDo_BYbgtrGe0Juc5CpRSwd5nImw9oPPvn6Za9rrxO_ivROtOGc2b2S3bYzNLWpbDwt3cFN2rJ3JElyIR0vjB4R859PpE9SrZx6AD3s_liikzPh30YLVb8XvPABk7r9MShk6OrVFPiAWZnEvPx49UzPDSF-nEl188rEPAi0KGJ4u1zb10hhzmHUCjH04SezDByUkyNituMb2lgiQz-Xlpgy_tkVYR-U7plDa38N9VzdAj_Bwefd7B85ykZCAy9ZQOt48Ql8KQeKfivk3sThZIkLwWPiju7R28Sw6bj09vS_Y28kFSqanGe9tYAPfKIe4zOzQt9-Q1CC_EwX3ypOlyQ2yXMiU3lwp7M9EriKHRFDsTgsuzzF-uvlpx3UrWh8M55-NX0ULjr4kxjAR5g_1wU-luUyn_Ot6Ly1_ZbBdahyb5uSmCDNvF5kMuIH8Gxvpql45dNffGzKau9oZGn6r1OmsG47JIGipznCVaZnWjXAakDnEMX6X8ZtI-M-db1olzbBpJdj5sZe-x2VM02S5XsXJWe_QLxFDOupjbz8I82HETHQ9PbzSIMsJboll4E3-f_JQFfdzwEguLa8SC_ImRahWBCwKNJeSlmRv91FqWpQaChe5-UyAoqcblvK4jPuRO3qC7o-qMTQ2jEJqqUW46koulOmgNJpMYXPgRxjNGcwjyTPS59Nr08zq6eCNd1aYLh2E4s5MYXBtVUTF8l0uhQ2wYSoR66xZsI2tK0DD1KiQHyTO1QieBwPtCN3eWgRzUTg3lM3ttkuwYKRPPLDvtUOPWmZhYUzUFcbfPM2kXdpqyGlrGx9-ErKGygYKATx2xzrTzktjgW4q0L5wfO3CSKAOCAoKfi_pfz-zIHSNE8ZAjZDtpbC_chgkvbHWJYYIs7pnE1riWJYORACjkkRr6nZoivC3z_g-8JBahghwy2C34kJYZJ6cBC8LKoB6KCTbj_F1tArQAzcSUij4vrJNUATzsdlO_ol6HwUQb8FjoWa38Bhtx81stxB328sgC9IGu1omPG0QeNJVhcJwh6HyEwtgycBLrlcdedaWbkwvnjv3F3BWuJIi763nBeYuAgNUaEUYHaXu_ZJzXW8fQ72nz_hddGT_GH50&sig=89099

Replace voiceofgreyhat.com with any of your favorite site, and the the said vulnerability will allow you to get redirected to that very website you want to from Facebook. This loophole is still active, and any one can test that with the above url, we thought the impact of this loophole is very serious, as any malicious attacker can misuse the trust-hod of Facebook's url in order to harm regular internet users, while redirecting them to any junk or malfunctional websites.

Disclaimer:- Earlier I told that the issue has already brought into the notice of Facebook Security, but they overlooked the whole issue, so being a responsible cyber media, we VOGH are disclosing this to people. If any one misuse this vulnerability, then Voiceofgreyhat will not at all be responsible for any kind of mishap.

Update:- May be doing more that what we call late repent, but finally the above disclosed vulnerability has been patched by Facebook security team. 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">VOGH Exclusive: URL Redirection Vulnerability Found In Facebook "https://www.voiceofgreyhat.com/2014/01/url-redirection-vulnerability-in-facebook.html</a>

Microsoft shows class in disclosing Google zero-day

Back in June of last year, Tavis Ormandy, a Google engineer in Switzerland, caused quite a stir. As Gregg Keizer reported at the time, Ormandy told Microsoft about a previously unknown security hole in Windows on June 5, and on June 9 he published a full description of the vulnerability, including proof-of-concept code, on the Full Disclosure mailing list.

Microsoft blew a corporate gasket. Mike Reavey, the director of the Microsoft Security Response Center, blogged the following day, "Public disclosure of the details of this vulnerability and how to exploit it, without giving us time to resolve the issue for our potentially affected customers, makes broad attacks more likely and puts customers at risk."

Omandy responded that he was acting on his own behalf, not as a Google employee, but Reavy didn't buy it. The relationship between Microsoft and Google turned from frosty to frigid.

Last week, Microsoft showed its mettle by publicly issuing a new policy and two new "Microsoft Vulnerability Research Advisories" -- a completely new breed of Microsoft malware-fighting animal.

The policy is a nine-page document saying, basically, that when Microsoft discovers a zero-day flaw in some other vendor's product, Microsoft will work with the vendor to fix the vulnerability -- and make sure it's fixed before telling the world: "If attacks are underway in the wild, and the vendor is still working on the update, then both the finder and vendor work together as closely as possible to provide early public vulnerability disclosure to protect customers."

There are exceptions to the private reporting restriction. The policy allows Microsoft to divulge details if the vulnerability becomes known to the public at large, when there's evidence that the vulnerability is being used, or when the vendor doesn't respond.

That last point has become a bone of contention with several security researchers who claim that Microsoft hasn't responded quickly enough -- or, indeed, hasn't responded at all -- to their reports of Microsoft vulnerabilities. To be fair, no one has yet determined precisely how long it takes for a lack of response to result in a vendor being classified as "unresponsive."

Microsoft accompanied the new procedure with two new MSVR advisories, dubbed MSVR11-001and MSVR11-002. It comes as no surprise that both of them describe previously undocumented security holes in Google products that had been patched by Google. (MSVR11-002 describes a problem in both Google Chrome and Opera.)

Neither vulnerability is particularly interesting. The first one, a buffer overflow, allows arbitrary code to run, but only in the confines of the Chrome sandbox. It was fixed in Chrome Version 6.0.472.59, which was released seven months ago. The second requires advance knowledge of a specific local IP address. It was fixed in Chrome 8.0.552.215, which was released four months ago. Apparently, Microsoft held onto both reports, pending final publication of their new policy.

If you or someone in your organization ever stumbles on a zero-day vulnerability in a software product, take a few minutes to look over Microsoft's policy. I won't get sucked into debating the virtues of Full Disclosure versus Coordinated Disclosure, but it would certainly be instructive to see how Microsoft says it would treat you and your organization if the shoe were on the other foot.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Microsoft shows class in disclosing Google zero-day"https://www.voiceofgreyhat.com/2011/04/microsoft-shows-class-in-disclosing.html</a>

PostgreSQL Fixed “Persistent Denial-of-Service” Vulnerability (CVE-2013-1899)

PostgreSQL Fixed 'High-Exposure Security Vulnerability' Causing Denial-of-Service Attack (CVE-2013-1899)

Security researcher's have yet again figured out a serious security hole in one of most widely used object-relational database management system, PostgreSQL also known as Postgres. While manipulating the loophole an attacker can easily corrupt files and in some cases, can execute malicious code on underlying servers causing "persistent denial-of-service" attack. By corrupting the files an attacker can cause database server to crash and refuse to reboot. Affected servers could only be restarted by removing garbage text from the files or by restoring them from a backup. Versions 9.0, 9.1, and 9.2 are all vulnerable. As soon as this vulnerability get spotted, the developers at PostgreSQL immediately  released updates while addressing a "high-exposure security vulnerability in versions 9.0 and later." The updates are available for 9.0, 9.1, and 9.2 branches, as well as 8.4. This updates also allow PostgreSQL to be built using Microsoft Visual Studio 2012. According to developers: "A major security issue fixed in this release, CVE-2013-1899, makes it possible for a connection request containing a database name that begins with "-" to be crafted that can damage or destroy files within a server's data directory. Anyone with access to the port the PostgreSQL server listens on can initiate this request. This issue was discovered by Mitsumasa Kondo and Kyotaro Horiguchi of NTT Open Source Software Center." In addition to fixes for one major security issue, the updates also include four more minor security fixes, as well as fixes for other, non-security-related issues. 

Some of these fixes include:

• A security vulnerability that made contrib/pgcrypto-generated strings too easy to guess;
• A vulnerability that would allow unprivileged users to interfere with backups;
• Security issues involving the OS X and Linux installers;
• Vaious issues with GiST indices;
• An issue related to crash recovery; and
• Memory and buffer leaks, among others.

The complete list of fixes and enhancements in each version can be found on the PostgreSQL release notes archive page. Also the patched PostgreSQL 9.2.4, 9.1.9, 9.0.13, and 8.4.17 are available now at download  page. While talking about this fix, we would like to remind you that, late in last year another security vulnerability hit PostgreSQL database system, including versions 9.1.5, 9.0.9, 8.4.13 and 8.3.20. The security holes associated with libxml2 and libxslt. Along with that a vulnerability in the built-in XML functionality, and a vulnerability in the XSLT functionality supplied by the optional XML2 extension. 

-Source (Campus Technology & The-H)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">PostgreSQL Fixed “Persistent Denial-of-Service” Vulnerability (CVE-2013-1899)"https://www.voiceofgreyhat.com/2013/04/PostgreSQL-fixed-denial-of-Service-vulnerability.html</a>

Researchers Found Flaws On The IPv6 Handling System Of Windows 7

Researchers have found a flaw in the way Windows 7 handles IPv6, one of the key protocols underlying the internet, saying attackers could use the vulnerability to crash PCs.
The security firm Barracuda Labs said on Tuesday that someone would have to make a targeted denial-of-service attack to exploit the vulnerability, but exploitation could cause failure in a PC's network connectivity, applications and sound system.
Microsoft has acknowledged and reported the flaw, but has said it will not patch it in a security update, because exploiting the vulnerability requires local network access.
According to Barracuda Labs researcher Thomas Unterleitner, the vulnerability lies in the way Windows 7's remote procedure call (RPC) function handles malformed DHCPv6 requests — DHCP (Dynamic Host Configuration Protocol) being the automatic configuration protocol that lets servers allocate IP addresses to clients at start-up.
DHCPv6 is part of IPv6, the new version of the internet protocol that is being slowly rolled out. 128-bit IPv6 addressing can handle a vastly greater number of connected network devices than 32-bit IPv4, which was introduced in 1981 and is now running out of address space.

Intercept DHCPv6 traffic:-

"To exploit this vulnerability, an attacker would need to intercept DHCPv6 traffic," Unterleitner wrote. "Once a DHCPv6 request has been intercepted, the corresponding reply would have to be modified to contain the malformed Domain Search List option. On reception of this malformed packet, RPC on the remote machine would fail. Exploiting this vulnerability would cause the RPC service to fail, losing any RPC-based services, as well as the potential loss of some COM functions."
Unterleitner told ZDNet UK on Wednesday that a successful attack would "crash the RPC service from the Windows operating system, and without this service Windows 'collapses' slowly — no sound, no IP and so on".
 

Barracuda Labs confirmed the DHCPv6 vulnerability on both 32-bit and 64-bit versions of Windows 7 Ultimate with Service Pack 1, and said it was "very likely" that other versions of Windows 7, and possibly earlier versions of Windows, are also affected.
After the security researchers warned Microsoft of the flaw, the company replied in late July, saying it had replicated the vulnerability. However, Microsoft said that executing a man-in-the-middle attack or establishing a rogue DHCPv6 server to exploit the flaw would require local access, so the flaw would only be fixed in the next version of Windows.
Unterleitner said an incorrectly-configured or buggy Linux DHCP server could also trigger similar effects on the client PC, but the method described by Barracuda Labs is the easiest way for a "pinpoint denial-of-service" attack to compromise a client.
ZDNet UK has asked Microsoft for comment on the vulnerability, but had received none at the time of writing.

-News Source (ZDNet)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Researchers Found Flaws On The IPv6 Handling System Of Windows 7"https://www.voiceofgreyhat.com/2011/08/researchers-found-flaws-on-ipv6.html</a>

Acunetix Web Vulnerability Scanner v8 Released

Acunetix Web Vulnerability Scanner v8 Released  

Earlier we have discussed various times about Acunetix. November last year the team has released Acunetix Web Vulnerability Scanner 8 BETA and now in February we finally got the most awaited Final resale of Acunetix 8. Before this final resale in January this year Release Candidate (RC) of Acunetix 8. Version 8 echoes years of counter-hacking experience through its new ability to lock hackers out by integrating scan results into Imperva’s Web Application Firewall, and by recognizing a new breed of vulnerabilities through new detection methods. Additionally, Acunetix WVS 8 takes vulnerability scanning to a new level by integrating smarter and more reliable automated features, making it quicker to launch a scan with less configuration required. In the official blog Mr. Nick Galea the CEO of Acunetix  told:- “Acunetix WVS 8 continues to set new standards for web vulnerability scanners. Web security exploit statistics are steadily on the rise — unfortunately not in favor of website owners — which is why version 8 of WVS focuses on providing a comprehensive solution to anyone wanting to make their online presence a safe one. Acunetix WVS 8′s high performance scanning engine provides even more accurate exploit detection, and coupled with the new automation enhancements securing a web application has never been easier. WVS 8 makes it clear why Acunetix is the number one choice for companies to audit and secure their websites.”

Features At a Glance:- 

* Manipulation of inputs from URLs:
Acunetix WVS can automatically identify URL parameters and manipulate them to detect vulnerabilities. This technology is not present in any other competing vulnerability scanner.
Replace manual intervention with scanner intelligence
* Automatic custom 404 error page identification:
Acunetix WVS 8 can automatically determine if a custom error page is in use, and recognizes it without needing any recognition patterns to be configured before the scan.
Interpret IIS 7 rewrite rules automatically
Using the web application’s web.config file, WVS 8 can automatically interpret rewrite rules without requiring any manual input.
Fix vulnerabilities while locking hackers out
* Imperva Web Application Firewall integration:
An exciting co-operation between Imperva and Acunetix; WVS 8 scan results can be imported into an Imperva Web Application Firewall and interpreted automatically as firewall rules.
Use WVS 8 as a true security scanning workhorse
* Multiple instance support:
Acunetix WVS 8 can be relaunched as multiple instances on the same machine, allowing the user to scan multiple websites enabling further support for multi-user scenarios on the same server/workstation.
Re-scan without re-configuring
* Scan settings templates:
WVS 8 can save the settings for the scan of a specific application as a template, making it quick and easy to recall those exact settings for the same application each time it is scanned. This is particularly useful when auditing multiple sites, enabling the user to load the template for each site instead of re-configuring everything manually.
Launch a scan quicker than before
* Simplified Scan Wizard:
In addition to the introduction of Scan Settings Templates and automatic custom 404 error page recognition, the Scan Wizard contains far less options so it’s much easier and quicker to kick off a scan.
Access your results from anywhere and everywhere
* Web-based scheduler:
Accessible via a web interface, the new Scheduler allows administrators to download scan results from any workstation, laptop, or smartphone. The new Scheduler will automatically launch another instance of WVS when multiple web scans are due, preventing multiple processes from depending on the resources of one WVS instance, and thereby allowing scans to complete in less time.
Identify threats unseen by other black-box scanners
* New HTTP Parameter Pollution vulnerability class:
At the time of writing, Acunetix WVS 8 is the only scanner that tests for this security vulnerability.
Ensure complex scans will complete automatically and successfully
* Smart memory management:
The following settings have been added to optimise scanning efficiency:
Define number of files per directory
Limit number of subdirectories per website
Assign Crawler memory limit

Other New Features:-

• Real time Crawler status (number of crawled files, inputs discovered, etc.)
• Support for custom HTTP headers in automated scans
• Configurable log file retention
• Detailed Crawler coverage report
• Scan status included in report

To Download Acunetix Web Vulnerability Scanner v8 Click Here

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Acunetix Web Vulnerability Scanner v8 Released"https://www.voiceofgreyhat.com/2012/02/acunetix-web-vulnerability-scanner-v8.html</a>

Acunetix Web Vulnerability Scanner 8 BETA Arrived

One of the worlds famous web vulnerability scanner Acunetix has released their next version WVS 8 BETA. Many of you have been biting their nails in anticipation of this Beta, so sit tight and read on for the next most important stage in the evolution of Acunetix WVS.  Version 8 of Web Vulnerability Scanner has been optimized to make life easier at every stage of a security scan. WVS is easier to use for web admins and security analysts alike: enhanced automation, ability to save scan settings as a template to avoid reconfiguration, and multiple instance support for simultaneous scans of several websites. WVS 8 also ushers in a new exciting co-operation between Acunetix and Imperva: developers of the industry’s leading Web Application Firewall.

Some Improved Features:-    

• AcuSensor Technology

• An automatic client script analyzer allowing for security testing of Ajax and Web 2.0 applications

• Industries' most advanced and in-depth SQL injection and Cross site scripting testing

• Advanced penetration testing tools, such as the HTTP Editor and the HTTP Fuzzer  

• Visual macro recorder makes testing web forms and password protected areas easy

• Support for pages with CAPTHCA, single sign-on and Two Factor authentication mechanisms

• Extensive reporting facilities including VISA PCI compliance reports

• Multi-threaded and lightning fast scanner crawls hundreds of thousands of pages with ease

• Intelligent crawler detects web server type and application language

• Acunetix crawls and analyzes websites including flash content, SOAP and AJAX

• Port scans a web server and runs security checks against network services running on the server  

Brief Description of  Acunetix 8 Features:-

Manipulation of inputs from URLs:-
Acunetix WVS can automatically detect URL parameters and manipulate them to detect vulnerabilities. This technology is not present in any other competing vulnerability scanner.

Automatic IIS 7  rewrite rule interpretation:-
Using the web application’s web.config file, WVS 8 can automatically interpret rewrite rules without requiring any manual input.

Support for custom HTTP headers

To function correctly, some web applications need incoming requests to contain specific HTTP headers. It is now possible to define custom HTTP headers to be used during automated scans.

Imperva Web Application Firewall integration:-
An exciting co-operation between Imperva and Acunetix: WVS 8 scan results can be automatically imported into an Imperva Web Application Firewall and interpreted as rules.

New vulnerability class: HTTP Parameter Pollution:-
At the time of writing, Acunetix WVS 8 is the only scanner that tests for this security vulnerability.

Multiple instance support:-
Acunetix WVS 8 can be relaunched as multiple instances on the same machine, allowing the user to scan multiple websites and opening up further support for multi-user scenarios on the same server/workstation.

Redesigned Scheduler:-
Accessible via a web interface, the new Scheduler allows administrators to download scan results from any workstation, laptop, or smartphone. The new Scheduler will automatically launch another instance of WVS when multiple web scans are due, preventing multiple processes from depending on the resources of one WVS instance and thereby allowing scans to complete in less time.
Automatic custom 404 error page recognition and detection
Acunetix WVS 8 can automatically determine if a custom error page is in use and recognizes it without requiring any custom 404 recognition patterns to be configured for a scan

Scan settings templates:-
WVS 8 now allow the settings for the scan of a specific application to be saved as individual templates, making it quick and easy to recall the exact settings for a website each time it is scanned. This is particularly useful when scanning multiple sites, allowing the user to load the template for each site instead of re-configuring all the settings manually.

Simplified Scan Wizard:-
In addition to the introduction of Scan Settings Templates and automatic custom 404 error page recognition, the Scan Wizard contains far less options so it’s much easier and quicker to kick off a scan.
Smart memory management

The following settings have been added to ensure even the most complex scans will complete automatically, and successfully:-

•     Define number of files per directory

•     Limit number of subdirectories per website

•     Assign Crawler memory limit

Real-time Crawler status:-
Crawler data is now updated in real-time information and provides live feedback how many files have been crawled, how many inputs have been detected, and more.

Scan termination status included in report:-
Reports now include the termination or completion status of each vulnerability scan. For example: the report will display if the scan was completed successfully or halted manually.

Web application coverage report:-
A new report template that lists all the web application files crawled and specific vulnerability tests performed on each file.

Log file retention:-

It is now possible to define the retention span before log files are automatically flushed; to ensure logs are not deleted each time WVS is restarted.

To Download Acunetix Web Vulnerability Scanner 8 BETA Click Here

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Acunetix Web Vulnerability Scanner 8 BETA Arrived"https://www.voiceofgreyhat.com/2011/11/acunetix-web-vulnerability-scanner-8.html</a>

Adobe Released Security Bulletin to Patch Multiple Vulnerable Products

Adobe released a security bulletin to patch their multiple vulnerable products. Here are the list with detail information of those products.

• APSB11-19 – Security update available for Adobe Shockwave Player (Critical)
• APSB11-20 – Security update available for Adobe Flash Media Server (Critical)
• APSB11-21 – Security update available for Adobe Flash Player (Critical)
• APSB11-22 – Security update available for Adobe Photoshop CS5 (Critical)
• APSB11-23 – Security updates available for RoboHelp (Important)

Security update available for Adobe Shockwave Player:-

 
Critical vulnerabilities have been identified in Adobe Shockwave Player 11.6.0.626 and earlier versions on the Windows and Macintosh operating systems. These vulnerabilities could allow an attacker, who successfully exploits these vulnerabilities, to run malicious code on the affected system.
Adobe recommends users of Adobe Shockwave Player 11.6.0.626 and earlier versions update to Adobe Shockwave Player 11.6.1.629.

Security update available for Adobe Flash Media Server :-

A critical vulnerability has been identified in Adobe Flash Media Server (FMS) 4.0.2 and earlier versions, and Adobe Flash Media Server (FMS) 3.5.6 and earlier versions for Windows and Linux.
This vulnerability could allow an attacker, who successfully exploits the vulnerability, to cause a denial of service on the affected system. Adobe has provided an update to address the reported vulnerability and recommends that users update their installations to Flash Media Server 4.0.3 or 3.5.7 respectively.

Security update available for Adobe Flash Player :-

Critical vulnerabilities have been identified in Adobe Flash Player 10.3.181.36 and earlier versions for Windows, Macintosh, Linux and Solaris, and Adobe Flash Player 10.3.185.25 and earlier versions for Android. These vulnerabilities could cause a crash and potentially allow an attacker to take control of the affected system.
Adobe recommends users of Adobe Flash Player 10.3.181.36 and earlier versions for Windows, Macintosh, Linux and Solaris update to Adobe Flash Player 10.3.183.5. Users of Adobe Flash Player for Android 10.3.185.25 and earlier versions should update to Adobe Flash Player for Android 10.3.186.3. Users of Adobe AIR 2.7 for Windows and Macintosh, should update to 2.7.1 and users of AIR 2.7 for Android should update to Adobe AIR 2.7.1.1961.

Security update available for Adobe Photoshop CS5 :-

A critical vulnerability has been identified in Photoshop CS5 and CS5.1 (12.0 and 12.1) and earlier for Windows and Macintosh that could allow an attacker who successfully exploits this vulnerability to take control of the affected system. To successfully exploit this vulnerability, an attacker would have to convince a user to open a malicious .GIF file in Photoshop CS5.

Security updates available for RoboHelp :-

An important vulnerability has been identified in RoboHelp 9 (versions 9.0.1.232 and earlier), RoboHelp 8, RoboHelp Server 9 and RoboHelp Server 8. A specially crafted URL could be used to create a cross-site scripting attack on RoboHelp installations. 

-News Source (Adobe & Help Security)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Adobe Released Security Bulletin to Patch Multiple Vulnerable Products"https://www.voiceofgreyhat.com/2011/08/adobe-released-security-bulletin-to.html</a>

Ruby on Rails Public Key Security Vulnerability In GitHub

 Ruby on Rails Public Key Security Vulnerability In GitHub

A Russian security researcher named Homakov has found that Github has succumbed to a public key vulnerability in Ruby on Rails which is allowing a normal user to gain administrator access into the popular Rails Git. Homakov exploited a flaw in how the Ruby on Rails web framework handles mass assignments that allowed him to write a posting, delete a posting or push changes into source code on any GitHub project. Homakov had previously created an issue regarding mass assignment security on the rails issue tracker on GitHub; this was closed by the developers saying that it was the application developers' responsibility to secure their applications. Homakov then decided to demonstrate the issue using the nearest Ruby on Rails application, GitHub. The problem or in other word this security flaws is known as the mass assignment vulnerability, has been around since the ability to set a number of attributes in one call was introduced in Rails. Later GitHub confirms to close that security hole. 

According to the GitHub official Blog post:- 

"The root cause of the vulnerability was a failure to properly check incoming form parameters, a problem known as the mass-assignment vulnerability. In parallel to the attack investigation we initiated a full audit of the GitHub codebase to ensure that no other instances of this vulnerability were present. This audit is still ongoing, and I am going to personally ensure that we have a strategy going forward to prevent this type of vulnerability from happening again.
I sincerely apologize for allowing this to happen. Security is our priority and I will be arranging additional external security audits above and beyond our normal schedule to further test our security measures and give you peace of mind."

Brief About GitHub:-

Github is the web based front-end set up around Linus Torvald's Git revision control system. Due to the web site's extensive social networking features combined with the Git revisioning system Github has become extremely popular. Github is also used by a number of high-profile projects including the Linux kernel. 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Ruby on Rails Public Key Security Vulnerability In GitHub"https://www.voiceofgreyhat.com/2012/03/ruby-on-rails-public-key-security.html</a>

PHP Vulnerability Hunter v.1.1.4.6

PHP Vulnerability Hunter is an advanced automated whitebox fuzz testing tool. is the application that detected almost all of the web application vulnerabilities listed on the advisories page. PHP Vulnerability Hunter is an advanced automated whitebox fuzz testing tool capable of triggering a wide range of exploitable faults in PHP web applications. Minimal configuration is necessary to begin a scan; PHP Vulnerability Hunter doesn’t even need a user specified starting URI. At the core of the PHP Vulnerability Hunter scan algorithm is dynamic program analysis. Unlike many vulnerability scanners and fuzz tools that rely on static analysis, PHP Vulnerability Hunter analyzes the program as it’s running to get a clear view of all input vectors. That means better code coverage and as a result greater confidence in code security.

Features :-

•     Automated input vector discovery.
•     Integrate fault detection
•     Minimal configuration.
•     Proven effective
•     Added code coverage report
•     Updated GUI validation
•     Several instrumentation fixes
•     Fixed lingering connection issue
•     Fixed GUI and report viewer crashes related to working directory

To Download PHP Vulnerability Hunter Click Here

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">PHP Vulnerability Hunter v.1.1.4.6"https://www.voiceofgreyhat.com/2011/11/php-vulnerability-hunter-v1146.html</a>

Oracle Issued Security Update of DDoS Vulnerability in Apache HTTPD

Oracle, the giant enterprise database company - and, of course, owner of the erstwhile Sun Microsystems - has just published an out-of-band security update. This is only the fifth time Oracle has issued an alert outside its routine quarterly patch cycle since introducing its own version of Patch Tuesday at the start of 2005.

Description:-

This security alert addresses the security issue CVE-2011-3192, a denial of service vulnerability in Apache HTTPD, which is applicable to Oracle HTTP Server products based on Apache 2.0 or 2.2. This vulnerability may be remotely exploitable without authentication, i.e. it may be exploited over a network without the need for a username and password. A remote user can exploit this vulnerability to impact the availability of un-patched systems.

Affected Products and Versions:-

• Oracle Fusion Middleware 11g Release 1, versions 11.1.1.3.0, 11.1.1.4.0, 11.1.1.5.0
• Oracle Application Server 10g Release 3, version 10.1.3.5.0 (Only affected when Oracle HTTP Server 10g based on Apache 2.0 has been installed from Application Server Companion CD)
• Oracle Application Server 10g Release 2, version 10.1.2.3.0 (Only affected when Oracle HTTP Server 10g based on Apache 2.0 has been installed from Application Server Companion CD)

Please note that Oracle Enterprise Manager includes the Oracle Fusion Middleware component that is affected by this vulnerability. Oracle Enterprise Manager is affected only if the affected Oracle Fusion Middleware version (noted above) is being used. Since a vulnerability affecting Oracle Fusion Middleware versions may affect Oracle Enterprise Manager, Oracle recommends that customers apply the fix for this vulnerability to the Oracle Fusion Middleware component of Oracle Enterprise Manager. For information on what patches need to be applied to your environments, refer to Security Alert CVE-2011-3192 Patch Availability Document, My Oracle Support Note 1357871.1.

Patch Availability:-

Patches and relevant information for protection against this vulnerability can be found Here

Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply Security Alert fixes as soon as possible.

-News Source (Oracle)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Oracle Issued Security Update of DDoS Vulnerability in Apache HTTPD"https://www.voiceofgreyhat.com/2011/09/oracle-issued-security-update-of-ddos.html</a>

Metasploit Pro (Community Edition of Metasploit)

US security company Rapid7 has announced the launch of a Community Edition of the popular Metasploit exploit framework. According to Rapid7 Chief Security Officer and Metasploit Creator HD Moore, "The best way to tackle the increasing information security challenge is to share knowledge between practitioners, open source projects and commercial vendors."

The Community Edition is free for personal and professional use, combining the open source version of the framework with several of the features found in Metasploit Pro, to provide "an entry-level response to the evolving threat landscape". It includes "a basic version" of the commercial graphical user interface which is aimed at making it easier for users to get started with vulnerability verification and security assessments.

According to Rapid 7:-

Metasploit Pro helps enterprise defenders prevent data breaches by efficiently prioritizing vulnerabilities, verifying controls and mitigation strategies, and conducting real-world, collaborative, broad-scope penetration tests to improve your security risk intelligence.

Prevent data breaches:-

Metasploit Pro helps you improve your enterprise vulnerability management program and test how well your perimeter holds up against real world attacks:

• Identify critical vulnerabilities that could lead to a data breach so you know what to patch first
• Reduce the effort required for penetration testing, enabling you to test more systems more frequently
• Discover weak trust models caused by shared credentials that are vulnerable to brute forcing and harvesting
• Locate exposed, sensitive information with automated post-exploitation file system searches

Prioritize Vulnerabilities:-

Metasploit Pro makes your security and operations team more efficient because it helps you prioritize the vulnerabilities reported by your vulnerability scanner:

• Import vulnerability management reports from more than a dozen third-party applications and verify their findings to eliminate false positives
• Integrate with your in-house Nexpose infrastructure to kick off new scans and access real-time vulnerability findings (requires Nexpose)
• Focus on remediating critical vulnerabilities to reduce exposure and reduce mitigation costs
• Prove exploitability to application owners to expedite remediation

Verify controls and mitigation efforts:-

Metasploit Pro helps you verify that your remediation effort, such as a patch, new firewall rule or IPS configuration, actually stops the vulnerability from being exploited.

• Re-run exploits after mitigation to verify its effectiveness in preventing a data breach
• Enable the IT operations team or your client to verify whether controls and mitigations were successful by handing them a replay script that re-traces the steps you took to exploit the vulnerability
• Draw on the Nexpose vulnerability database to read up on ways to remediate vulnerabilities (requires Nexpose)

For more information about Metasploit Pro Click Here

To Download Metasploit Click Here

-News Source (Rapid 7)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Metasploit Pro (Community Edition of Metasploit)"https://www.voiceofgreyhat.com/2011/10/metasploit-pro-community-edition-of.html</a>