by cocoruder(frankruder_at_hotmail.com)
http://ruder.cdut.net
Summary:
A remote code execute vulnerability exists in Microsoft Jet Engine. A remote attacker who successfully exploit this vulnerability can execute arbitrary code on the affected system.
Affected Software Versions:
Microsoft Office Access 2003 sp3 on Windows XP SP2(chinese)
阅读全文 »
鬼仔注:不过axis说这个漏洞有忽悠人的嫌疑,看 这里 。
来源:iDefense Labs
I. BACKGROUND
RealPlayer is an application for playing various media formats, developed by RealNetworks Inc. HelixPlayer is the open source version of RealPlayer. More information can be found at the URLs shown below.
http://www.real.com/realplayer.html
阅读全文 »
鬼仔注:幻影出的
来源:milw0rm
Vuln Exposed by: ZhenHan.Liu
Team: Ph4nt0m Security Team
http://www.ph4nt0m.org
Tested on: Full Patched Excel 2003 Sp2, CN
http://www.milw0rm.com/sploits/06272007-2670.zip
Tags: Excel, Exploit, PoC, Vulnerability来源:milw0rm
=============================================
vBulletin Google Site Map Creator (base) Remote File Include Vulnerability
=============================================
Found by : Host4vb.com & Cold z3ro
Contact : Admin@host4vb.com , Cold-z3ro@hotmail.com
Homepage : Host4vb.com , Hack-Teach.Org
=============================================
阅读全文 »
鬼仔注:XAMPP(Apache+MySQL+PHP+PERL)是一个功能强大的建站集成软件包。我见过有不少站为了省事直接用这个做,我以前测试东西也用这个搭建过环境。影响的版本挺多:
XAMPP Apache Distribution 1.4.14
XAMPP Apache Distribution 1.4.13
XAMPP Apache Distribution 1.4.12
XAMPP Apache Distribution 1.4.11
XAMPP Apache Distribution 1.4.10 a
XAMPP Apache Distribution 1.4.10
XAMPP Apache Distribution 1.4.9
XAMPP Apache Distribution 1.4.8
阅读全文 »
鬼仔:我用的是 firefox 2.0 ,测试成功。
看了下源文件,只要你输入的文字里面的字符里面包含了C:\boot.ini之后就会触发(不需要连在一起,分散的就可以),
C:\boot.ini对应的一个数组 var needstr = [ 67, 59, 220, 66, 79, 79, 84, 190, 73, 78, 73 ];
这个是指定读取C:\boot.ini
你可以通过改下这个读取其他文件。
来源:幻影的邮件列表
There is an interesting logic flaw in Mozilla Firefox web browser.
The vulnerability allows the 阅读全文 »
Tags: Firefox, Vulnerability