Tuesday
Nov252008
Some program Vulnebilities Detected!!
Just got done looking at some of my security sites and according to SecuriTeam there are are several programs that have vulnerabilities. here are the Ones that I've found:
These are the ones that I found and wanted to let you know about these so you can make your system even more secure. if I find any others I'll let you know!!!
Google chrome is vulnerable to URI Obfuscation vulnerability.
An attacker can easily perform malicious redirection by manipulating the browser functionality. The link can not be traversed properly in status address bar.This could facilitate the impersonation of legitimate web sites in order to steal sensitive information from unsuspecting users. The URI specified with @ character with or without NULL character causes the vulnerability.
[ad#ad2-right]iPhone Configuration Web Utility for Windows Directory Traversal
iPhone Configuration Web Utility lets "you easily create, sign and distribute configuration profiles using a web browser". A vulnerability in iPhone Configuration Web Utility allows remote attackers to access files that reside outside the bounding root directory of the program's files folder.
Streamripper Multiple Buffer Overflows
Streamripper "records Shoutcast and Live365 MP3 streams to a hard disk, creating separate files for each track. Runs under Unix and Windows." Secunia Research has discovered some vulnerabilities in Streamripper, which can be exploited by malicious people to compromise a user's system.
Amaya URL Bar Stack Overflow Vulnerability
A vulnerability in Amaya browser allows remote attackers to cause it to overflow an internal buffer which in turn can be leveraged to execute arbitrary code.
These are the ones that I found and wanted to let you know about these so you can make your system even more secure. if I find any others I'll let you know!!!
|
Post a Comment | in Address Bar, Age, Amaya, Browser, Buffer, Chrome, Configuration, Detected, Directory, Exploit, Google, Hard Disk, IPhone, Live, Make, Multiple, NULL, Nation, Ones, Other, Overflow, Overflows, Profiles, Programs, Red, Redirect, Root, Runs, Secunia, Security, Sites, Stack, Team, The, Tor, Traversal, Turn, URI, URI Obfuscation, URL, US, Unix, Use, Vulnebilities, Win, Window, Windows, XP, ability, address, attacker, bar, browser functionality, code, config, d, direction, directory traversal, file, folder, form, fun, function, functionality, impersonation, information, internal buffer, legitimate web, link, live365, lt, man, mp3 streams, null character, obfuscation, order, overflow vulnerability, person, phone, profile, program, rate, redirection, research, right, ru, search, security team, shoutcast, sign, site, stack overflow, status, str, streamripper, system, tip, track, unsuspecting users, user, utility, vulnerability, web, web utility, wind, windows directory 