If you need to update VMware tools on all Windows (Server 2003, XP) VMs on one or more VMware ESX server, you need to do that with command <i>vmware-vmupgrade.exe</i>. From my point of view this command is insecure, so I deiced to create a <i>bash</i> script for this job using GREAT utility <b>vimsh</b>. Script looks [...]

I am very proud to inform you that I’m on Security Researcher Acknowledgments for Microsoft Online Services for January 2009. I will continue my research in hope that i will be on this prestigious list again!

Me and Ivan Markovic found vulnerability in ESET’s NOD32 Remote Administrator Server. Vulnerability is reported in version 3.x  and potentially can be exploited to compromise a user’s system. For successful attack you need Administrator account at NOD32 RAS to create a malicious report. Administrators and Read-only users are both affected if open malicious report. Secunia [...]

I found vulnerability in VPOP3 Email server which allows script insertion. Vulnerability is discovered in the version 2.6.0h. Although the vendor release the patch (implemented some filters), vulnerability still exists in the new version 2.6.0i. Patch don’t completely fix the vulnerability. Secunia confirmed vulnerability.