netinfinity release Ubuntu Pentest Edition …
“Ubuntu pentest edition is primarily designed as a complete system (everyday usage – office, internet etc..) and can be used in pentesting purposes, which is a big advantage because you do not need to have a dual boot or use a virtual machine to run the system for pentest.”
Try it … link.
… for July and August.
Thanks to Microsoft Security Response Center.
I’ve discovered some XSS vulnerabilities in NetFlow Analyzer 7.
Link to Secunia SA.
I’ve discovered new XSS vulnerabilities in PSCS VPOP3 Enterprise Email server, exactly on Web Mail interface. Vulnerability version is 2.6.0j. Vendor is informed but isn’t published fix for this vulnerabilities yet, so for solution use a proxy or IPS to filter malicious characters.
Secunia confirmed and published this vulnerability.
This years Pwn2Own uncover 4 new never seen before critical vulnerabilities affecting the IE8, Safari and FireFox.
More about this contest you can read at DVLabs Blog.
Guys from the SRI International were made really good analysis on the currently most active Virus/Worm, Conficker, also known as Downup, Downadup and Kido.
Analysis can be found at http://mtc.sri.com/Conficker/.
Me and Ivan Markovic found vulnerability in ESET’s NOD32 Remote Administrator Server. Vulnerability is reported in version 3.x and potentially can be exploited to compromise a user’s system. For successful attack you need Administrator account at NOD32 RAS to create a malicious report. Administrators and Read-only users are both affected if open malicious report.
Secunia confirmed this vulnerability.
Here is CVE ID: 2009-0548.
I found vulnerability in VPOP3 Email server which allows script insertion.
Vulnerability is discovered in the version 2.6.0h. Although the vendor release the patch (implemented some filters), vulnerability still exists in the new version 2.6.0i. Patch don’t completely fix the vulnerability.
Secunia confirmed vulnerability.