… and now I am very proud of myself because my name is the second time in a row appear on this page Security Researcher Acknowledgments for Microsoft Online Services. Hope to see you soon again!
If you need to update VMware tools on all Windows (Server 2003, XP) VMs on one or more VMware ESX server, you need to do that with command <i>vmware-vmupgrade.exe</i>.
From my point of view this command is insecure, so I deiced to create a <i>bash</i> script for this job using GREAT utility <b>vimsh</b>.
Script looks like this …
Continue reading VMware Tools – bulk update Windows VMs
I am very proud to inform you that I’m on Security Researcher Acknowledgments for Microsoft Online Services for January 2009.
I will continue my research in hope that i will be on this prestigious list again!
Me and Ivan Markovic found vulnerability in ESET’s NOD32 Remote Administrator Server. Vulnerability is reported in version 3.x and potentially can be exploited to compromise a user’s system. For successful attack you need Administrator account at NOD32 RAS to create a malicious report. Administrators and Read-only users are both affected if open malicious report.
Secunia confirmed this vulnerability.
Here is CVE ID: 2009-0548.
I found vulnerability in VPOP3 Email server which allows script insertion.
Vulnerability is discovered in the version 2.6.0h. Although the vendor release the patch (implemented some filters), vulnerability still exists in the new version 2.6.0i. Patch don’t completely fix the vulnerability.
Secunia confirmed vulnerability.
Few months ago I first read about this command and I forget where … Command is like top Linux command, but with much more information.
esxtop allows you monitoring and collecting of data for all system resources about VI.
More about esxtop statistics you can find at VMware community.
Hello and best wishes in New year!
Here is one more text with PoC about vulnerability in Public Key Infrastructure (PKI).
What do you think about this vulnerability?
After MDaemon vulnerability, I decide to test Merak Mail Server … And the result is vulnerability alike MDaemon, but more difficulty.
Secunia reported this vulnerability and estimate as moderately critical. For me this vulnerability especially in WebMail Pro interface is highly critical.
After my friend Dejan Levaja find the vulnerability in MDaemon, here is the new vulnerability that I found in MDaemon 🙂
More about this you can find at Secunia.