Search This Blog

Showing posts with label DDOS Vulnerability. Show all posts

Windows7 and MacOs versions of Skype vulnerable to Remote denial of service

A 19-year old security researcher "Ucha Gobejishvili", online name "longrifle0x",  discovered critical vulnerability in the skype versions of Windows 7 and MacOs platform.

According to his blog post, the Skype version 5.8.0.156 in windows 7 , Skype version 5.5.2340 in MacOs are vulnerable to remote Denial of service attack.

Researcher reported to the vendor about the vulnerability.  The vulnerability is accepted by vendor and they are on the process of patching this vulnerability. Researcher promised he will share full information about the vulnerability after vendor fix the vulnerability.

Few days back, he found XSS vulnerability in shop.skype.com & api.skype.com websites. In past, he discovered vulnerabilities in lot of high profile sites including Microsoft, Apple, Google ,facebook and Yahoo.

Dos(Denial of Service) and other vulnerability Found in Adobe ColdFusion 9

A security Researcher from websecurit.com.au discovered Denial of Service(DOS),information leakage,Full path disclosure vulnerability in Adobe ColdFusion version 9 and earlier versions.

Vulnerability Details:

Information Leakage (WASC-13):


http://site/CFIDE/componentutils/packagelist.cfm


Leakage of the list of all components installed at the server and paths to
them.

DoS (WASC-10):

http://site/CFIDE/componentutils/packagelist.cfm?refreshCache=yes

At this request the update of components cache occurs, which leads to
overload of the server, if large amount of components is installed.

Full path disclosure (WASC-13):

http://site/CFIDE/adminapi/_datasource/formatjdbcurl.cfm

http://site/CFIDE/adminapi/_datasource/getaccessdefaultsfromregistry.cfm

http://site/CFIDE/adminapi/_datasource/geturldefaults.cfm

http://site/CFIDE/adminapi/_datasource/setdsn.cfm

http://site/CFIDE/adminapi/_datasource/setmsaccessregistry.cfm

http://site/CFIDE/adminapi/_datasource/setsldatasource.cfm

http://site/CFIDE/adminapi/customtags/l10n.cfm

http://site/CFIDE/debug/cf_debugFr.cfm (in body of page with frames)

There are many other FPD in admin panel of ColdFusion.

Apache 2.2.20 released to fix DDoS vulnerability

Today, Apache 2.2.20 released to in order to fix the DDOS vulnerability reported few days back.

Fix handling of byte-range requests to use less memory, to avoid denial of service. If the sum of all ranges in a request is larger than the original file, ignore the ranges and send the complete file.

For more Details:
https://www.apache.org/dist/httpd/Announcement2.2.html