最新IE 0day

Yesterday, a copy of the unpatched Internet Explorer exploit used in the Aurora attacks was uploaded to Wepawet. Since the code is now public, we ported this to a Metasploit module in order to provide a safe way to test your workarounds and mitigation efforts.

#Trace: 代码被杀，打包了.

Rar pass: 123

Microsoft IIS 5.0/6.0 FTP Server Remote Stack Overflow Exploit (win2k)

#Trace: 有条件的试试。

#Trace: Firefox 3.5刚刚发布不久，就爆了一个高危漏洞。

Linksys WAG54G2 Web Management Console Local Arbitrary Shell Command Injection Vulnerability

BaoFeng (config.dll) ActiveX Remote Code Execution Exploit

Trace：上次是Pcshare,这次是Gh0st,下个是谁？

This vulnerability allows remote attackers to bypass access restrictions on vulnerable installations
of Internet Information Server 6.0.
The specific flaw exists within the WebDAV functionality of IIS 6.0. The Web Server fails to properly
handle unicode tokens when parsing the URI and sending back data. Exploitation of this issue can
result in the following:

#
# BaoFeng (mps.dll) Remote Code Execution Exploit
# By: MITBOY
# Download: www.baofeng.com
#
# Problem DLL    :     mps.dll
# Problem Func   :   OnBeforeVideoDownload()

Oracle WebLogic IIS connector JSESSIONID Remote Overflow Exploit

Metasploit更新了，0day，顶。
 

A web-borne vulnerability lurking in a popular email application seriously compromised the security of 40 million accounts until it was fixed early last month, independent researchers said.