| New User, Welcome! Login |
Next Page >>
On Wed
On Wed 2009-11-04 09:06:25, Gabor Gombas wrote:
> On Wed, Nov 04, 2009 at 10:17:13AM +1100, psz@maths.usyd.edu.au wrote:
>
> > But, mount requires root (and root can do anything, including shooting
> > himself in the foot).
>
> Irrelevant. The statement was that if /proc is not mounted, then the
> link count tells if there are other ways to access the inode besides the
> path you have used to access it. I showed you that this statement is
> false.
solved.
The Ubuntu releases in the last couple of days are actual software
issues in my opinion, not just poorly configured environments.
On Wed, Mar 30, 2011 at 11:32 AM, Christian Sciberras <uuf6429@gmail.com> wrote:
> I disagree. It is definitely a software issue.
>
> I just can't waste time with this, so I'll highlight a quick example;
> Firefox (as a clear example) comes with the right security dialogs
> enabled, even if you can later on tell it to always open exe files
On Wed 2009-11-04 09:06:25, Gabor Gombas wrote:
> On Wed, Nov 04, 2009 at 10:17:13AM +1100, psz@maths.usyd.edu.au wrote:
>
> > But, mount requires root (and root can do anything, including shooting
> > himself in the foot).
>
> Irrelevant. The statement was that if /proc is not mounted, then the
> link count tells if there are other ways to access the inode besides the
> path you have used to access it. I showed you that this statement is
> false.
On Wed, Jan 12, 2011 at 03:51:15PM -0700, david.kurz@majorsecurity.net wrote:
> [MajorSecurity SA-081]Contao CMS 2.9.2 - Persistent Cross Site Scripting Issue
>
> Details
> =============
> Product: Contao CMS 2.9.2
> Security-Risk: moderated
> Remote-Exploit: yes
> Vendor-URL: http://www.contao.org/
> Advisory-Status: published
7 days of seeding to impact.
Gadi.
On Wed, 6 Aug 2008, Gadi Evron wrote:
> Hi all.
>
> There's a facebook (possibly worm) something malicious sending fake
> messages from real users (friends).
On Wed, Dec 08, 2010 at 12:44:09AM +0300, Kai wrote:
>
> > Anyone tested this in sandbox yet?
>
> 00:37 linups:../expl/kernel > cat /etc/*release*
> openSUSE 11.3 (i586)
> VERSION = 11.3
> 00:37 linups:../expl/kernel > uname -r
> 2.6.34.4-0.1-desktop
> 00:37 linups:../expl/kernel > gcc _2.6.37.local.c -o test
On Wed, Jun 29, 2011 at 08:02:45PM +0100, Luigi Auriemma wrote:
> #######################################################################
>
> Luigi Auriemma
>
> Application: Winamp
> http://www.winamp.com
> Versions: <= 5.61
> Platforms: Windows
> Bugs: A] in_midi Controller messages heap overflow
their topics.
Regards,
The AppSec DC Program Committee
On Wed, Oct 12, 2011 at 9:43 AM, AppSec DC <cfp@appsecdc.org> wrote:
>
> Colleagues,
>
> Building on the success of AppSec DC 2010 and 2009, OWASP is pleased to announce the next OWASP AppSec DC conference. The theme for this year's conference is "OWASP - Not just webapps anymore" to reflect the new and revised scope of OWASP to include all application security issues instead of focusing just on web application security.
>
their security track record close enough to judge any of your points
regarding its security.
I beg to differ on a point of terminology though.
On Wed, Oct 31, 2007 at 02:44:35PM +0100, Shane Kerr wrote:
>
> My own take on it is that "crypto" implies that
> information is hidden in some way.
The "information hidden in some way" is the next sequence number. Since
On Wed, Oct 1, 2008 at 5:46 PM, Matthew Dempsky <matthew@mochimedia.com> wrote:
> If a Flash 9 SWF loads two SWF files with different SWF version
> numbers from two distinct HTTP requests to the exact same URL
> (including query string arguments), then Adobe's Flash Player plug-in
> will try to dereference a null pointer. This issue affects at least
> versions 9.0.45.0, 9.0.112.0, 9.0.124.0, and 10.0.12.10 on Windows, OS
> X, and Linux.
As an update, this issue also affects 10.0.22.87 at least on Windows
and OS X. I've seen some Linux distributions (e.g., [1]) claim that
Salut, gregory,
On Wed, 13 Feb 2008 10:20:51 +0100, gregory wrote:
> All sysop must consider this advisory!!!
>
> Tested and really dangerous!
...and ancient. Fixed a while ago. Milw0rm had it a day after it was
released, Slashdot had it 3 days after and Heise 4 or 5. And you
managed to be about a week late. Congratulations.
On Wed, Sep 26, 2007 at 04:25:30PM -0700, Zow Terry Brugger wrote:
> > As a professional, I would be happy to see terms like '0day' banished
> > from the lexicon entirely. It's an essentially meaningless -- all
> > third-party exploits are zero-day to _somebody_ -- term of boast co-
> > opted from the warez scene, and we can do perfectly well without it.
>
> I'd accept that. Can we agree on a term that means: "Right now you're
> learning about a vulnerability for which there is a working exploit, and no
> way to protect yourself short of impacting the availability of your systems
> by unplugging them or disabling the affected service."?
On Wed, Nov 23, 2011 at 12:30:58PM +0000, Amir@irist.ir wrote:
> a bug in Wordpress enable-latex plugin that allows to us to occur a Remote File Include on a Remote machin.
>
>
>
> ################################################################################################################################
> # #
> # Aria Security Team - Persian Network Security #
> # #
> # http://Aria-Security.Com/forum/ #
On Wed, May 14, 2008 at 05:20:52PM -0000, Tom.Donovan@acm.org wrote:
> It appears there is little that web servers can do to thwart this,
> short of changing all '+' characters to %2B. That seems excessive.
To be fair, this is what Microsoft has recommended, explicitly for the
purpose of preventing XSS, for *at least* the last 6 years. The library
I use does indeed encode "+" as "+".
On Wed, Dec 10, 2008 at 05:22:56AM -0700, s.gottschall@dd-wrt.com wrote:
> this is no security flaw since you must be already logged in
> within the webinterface of dd-wrt. otherwise this here will not
> work. we already fixed this issue in our sourcetree
It is a security flaw, you've neither fixed it nor understood it. The
whole point of CSRF is that it works by using the victim's active
session. An easy scenario in the case of DD-WRT is one where a victim
reads a malicious "HOWTO" site, which has step by step instructions on
how to say, boost signal strength. The user opens one tab to read the
On Wed, 15 Aug 2007, Glynn Clements wrote:
> > If setuid program just
> > trusts the environment in that it doesn't properly handle or block signals
> > whose default action is terminating the process and doesn't perform it's
> > actions in a fail-safe manner, it is certainly broken. Setuid program must
> > always be careful in signal handling and data processing.
>
> Ordinarily, a process can assume that certain signals (those which can
> only be generated by kill()) can only be received as a result of an
Salut, Roger,
On Wed, 5 Mar 2008 16:30:35 -0500, Roger A. Grimes wrote:
> As somewhat indicated in the paper itself, these types of physical
> DMA attacks are possible against any PC-based OS, not just Windows.
> If that's true, why is the paper titled around Windows Vista?
That's very easy: because the specific attack was against Windows
Vista's activation mechanism.
On Wed, Nov 02, 2011 at 08:40:35PM +0000, sschurtz@t-online.de wrote:
> Advisory: Serendipity 'serendipity[filter][bp.ALT]' Cross-Site Scripting vulnerability
> Advisory ID: SSCHADV2011-015
> Author: Stefan Schurtz
> Affected Software: Successfully tested on Serendipity 1.5.5
> Vendor URL: http://www.s9y.org
> Vendor Status: fixed
> CVE-ID: -
>
> ==========================
On Wed, 7 May 2008 pablo.ximenes@upr.edu wrote:
>
> Vulnerability Report:
>
> As part of our recent work on the trust hierarchy that exists among email providers throughout the Internet, we have uncovered a serious security flaw in Ggoogle's free email service, Gmail. This vulnerability exposes Google's email servers in a way that allows an attacker to use them as open spam and phishing relays. This issue is related to the risk of a malicious user abusing Gmail's email forwarding functionality. This is possible because Gmail's email forwarding functionality does not impose proper security restrictions during its setup process and can be easily subverted. By exploiting this problem an attacker can send unlimited spam and phishing (i.e. forged) email messages that are delivered by Google's very own SMTP servers. Since the messages are delivered by Google's own servers, an attack based on this flaw is able to bypass all spam filters that are based on the blacklist / whitelist concept. We were able to confirm that this vulnerability is indeed exploitable b
> y crafting a proof of concept attack that allowed us to send any number of forged email messages without restriction through Google's server infrastructure. We have also verified that this flaw allows attackers to bypass spam filters by using our method to send messages that are usually flagged as spam. While sending these messages directly from our network in the traditional way had the messages classified as spam, by sending the very same messages using our exploit, the messages were delivered directly to the victim's inbox, thus bypassing filters.
>
> Impact:
>
> All email providers that offer Google's SMTP servers any special level of trust (e.g. whitelist status) are vulnerable.
On Wed, 15 Aug 2007, Wojciech Purczynski wrote:
>
> > This doesn't change anything in what I said previously. If the sender's
> > EUID or RUID equals to any of SUID or RUID of the victim or the sender
> > process is root, the sender can send any signal to the victim; if none
> > of those conditions are met, it obviously can't, no matter how and what
> > signal it sends. For details look at check_kill_permission() and
> > group_send_sig_info() in kernel/signal.c and reparent_thread() in
> > kernel/exit.c in the kernel source tree (version 2.6.22).
On Wed, Mar 23, 2011 at 02:36:38PM -0400, J. Oquendo wrote:
> On 3/23/2011 2:13 PM, Theo de Raadt wrote:
> >> If *any* threat exists,
> >> that threat is increased by public exposure of unmitigated attack
> >> methodology
> > I think you have it wrong.
> >
> > Public exposure increases the visibility, and therefore customers
> > install the patches quicker.
> >
[+] Resolved econet_ioctl to 0xffffffffa01d319b
[+] Resolved econet_ops to 0xffffffffa01d41e0
[*] Failed to resolve kernel symbols.
On Wed, 2010-12-08 at 00:44 +0300, Kai wrote:
> > Anyone tested this in sandbox yet?
>
> 00:37 linups:../expl/kernel > cat /etc/*release*
> openSUSE 11.3 (i586)
> VERSION = 11.3
15.01.2012 18:30, Henri Salo пишет:
> On Wed, Jan 11, 2012 at 11:50:25AM +0100, advisory@htbridge.ch wrote:
>> Advisory ID: HTB23065
>> Reference: https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_knowledgetree_community_edition.html
>> Product: KnowledgeTree Commercial and Community Editions
>> Vendor: KnowledgeTree Inc. ( http://knowledgetree.org )
>> Vulnerable Version: 3.7.0.2 and probably prior
>> Tested Version: 3.7.0.2
>> Vendor Notification: 21 December 2011
>> Vendor Patch: 23 December 2011
On Wed, 02 Apr 2008 13:39:36 PDT, "Thor (Hammer of God)" said:
> So, if you have someone who is going to run as administrator anyway,
> download the untrusted .exe, execute it, and then confirm the execution
> of the program without concern for what happens, we can't really fault
> the OS for that at this point in the game.
I wasn't faulting the OS - I was pointing out it's still a viable attack
vector, despite the OS's best efforts to stop it.
On Wed, 25 Aug 2010, Tim Brown wrote:
> the key point is that an empty directory specification statement in
> LD_LIBRARY_PATH, PATH (and probably others) is equivalent to $CWD.
And there is also the infamous DT_RPATH (and DT_RUNPATH) that makes it
possible to hardwire unsafe paths into executable files themselves.
This happens quite often and I find it very disturbing.
--
Already discovered in June, 2008.
http://packetstormsecurity.org/0806-exploits/joomlajoomradio-sql.txt bc9c589fca40fce9a4f4484333f207b5 The Joomla Joomradio component version 1.0 suffers from a remote SQL injection vulnerability. Authored By <a href="mailto:His0k4.hlm[at]gmail.com">His0k4</a>
On Wed, Feb 18, 2009 at 07:32:02PM +0100, 0o_zeus_o0 wrote:
> ###########################################################################
> # Advisory X
> # Title: Joomla Component com_joomradio SQL Injection
> # Author: 0o_zeus_o0 ( Arturo Z. )
> # Contact: arturo_zamora_c@hotmail.com
strange locking bug in the networking stack, which is just a funny
accident.
-Dan
On Wed, Nov 17, 2010 at 8:41 PM, Felipe Martins
<martins.felipe.security@gmail.com> wrote:
> Dan,
>
> What kernel versions are vulnerable to this one ?
>
On Wed, April 30, 2008 01:40, raven wrote:
> But, if isnt dead, why he use a computer based translator to translate,
> from english, something that he can write in correct italian ? I'm italian
> and i garantee that is not italian.
Yes, someone else told me already in private that the "I'm not dead site"
was a hoax. I did not know rgod and I don't know if he's dead or not - I
just wanted bugtraq to know, that there's something else going on here -
without taking sides.
Basically a dup of http://packetstormsecurity.org/0608-exploits/vwar150multi.txt
On Wed, Feb 13, 2008 at 10:50:53AM -0000, p_s3rver@yahoo.com wrote:
> Vendor : Www.Vwar.De
> Credits : Pouya_Server
> Vuln. Ver : v1.5.0
> Http://pouya-server.blogfa.com
> Pouya.S3rver@Gmail.Com
> ---------------------------------------------------
On Wed, 2011-03-30 at 14:20 +0000, Jim Harrison wrote:
> Interesting...
> Windows also has similar functionality offered via .NET services (Net.Tcp Port Sharing http://msdn.microsoft.com/en-us/library/ms734772.aspx), but this is only available through .NET API; not directly through Winsock or AFD. I suspect the BSD implementation you discovered has similar goals in mind (expanding the TCP socket limits), but didn't go as far with the solution.
> The BSD folks indicated that this is "by-design" - did they also point you toward any management API beyond making the socket "protected"??
I don't believe it is anything like the .NET functionality you mention.
After reading the article, I get the impression that this is specific to
HTTP and is a combination of virtual hosting and reverse proxy. (I may
be wrong, I only skimmed through the document.)
Next Page>>
|
|
|
