Next Page >>
Thank you
Just as an update couldn't get any further other than t.he fact that
SMCGui.exe is getting killed as its running in the user account and SMC.exe
in the system account.
Thank you.
Regards, Sandeep
--------------------------------------------------
From: "Sandeep Cheema" <51l3n7@live.in>
Just as an update couldn't get any further other than t.he fact that
SMCGui.exe is getting killed as its running in the user account and SMC.exe
in the system account.
Thank you.
Regards, Sandeep
--------------------------------------------------
From: "Sandeep Cheema" <51l3n7@live.in>
to open the GUI, All the conditions will be bypassed.
And as I said before, The Help and Support > Troubleshooting will show the
server as offline for the client and the NTP will not be visible if its
installed.
Thank you.
Regads, Sandeep
> user to open the GUI, All the conditions will be bypassed.
> And as I said before, The Help and Support > Troubleshooting will show the
> server as offline for the client and the NTP will not be visible if its
> installed.
>
> Thank you.
>
> Regads, Sandeep
>
>
>
> Just as an update couldn't get any further other than t.he fact that
> SMCGui.exe is getting killed as its running in the user account and
> SMC.exe
> in the system account.
>
> Thank you.
>
> Regards, Sandeep
>
> --------------------------------------------------
> From: "Sandeep Cheema" <51l3n7@live.in>
IRC.
More information can be found on the group's wiki page here:
http://oss-security.openwall.org
Thank You.
--
JB
> without JS). But soon I'll present one exploit also in "pure-iframe"
> version
> (without JS) for Internet Explorer and other applications - in case when
> small amount of iframes lead to crash.
>
>> Thank you. Now if you could wait for patches before disclosing I'd be
>> even happier.
>
> Susan, you are welcome.
>
> I would be happy to wait for patches of browser vendors, but as already
public, make sure everything is _really_ patched, then ask the company
to inform their Clients (if they don't want to act so). If the company
says:
'Nothing baaad really happened. This and this could be done. Our clients
are safe thanks for Our Gosh-So-Perfect Security Program. Thank You
for sharing information with our Security Team.'
then, in my opinion, you are free to inform the public what really
happened as you intention was to bring true information to public in
order to make the community safer and _aware_ of the problem. (I would
http://support.microsoft.com/kb/240797.
Currently, there will be NO official patch for this issue.
Autodesk's statement is as follows:
"Thank you for taking the time and effort to identify a potential
issue with our technology. We do take each and every customer or
developer issue seriously and have spent time in reviewing your
analysis of our i-drop technology. At this time, we have ceased
investment in i-drop technology. It was released over five years
ago as a means for developers to leverage their content delivery;
once. Yours is quite elegant, but... how is it different from common
rootkit?
Pavel
>
> Thank you,
> -----------------------------------------------------
> StenoPlasma at ExploitDevelopment.com
> www.ExploitDevelopment.com
> -----------------------------------------------------
>
future advisories (but I'd be reminding about possibility of attacking
without JS). But soon I'll present one exploit also in "pure-iframe" version
(without JS) for Internet Explorer and other applications - in case when
small amount of iframes lead to crash.
> Thank you. Now if you could wait for patches before disclosing I'd be
> even happier.
Susan, you are welcome.
I would be happy to wait for patches of browser vendors, but as already
but security researchers.
I hope the above clarifications put more light into our research project and
that they help better understand the nature of security issues discovered.
Thank You.
Best Regards,
Adam Gowdiak
---------------------------------------------
and they have continued access. This implies that the administrators don't
know that they had been compromised. And you think that auditing tools
would see a hex value changed in the SAM, when even local administrators
don't have read access to the SAM?
Thank you,
-----------------------------------------------------
StenoPlasma at ExploitDevelopment.com
www.ExploitDevelopment.com
-----------------------------------------------------
> In fact looks like Symantec has inherited the bug from Sygate. The
> original one looks to be patched up though but on similar lines.
>
> http://seclists.org/bugtraq/2005/Dec/0249.html
>
> Thank you.
>
> Regards, Sandeep
>
> --------------------------------------------------
> From: "Sandeep Cheema" <51l3n7@live.in>
I have tried it and when let this file run for around 2 mins, The SmcGui.exe
process loads up when you logoff and log back in (or restart)but the icon
does not show up in the taskbar.
Thank you.
Regards, Sandeep
--------------------------------------------------
From: "Sandeep Cheema" <51l3n7@live.in>
Change Tracker works on the principle of layered, multi-dimensional security in line with the PCI DSS that it is commonly used to underpin. The secure commissioning process should include standard lockdown and access-restriction procedures for the Change Tracker server and database server used for device and configuration data storage. Access security should also be complemented with monitoring using a SIEM solution such as NNT Log Tracker, so any access to the Change Tracker server, the Change Tracker console program or the database will be logged and alerted as unusual activity.
NNT take security of our customer systems extremely seriously. Anyone with any concerns regarding best practise in Production System security should contact us for further assistance.
Regarding any vulnerabilities discovered by independent security researchers in the future, we would prefer these are reported to us at support@nntws.com before being published. This was not the case in this instance, delaying our opportunity to respond. Thank you.
Company Homepage
------------------------------
http://www.newnettechnologies.com
Header panel is now accessible via Tools -> Headers (Ctrl+H)
Added UTF-16 to the available fuzzer encodings
Added a User-Agent fuzzer (check example 6 in the install directory)
Updated Frequently Asked Questions 05 on fuzzing
Thank you,
Subere
Thank you. Now if you could wait for patches before disclosing I'd be
even happier.
MustLive wrote:
> Hello Bugtraq!
>
> I want to warn you about security vulnerability in different browsers.
>
> -----------------------------
> Advisory: DoS vulnerabilities in Firefox, Internet Explorer, Chrome and
thank you!
this was a great example but it didnt work on my debian machine. - but it worked better than mine.
i have edited your example as folowed:
vuln.cpp:
#include <stdio.h>
#include <string.h>
+ }
strncpy(to, from, len);
to[len] = '\0';
pwd = getpwnam(to);
Thank you!
--
Eygene
Patch.
I would like to thank Michal Zalewski and Adam Barth from Google for their
prompt responses and getting the patch ready in a timely manner. It was a
pleasure working with them. I am grateful to Google for providing credit for
my research by listing me on their "We Thank You" Page
(http://www.google.com/corporate/security.html).
> This isn't an exploit -- at least not on Linux -- it's just kiddie stupidity. It doesn't take any particular cleverness to blow memory by dynamically creating bigger and bigger data structures. With virtual memory and 64-bit pointers, when exactly do we return -ENOMEM?
>
>
Could you be a bit more specific as to the circumstances of the DOS
exploit and how this could be replicated?
Thank you.
is to educate developers as well system administrators that attacks
succeed when they are unexpected. At the end of the day, the trick is
simple.
On 10/10/07, Thor (Hammer of God) <thor@hammerofgod.com> wrote:
> Security in depth is alive and well, thank you. In fact, it is security
> in depth that allows administrators to prevent this type of "attack" (if
> we can actually make the stretch to call it that).
>
> However, for the record, this is not an "attack." You might as well
> just email the target and ask for their password. Or if you can get
The hashes are for a .ppt file, though I hope to have the research available as a whitepaper as well, in .pdf and .txt format.
I should be releasing it by the end of the month if all goes according to plan.
Thank you!
And let's not forget the hashes...
MD5: e6d94b5998a68d4e611e2f03691d7e9c
SHA1: 1d2147b42dbb3142fdddbcfef518ec0e12e5300b
netVigilance Security Advisory #67
SimpGB version 1.46.02 Multiple XSS Attack Vulnerabilities
Description:
SimpGB is a guestbook with data stored in MySQL, administration interface and support for multiple languages. Features: Data stored in MySQL, Administration interface, Support for multiple languages, Support for multiple instances in one database, Support for multiple layouts, Own header/footer can be defined, Support of BBCode and smilies, Admin can decide which BBCode tags to enable, Avatars (with option to let users upload their own), Admin can decide which input fields to display and which of them are required, Admins can write comments on posts, Admins can mark entry as "always on top", Admins can attach file to entry, flood protection, IP banlist, bad word list, send email notification upon new posts, optionally validate new posts before they get visible by public, own leadtext for entry form and own "Thank you" message can be defined, Option to mark posts as private (only admins can see them), search entries, Option to let users send emails out of guestbook.
External References:
Mitre CVE: ID requested but no answer received
NVD NIST: ID requested but no answer received
OSVDB: ID requested but no answer received
BUGTRAQ/BID:
is to educate developers as well system administrators that attacks
succeed when they are unexpected. At the end of the day, the trick is
simple.
On 10/10/07, Thor (Hammer of God) <thor@hammerofgod.com> wrote:
> Security in depth is alive and well, thank you. In fact, it is security
> in depth that allows administrators to prevent this type of "attack" (if
> we can actually make the stretch to call it that).
>
> However, for the record, this is not an "attack." You might as well
> just email the target and ask for their password. Or if you can get
There is no harm that can be done to the system using this. Thus while this is a bit of odd behavior it does not represent a asecurity flaw.
This will be fixed however as soon as possible.
Thank you.
The Exposure is of non-sensitive information as defined by commonly accepted security standards. I.E. The definition of the term “sensitive” is limited to designate all those types and forms of information that, by law or regulation, require some form of protection but are outside the formal system for classifying national security information. Managed Workplace is not used by customers to process classified information and this Exposure does not reveal non-classified sensitive information.
The Exposure is eliminated in Managed Workplace 6.0 Service Pack 3. This Service Pack is currently in Beta and will be generally available within the next 20 days.
Thank you,
Paul Renaud
VP Product Operations
Level Platforms
ensure that it is virus free and no responsibility is accepted by
JPMorgan Chase & Co., its subsidiaries and affiliates, as
applicable, for any loss or damage arising in any way from its use.
If you received this transmission in error, please immediately
contact the sender and destroy the material in its entirety,
whether in electronic or hard copy format. Thank you.
¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡cocoruder of Fortinet Security Research Team
¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡hfli@fortinet.com
¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡2007-08-02
*** Disclaimer: This message may contain privileged and/or confidential information. If you have received this e-mail in error or are not the intended recipient, you may not use, copy, disseminate or distribute it; do not open any attachments, delete it immediately from your system and notify the sender promptly by e-mail that you have done so. Thank you. ***
Next Page>>
|
