| New User, Welcome! Login |
Next Page >>
apps
Versions affected: Tested on 2.1 - 2.3
Other versions may also be affected
Product description:
Android is an open-source software stack for mobile devices which includes
an operating system, key applications, and middleware. The Android mobile
operating system is based on a modified version of the Linux kernel.
Android is currently owned and developed by Google.
Credit: Sean Schulte of Trustwave
=============================================================
Android Browser Cross-Application Scripting (CVE-2011-2357)
=============================================================
1) Background
--------------
Android applications are executed in a sandbox environment, to ensure that no
application can access sensitive information held by another, without adequate
privileges. For example, Android's browser application holds sensitive
information such as cookies, cache and history, and this cannot be accessed by
protected function _unsubscribe()
{
/* Fetch data */
$key = trim( IPSText::base64_decode_urlSafe( $this->request['key'] ) );
list( $app, $area, $relId, $likeMemberId, $memberId, $email ) = explode( ';', $key );
/* Member? */
if ( ! $this->memberData['member_id'] )
{
$this->registry->output->showError( 'no_permission', 'pcgl-1' );
+ Vulnerability in HTC Peep: Twitter Credentials Disclosure
http://blog.taddong.com/2011/02/vulnerability-in-htc-peep-twitter.html
Title: Twitter credentials disclosure in HTC Peep mobile app (default HTC Twitter client)
Vulnerability ID: TAD-2011-001
Credits: This vulnerability was discovered by Raul Siles, Founder and Senior Security Analyst with Taddong (www.taddong.com)
Publication date: February 4, 2011
Vendors contacted: HTC (and MITRE - CVE ID)
Far too often security initiatives fail to gain any momentum because
they bite of far more than they can chew. I'd love to redesign digest
authentication, for instance, or push for good browser support of some
truly safe HTTP authentication protocols, but that would be much more
likely to fail. I see this as a relatively easy fix to open up a new
option in web app development.
> As more and more app development moves to hardware platforms
> (iAppleStuffs) and social media aka Ad-metadata networks (Facebook,
> Google *.google.com apps, webmail, etc.) cookies are an easy and
1 Background
=============
Android applications are executed in a sandbox environment, to ensure that no
application can access sensitive information held by another, without adequate
privileges. For example, Opera Mobile holds sensitive information such as
cookies, cache and history, and this cannot be accessed by third-party apps. An
android app may request specific privileges during its installation; if granted
by the user, the app's capabilities are extended.
One mechanism which Android uses in order to implement the sandbox, is running
1 Background
============
Android applications are executed in a sandbox environment, to ensure that no
application can access sensitive information held by another, without adequate
privileges. For example, The Browser application holds sensitive information
such as cookies, cache and history, and this cannot be accessed by third-party
apps, while the Google Talk application stores contacts and conversations. An
android app may request specific privileges during its installation; if granted
by the user, the app's capabilities are extended.
1 Background
============
Android applications are executed in a sandbox environment, to ensure that no
application can access sensitive information held by another, without adequate
privileges. For example, the Dolphin browser application holds sensitive
information such as cookies, cache and history, and this cannot be accessed
by third-party apps. An android app may request specific privileges during
its installation; if granted by the user, the app's capabilities are extended.
Intents are used by Android apps for intercommunication. These objects can be
I had a hard time conveying what I wanted to with the title. As far
as being convincing, well, I guess it's a matter of perspective.
> To solve problems with forms-based auth + session tokens, we only have
> to fix some things in Web app frameworks, many of which have already
> been fixed in major platforms. Predictable session identifiers, for
> instance, pretty much died out years ago.
Yes, but app frameworks come and go. I think session cookies will
continue to be a "maintenance" problem with respect to security. In
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c02478639
Version: 1
HPSBGN02569 SSRT100200 rev.1 - HP MagCloud iPad App, Remote Unauthorized Access to Data
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2010-08-23
Last Updated: 2010-08-23
google apps googleapps.url.mailto:// uri handler cross-browser remote command execution exploit (Internet Explorer)
by nine:situations:group::pyrokinesis
site: http://retrogod.altervista.org/
software site: http://pack.google.com/intl/it/pack_installer.html
tested against: Internet Explorer 8, windows xp sp3
Internet Explorer 7, windows xp sp3
Google Chrome 2.0.172.43
Core Security - Corelabs Advisory
http://corelabs.coresecurity.com/
Apple OS X Sandbox Predefined Profiles Bypass
1. *Advisory Information*
Title: Apple OS X Sandbox Predefined Profiles Bypass
This Security Fix provides remediation for items that cause this behavior through product fixes, as well as configuration and policy changes. More information on each of these items is included below.
RSA has identified and addressed the potential security flaws as part of this Security Fix:
•In certain circumstances, device recovery capabilities and device identification used by the defined policy may be impacted by the data elements sent from the end user’s device. This may potentially allow the system to recover a previously non-registered device or allow access for a registered device despite forensic differences. This potential flaw affects both web and mobile browsers. CVE (Common Vulnerability Enumeration) ID for this issue CVE-2011-2741.
•In certain circumstances, the application may match device tokens sent from mobile apps without proper forensic evaluation used by the defined policy. This may potentially allow access from the mobile device to the protected application without a challenge. This potential flaw only affects mobile apps and does not affect web browsers. CVE (Common Vulnerability Enumeration) ID for this issue CVE-2011-2742.
In addition, the Security Fix provides better capabilities to differentiate between activities originating from web browsers, mobile browsers, and mobile apps. This also allows customers to enable / disable the Device Recovery for each.
Due to forensic similarities between browsers across mobile devices, RSA recommends that customers use these capabilities to disable device recovery specifically for mobile browsers.
Note: Due to the nature of above changes, deployment of this Security Fix may have an impact on existing challenge rates. As with any other Security Fix, RSA recommends that customers fully test the fix before going into production.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Jeff Martin wrote:
> My theory - there are gazillion corporate and business apps that don't run on IE7 thus users do not update even their personal PCs (for VPN access to those apps.). I work for a hospital and we have apps that only recently with IE6. When we ask about plans for IE8 support, we get the blank stare. Who doesn't love ActiveX?
Yeah, that was what I tried to get at earlier.
So now, what does that say about us? Who's the sucker...
Hi all,
We are proud to announce a new and free Apache Struts2 Web-Hacking
challenge. Ever thought about vulnerabilities in frameworks and
libraries one is using in its web app? Apache Struts is used in many web
apps around the globe. But the vulnerability and the impact is not very
known. That's why we have written a "vulnerable" service you can legally
mess around with. It is important to keep an eye on such components and
dependencies. Try to solve the struts challenge! (Level = Advanced)
Hi folks,
I've recently open sourced a vulnerable web app, called The BodgeIt Store:
http://code.google.com/p/bodgeit/
Why?
Well, you can never have too many vulnerable apps to test against, but
also because I've found that many of the existing apps are non trivial
to install - they either have a significant number of dependencies,
My theory - there are gazillion corporate and business apps that don't run on IE7 thus users do not update even their personal PCs (for VPN access to those apps.). I work for a hospital and we have apps that only recently with IE6. When we ask about plans for IE8 support, we get the blank stare. Who doesn't love ActiveX?
-------------------------------------------------
This message is provided "AS IS" without warranty of any kind, either expressed or implied, including, but not limited to, the implied warranties of accuracy, correct grammar and spelling, lack of vulgarity or adult themes, correct references, absence of viruses and/or viral memes, originality, or fitness for any particular purpose.
-------------------------------------------------
--- On Tue, 7/1/08, Nick FitzGerald <nick@virus-l.demon.co.uk> wrote:
Search" are vulnerable to SQL Injection allowing
an attacker to review or execute commands in the
local Database (according to the web server's
configuration)
[+] PoC : It's posible to check if the app is vulnerable
by trying something like: 100000000 or 1=2 on
the "Price From" form, as the second part of the
injection is never true, the app won't show any
results; although if the injection is crafted as
100000000 or 1=1, the app will show every product
"If We Wean the Web Off of Session Cookies, This Is Some of What We'd
Have to do". I wasn't convinced at all that Weaning the Web Off of
Session Cookies was the logical conclusion of the data you presented.
To solve problems with forms-based auth + session tokens, we only have
to fix some things in Web app frameworks, many of which have already
been fixed in major platforms. Predictable session identifiers, for
instance, pretty much died out years ago. To migrate to HTTP Digest
Auth, not only would we have to fix a few things in Web app
frameworks, we'd have to refactor a massive amount of custom code AND
convince all major browser vendors all to do the same right things and
Hi Michael,
Indeed, MFC is the culprit. We were aware of Visual Studio as a typical environment
for building MFC apps, and MFC is an integral part of it. Presumably other ways of
building MFC apps will result in vulnerable builds too, but we noticed that older
some versions of MFC libraries were not vulnerable.
Thanks for broadening the view.
Mitja
I think that you don't understand the idea behind the checkNUM (is not a checkSUM ;) in the eyeOS ajax calls.
the checknum, is a number to protect eyeOS againt automatic requests, for example, if I'm using my eyeOS, my session is alive, and I enter another website, with iframes or something similar, for make a get to my eyeOS to delete a file, a file will be deleted, and this isn't good :)
the checknum DO NOT protect against yourself, the owner of a session, can know the checknum assigned to each app (each app have a different checknum)
Please, before send FALSE reports, you have to understand what you are auditing, thanks.
Good points James. I read this paper a few times to make sure I got
the point, and it's a cute idea but I just don't see it happening.
For multi-node, multi-app, websites sharing auth/state/preferences
across multiple web assets (physical servers and logical "websites")
this is pretty much a non-starter. Cookies rule here. For a dozen
different reasons that I can think of.
Always good to try and raise the bar, but the world has voted cookies
(thanks Lou!) and I think they are here to stay for at least the next
SEC Consult Vulnerability Lab Security Advisory < 20111012-0 >
=======================================================================
title: Client-side remote file upload & command execution
product: Microsoft Forefront Unified Access Gateway Remote
Access Agent (signed Java applet)
vulnerable version: 4.0.0.1
fixed version:
CVE number: CVE-2011-1969
impact: critical
homepage:
##########################www.BugReport.ir########################################
#
# AmnPardaz Security Research Team
#
# Title: Blaze Apps Multiple Vulnerabilities
# Vendor: http://blazeapps.codeplex.com
# Vulnerable Version: 1.4.0.051909 (and prior versions)
# Exploitation: Remote with browser
# Fix: N/A
###################################################################################
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hey Andres,
That seems to be really cool stuff! We need more of these test suites
for both SCAs/WebApps Scanners (every body uses WebGoat, even vendors,
so it's not fun and doesn't mean anything anymore).
Hope many will contribute to this project!
I haven't had a change to look at what apps compose this test suites,
times. Witnesseth the recent discussions about the elevation token and
IE protected mode.
The best you can hope for is to maintain an effective boundary between
normal users and root/admin. But usually as soon as you install a few
off-the-shelf Windows or shareware apps, it's gone. Try this: install
your favorite "productivity" app in a non-default directory, e.g. C:\,
then look at the filesystem permissions on its executable folder (and
everywhere it might load DLLs from). Then note that (just a wild guess)
it probably runs some dll-preloader and system tray icon processes for
everyone who logs in - even Admins.
Confirmed on the T-Mobile G1 email app running OS version 1.5. Was wondering why my phone stepped on email to dial out when I read this email and then I read the subject line ;)
FWIW, it didn't actually dial, just loaded the dialer with that number ready.
Looks like this is a Webkit bug, not Safari.
Collin Mulliner <collin@betaversion.net> wrote:
>Released since Apple published the iPhone 3.0 security fixes.
>
I wrote:
> Google Android applications on the T-Mobile G1 can spawn a telnetd
> that gives remote root access to your phone:
>
> http://www.android-unleashed.com/2008/11/howto-get-root-on-your-android-g1-and.html
>
> This particular method needs user interaction, but a rogue Android app
> could easily run telnetd automatically. Android apps are not normally
> granted this sort of permission, and granting root is not supposed to
> even be possible.
http://labs.idefense.com/intelligence/vulnerabilities/
Sep 13, 2011
I. BACKGROUND
Excel is the spreadsheet application included with Microsoft Corp.'s
Office productivity software suite. More information is available at the
following website:
http://office.microsoft.com/excel/
On 2 Jan 2008 18:04:08 -0000, <unix_semaphore@yahoo.com.br> wrote:
> hello,
>
> I am a newbie in win32 software hacking.
>
> when i have a open source software,i use the gdb to debug the software,but the most of win32 app, is not a open source,why i know the functions?the operations?what tools i will use to this?
Not sure if I understand you correctly, but here it goes
(did you try using the google translator bot? I am not sure if they
have Portuguese, but if you know some Espanol, just start a google
Next Page>>
|
|
|
