Next Page >>
email
- Presentation name
- A one-sentence synopsis of your topic
- A longer one to three paragraph synopsis or short outline of what
you plan on covering
- Names, email addresses and URLs of the presenter(s)
- A short (single-paragraph) biography of the presenter(s)
Once everything is ready to go, please email your submission to cfp
[at] layerone [dot] info no later than March 15, 2008. You will
receive notice no later than April 1, 2008 to let you know if your
Bugtraq ID: N/A
CVE Name: N/A
*Vulnerability Description*
Lotus Notes is the integrated email, calendar, instant messenger, browser
and business collaboration application developed by IBM to work as a
desktop client in conjunction with IBM’s Lotus Domino server application.
The email functionality of Lotus Notes supports previewing and processing
file attachments in various formats. To preview and process files in the
Advisory: IceWarp WebMail Server: Client-Side Specification of "Forgot
Password" eMail Content
During a penetration test, RedTeam Pentesting discovered that the emails
sent by the IceWarp WebMail Server when using the "Forgot Password"
function are generated on the client side. Furthermore, the server
expands certain keywords in these emails to users' full names, usernames
and passwords. This allows for advanced social engineering attacks and
the potential disclosure of usernames and passwords.
+---------------------------------------------------------------------
Summary
=======
IronPort PXE Encryption is an e-mail encryption solution that is
designed to secure e-mail communications without the need for a
Public Key Infrastructure (PKI) or special agents on receiving
systems. When an e-mail message is targeted for encryption, the PXE
encryption engine on an IronPort e-mail gateway encrypts the original
e-mail message as an HTML file and attaches it to a notification
. 2008-01-30:
Additional mail sent to Citect support team asking for a software
security contact at Citect.
. 2008-01-30:
Email from Citect's support team acknowledging notification and
requesting information in plaintext.
. 2008-02-06:
Core sends the draft advisory, including proof of concept code to
demonstrate the vulnerability.
AOL Instant Messenger ("AIM", http://www.aim.com) is an instant messaging
application that allows its users to communicate in real time via text,
voice, and video over the Internet. It is maintained by AOL LLC. AIM Pro
is AOL's business-oriented version of AIM targeted for professional use
with an emphasis on "business-grade" security and integration with email
client and other productivity applications
(http://aimpro.premiumservices.aol.com/) AIM Lite, as defined in its
website (http://x.aim.com/laim/), is a reference application used to test
new technology also developed by AOL and available for the public in the
form of a "light IM client".
AOL Instant Messenger ("AIM", http://www.aim.com) is an instant messaging
application that allows its users to communicate in real time via text,
voice, and video over the Internet. It is maintained by AOL LLC. AIM Pro
is AOL's business-oriented version of AIM targeted for professional use
with an emphasis on "business-grade" security and integration with email
client and other productivity applications
(http://aimpro.premiumservices.aol.com/) AIM Lite, as defined in its
website (http://x.aim.com/laim/), is a reference application used to test
new technology also developed by AOL and available for the public in the
form of a "light IM client".
-----Original Message-----
From: full-disclosure-bounces@lists.grok.org.uk [mailto:full-disclosure-bounces@lists.grok.org.uk] On Behalf Of NSO Research
Sent: Tuesday, October 20, 2009 12:10 PM
To: full-disclosure@lists.grok.org.uk; bugtraq@securityfocus.com
Subject: [Full-disclosure] NSOADV-2009-003: Websense Email Security Cross Site Scripting
_________________________________________
Security Advisory NSOADV-2009-003
_________________________________________
_________________________________________
Just published the below advisory describing an issue with Mail.app
and a solution. I comment on the flaw on my blog:
http://enablesecurity.com/2008/10/03/apple-mailapp-security-advisory/
An up to date version of the advisory can be found:
http://resources.enablesecurity.com/advisories/apple-mailapp-smime.txt
The advisory was first published on EnableSecurity Newsletter. If
you'd like to subscribe then send an email to
newsletter@enablesecurity.com
Hello Bugtraq!
I want to warn you about security vulnerabilities in email clients,
particularly in Outlook Express and Outlook. This advisory is concerned with
my series of advisories about vulnerabilities in browsers, which belong to
group of DoS via protocol handlers.
All those who doubt that these DoS vulnerabilities in browsers and email
clients are security vulnerabilities, must read my first advisory on this
topic (http://www.securityfocus.com/archive/1/511327/30/0/threaded). Where I
Severity Rating: CVSS v2 Base Score: 6.8 (AV:N/AC:L/Au:S/C:C/I:N/A:N)
Affected products:
EMC SW: EMC SourceOne Email Management for Microsoft Exchange 6.5.2.3668 (SP2 HF3) and earlier
EMC SW: EMC SourceOne Email Management for Notes/Domino 6.5.2.3668 (SP2 HF3) and earlier
EMC SW: EMC SourceOne Email Management for Microsoft Exchange 6.6.0.1209 (HF1) and earlier
Security Advisory NSOADV-2009-003
_________________________________________
_________________________________________
Title: Websense Email Security Cross Site Scripting
Severity: Low
Advisory ID: NSOADV-2009-003
Found Date: 28.09.2009
Date Reported: 01.10.2009
Release Date: 20.10.2009
el nico destinatario de dichos datos, y cuya finalidad exclusiva es la
gestin de clientes y acciones de comunicacin comercial, y de que tiene
la posibilidad de ejercer los derechos de acceso, rectificacin,
cancelacin y oposicin previstos en la ley mediante carta dirigida a
Internet Security Auditors, c. Santander, 101. Edif. A. 2º 1ª, 08030
Barcelona, o va e-mail a la siguiente direccin de correo:
legal@isecauditors.com
>
> On Fri, Jul 17, 2009 at 2:48 PM, ISecAuditors Security
#!/usr/bin/python
#--------------------------------------------------------------------------------
#(POST var 'resetpwemail') BLIND SQL INJECTION EXPLOIT --AlumniServer v-1.0.1-->
#--------------------------------------------------------------------------------
#
#CMS INFORMATION:
#
#-->WEB: http://www.alumniserver.net/
#-->DOWNLOAD: http://www.alumniserver.net/
#-->DEMO: N/A
# 59. if (!$nama || preg_match("/[^a-zA-Z0-9_-]/", $nama)) $error .= "Karakter Username tidak diizinkan kecuali a-z,A-Z,0-9,-, dan _<br />";
# 60. if (strlen($nama) > 10) $error .= "Username Terlalu Panjang Maksimal 10 Karakter<br />";
# 61. if (strrpos($nama, " ") > 0) $error .= "Username Tidak Boleh Menggunakan Spasi";
# 62. if ($koneksi_db->sql_numrows($koneksi_db->sql_query("SELECT user FROM useraura WHERE user='$nama'")) > 0) $error .= "Error: Username ".$nama." sudah terdaftar , silahkan ulangi.<br />";
# 63. if ($koneksi_db->sql_numrows($koneksi_db->sql_query("SELECT user FROM temp_useraura WHERE user='$nama'")) > 0) $error .= "Error: Username ".$nama." sudah terdaftar , silahkan ulangi.<br />";
# 64. if ($koneksi_db->sql_numrows($koneksi_db->sql_query("SELECT email FROM useraura WHERE email='$email'")) > 0) $error .= "Error: Email ".$email." sudah terdaftar , silahkan ulangi.<br />";
# 65. if ($koneksi_db->sql_numrows($koneksi_db->sql_query("SELECT email FROM temp_useraura WHERE email='$email'")) > 0) $error .= "Error: Email ".$email." sudah terdaftar , silahkan ulangi.<br />";
# 66. if (!nama) $error .= "Error: Formulir Nama belum diisi , silahkan ulangi.<br />";
# 67. if ($cekperaturan != "1") $error .= "You should be agree with rules and conditions of use!<br />";
# 68. if (!nama) $error .= "Error: Formulir Nama belum diisi , silahkan ulangi.<br />";
# 69. if (!password) $error .= "Error: Formulir Password belum diisi , silahkan ulangi.<br />";
Security Advisory NSOADV-2009-002
_________________________________________
_________________________________________
Title: Websense Email Security Web Administrator DoS
Severity: Low
Advisory ID: NSOADV-2009-002
Found Date: 28.09.2009
Date Reported: 01.10.2009
Release Date: 20.10.2009
> (e.g. "aaaaaaaa") or dictionary words (e.g. "pentagon" or "computer").
>
> The abuse of this functionality permits an attacker to do thousands of
> authentication requests during a day over one user account, so if the
> user is using a weak password is a matter of time to guess to have
> access to the mail account.
>
> IV. PROOF OF CONCEPT
> -------------------------
> As only requirement, the attacker needs a real Gmail account, but
> that's not a real limitation as service is for free.
(e.g. "aaaaaaaa") or dictionary words (e.g. "pentagon" or "computer").
The abuse of this functionality permits an attacker to do thousands of
authentication requests during a day over one user account, so if the
user is using a weak password is a matter of time to guess to have
access to the mail account.
IV. PROOF OF CONCEPT
-------------------------
As only requirement, the attacker needs a real Gmail account, but
that's not a real limitation as service is for free.
OVERVIEW:
I would like to draw your attention on a problem that is already known and is surely exploited for a long time, but clearly seems to be underestimated.
the problem is explained quickly:
- email service provider delete inactive accounts after six or twelve months of inactivity and release the adresse (nearly every big email provider does it)
- many platforms (webshops, forums, etc...) do NOT delete inactive accounts
This asymmetry in handling inactive accounts has the consequence that thousands of accounts of various online platforms can be hijacked by attackers without any technical difficulties.
The procedure is so simple that it hardly needs to be mentioned:
Description
-----------
Several Cross Site Scripting vulnerabilities were found in within Outlook Web Access (OWA) 2003/2007. An attacker can craft a malicious email which will trigger within a user's browser. Different version of OWA and different clients (Light and Premium) have different attack vectors which can result in an attacker gaining *persistent* control over a victim's use of Outlook Web Access. An attacker would have full control and access to the victims e-mail account. This control could be further abused by utilising techniques such as JavaScript root-kits or web worms.
Analysis
--------
Head of Digital Security Research Group
______________________
DIGITAL SECURITY
phone: +7 812 703 1547
+7 812 430 9130
e-mail: a.polyakov@dsec.ru
www.dsec.ru
www.dsecrg.com
www.pcidss.ru
III. ANALYSIS
Exploitation allows an attacker to execute arbitrary code with the
privileges of the current user. Exploitation would require convincing a
targeted user to view a specially crafted image file. An attacker could
host this file on a Web server, attach the file to an e-mail or
embedded the file in an Office document.
This vulnerability also can be triggered through e-mail. If the e-mail
client can automatically display images embedded in the e-mail, the
user only needs to open the e-mail to trigger the vulnerability.
- -----------/
*Report Timeline*
. 2008-01-30: Initial contact email sent by to Wonderware setting the
estimated publication date of the advisory to February 25th.
. 2008-01-30: Contact email re-sent to Wonderware asking for a software
security contact for Wonderware InTouch.
. 2008-02-06: New email sent to Wonderware asking for a response and for
a software security contact for Wonderware InTouch.
Vulnerability Report:
As part of our recent work on the trust hierarchy that exists among email providers throughout the Internet, we have uncovered a serious security flaw in Ggoogle's free email service, Gmail. This vulnerability exposes Google's email servers in a way that allows an attacker to use them as open spam and phishing relays. This issue is related to the risk of a malicious user abusing Gmail's email forwarding functionality. This is possible because Gmail's email forwarding functionality does not impose proper security restrictions during its setup process and can be easily subverted. By exploiting this problem an attacker can send unlimited spam and phishing (i.e. forged) email messages that are delivered by Google's very own SMTP servers. Since the messages are delivered by Google's own servers, an attack based on this flaw is able to bypass all spam filters that are based on the blacklist / whitelist concept. We were able to confirm that this vulnerability is indeed exploitable b
y crafting a proof of concept attack that allowed us to send any number of forged email messages without restriction through Google's server infrastructure. We have also verified that this flaw allows attackers to bypass spam filters by using our method to send messages that are usually flagged as spam. While sending these messages directly from our network in the traditional way had the messages classified as spam, by sending the very same messages using our exploit, the messages were delivered directly to the victim's inbox, thus bypassing filters.
Impact:
All email providers that offer Google's SMTP servers any special level of trust (e.g. whitelist status) are vulnerable.
On Wed, 7 May 2008 pablo.ximenes@upr.edu wrote:
>
> Vulnerability Report:
>
> As part of our recent work on the trust hierarchy that exists among email providers throughout the Internet, we have uncovered a serious security flaw in Ggoogle's free email service, Gmail. This vulnerability exposes Google's email servers in a way that allows an attacker to use them as open spam and phishing relays. This issue is related to the risk of a malicious user abusing Gmail's email forwarding functionality. This is possible because Gmail's email forwarding functionality does not impose proper security restrictions during its setup process and can be easily subverted. By exploiting this problem an attacker can send unlimited spam and phishing (i.e. forged) email messages that are delivered by Google's very own SMTP servers. Since the messages are delivered by Google's own servers, an attack based on this flaw is able to bypass all spam filters that are based on the blacklist / whitelist concept. We were able to confirm that this vulnerability is indeed exploitable b
> y crafting a proof of concept attack that allowed us to send any number of forged email messages without restriction through Google's server infrastructure. We have also verified that this flaw allows attackers to bypass spam filters by using our method to send messages that are usually flagged as spam. While sending these messages directly from our network in the traditional way had the messages classified as spam, by sending the very same messages using our exploit, the messages were delivered directly to the victim's inbox, thus bypassing filters.
>
> Impact:
>
> All email providers that offer Google's SMTP servers any special level of trust (e.g. whitelist status) are vulnerable.
------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
It has been discovered that certain e-mail message cause Outlook to
create Windows shortcut-like attachments or messages within Outlook.
Through specially crafted TNEF streams with certain MAPI attachment
properties, it is possible to set a path name to files to be executed.
When a user double clicks on such an attachment or message, Outlook will
proceed to execute the file that is set by the path name value. These
vulnerabilities
Product: phpList (http://www.phplist.com/)
Author: Davide Canali
E-mail: davide (at) davidecanali (dot) com
Date: 2011-08-10
========================================================================
1. BACKGROUND:
+--------------------------------------------------------------------
Summary
=======
Cisco IronPort Email Security Appliances (ESA) and Cisco IronPort
Security Management Appliances (SMA) contain a vulnerability that may
allow a remote, unauthenticated attacker to execute arbitrary code
with elevated privileges.
Workarounds that mitigate this vulnerability are available.
Let's take one for example. Did you email secure@microsoft.com? I have
before and 100% of the time they respond.
Patches take time. The do not occur over night. Furthermore it may
take a day for the vendor to respond to you.
This isn't about past issues, this is about this issue. A single day did
not pass between when you emailed these vendors and when you posted
here. Have you considered giving these vendors time to respond? I do
not find that 99% of them don't, rather I find that they do. Should you
Core Security Technologies sends the Microsoft team the information
requested. The vulnerability was triggered on Virtual PC SP1 with and
without HAV, using a Windows XP SP2 guest OS over a Windows XP SP3 host OS.
. 2009-09-08:
MSRC acknowledges Core email.
. 2009-09-08:
Vendor says that it is still investigating the bug and will have more
concrete details in a few days.
Next Page>>
|
