Next Page >>
full
Abstract
------------------------------------------------------------------------
A logic flaw has been found in the way .NET grants permissions to
ClickOnce applications. Combined with relaxed security warnings when
handling OLE Packages in Office 2007 allows for attackers to run
arbitrary .NET assemblies with Full Trust permissions.
------------------------------------------------------------------------
See also
------------------------------------------------------------------------
- CVE-2012-0013 [2]
I want to warn you about security vulnerabilities in WordPress which I
published at 30.07.2010 during my Day of bugs in WordPress 2 project.
------------------------------
Advisory: Day of bugs in WordPress 2: Information Leakage and Full path
disclosure vulnerabilities in WordPress
------------------------------
URL: http://websecurity.com.ua/4419/
------------------------------
- Rejecting files with patterns triggering sniffing text/html(blacklisting)
- Setting correct headers to avoid sniffing from happening (validating)
- remaking files with GD or IM (sanitizing)
*WBB lite was analysed; we believe that the "full" WBB shares the same
mechanism.
2 Detailed Descriptions
____________________________________________________
I want to warn you about new security vulnerabilities in WordPress which I
published at 30.07.2010 during my Day of bugs in WordPress 2 project. This
is second advisory for this project.
------------------------------
Advisory: Day of bugs in WordPress 2: CSRF, Information Leakage and Full
path disclosure vulnerabilities in WordPress
------------------------------
URL: http://websecurity.com.ua/4420/
------------------------------
Details
-------------------
Webmin is affected by a XSS vulnerability in all versions prior to and
including 1.540.
Webmin fails to sanitize $real in useradmin/index.cgi. $real is the
"Full Name" in the finger information of the user. useradmin/index.cgi
is the control panel of the "Users & Groups" section in webmin.
An attacker that has a normal user on the victim's machine could be
able to change his Full Name with chfn command, inject XSS and execute
commands as root.
!dork
Dork: intext:"Free Ecommerce Shopping Cart Software by ViArt" +"Your shopping cart is empty!" + "Products Search" +"Advanced Search" + "All Categories"
===============================================================
===============================================================
!risk 1 - Full Path Disclosure
Low
Attackers can use this vulnerability to leverage another attack
after the full path has been disclosed.
===============================================================
======================================================================
Advisory : WoltLab(R) Community Framework XSS and Full Path Disclosure
Vulnerability
Release Date :
Application : WoltLab(R) Community Framework
Version : WCF 1.0.6 and lower
Platform : PHP
Vendor URL : http://community.woltlab.com/
Authors : Jessica Hope ( jessicasaulhope@googlemail.com )
> >
> > Without public visibility, they will keep running the old code.
>
> You're flawed in your response: "Public exposure increases the
> visibility, and therefore customersinstall the patches quicker." ...
> When someone "full discloses" a vulnerability, there is no patch to
> install quicker.
With public involvement, the timeline goes a bit like this:
1 - Full disclosure
Summary
=======
Cisco Digital Media Manager contains a vulnerability that may allow a
remote, authenticated attacker to elevate privileges and obtain full
access to the affected system.
Cisco Show and Share is not directly affected by this vulnerability.
However, because Cisco Show and Share relies on Cisco Digital Media
Manager for authentication services, attackers who compromise the
Vendor Notification and Disclosure:
08/22/09: EFSW support notified of issue.
08/22/09: EFSW said it is not an issue because you can turn off direct file access.
08/23/09: EFSW support notified that FILES.SDB file can be directly accessed.
08/24/09: EFSW replied, saying 'no, you can't access the file,' even though you can.
12/15/09: Hammer of God released full details after waiting 4 months for vendor to fix.
About:
Easy File Sharing Web Server is an extremely popular web-based file sharing application that has been in use for years.
It is a fast, easy to use commercial, standalone "all-in-one" file-sharing web server.
[MajorSecurity Advisory #57]PHP <=5.3 - preg_match() full path disclosure
Details
=======
Product: PHP <=5.3
Security-Risk: moderated
Remote-Exploit: yes
Vendor-URL: http://www.php.net/
Vendor-Status: informed
Advisory-Status: published
[MajorSecurity Advisory #59]PHP <=5.3 - mysqli_real_escape_string() full
path disclosure
Details
=======
Product: PHP <=5.3
Security-Risk: low
Remote-Exploit: yes
Vendor-URL: http://www.php.net/
Vendor-Status: informed
> Hello Susan!
>
> As I already wrote you and Adam earlier, every type of disclosure
> (including
> full disclosure and responsible full disclosure) can be good in
> appropriate
> situation. And I use that type of disclosure which is suitable for every
> particular case.
>
> Taking into account that 3 from 4 vendors answered me (except Microsoft)
t
From: Rohit Patnaik [mailto:quanticle@gmail.com]
Sent: Tuesday, December 15, 2009 6:29 PM
To: Thor (Hammer of God)
Cc: bugtraq@securityfocus.com; full-disclosure@lists.grok.org.uk
Subject: Re: [Full-disclosure] File Access Vulnerability in Easy File Sharing Web Server
Wow. Very nice find. One question: all the cited tools are Windows executables. Has there been any attempt to run the database viewer in Linux via Wine? I'm wondering if I'm going to have to set up a VM to try to confirm this, or if I can try to do this via Wine.
Although the n3td3v drama is entertaining, its finds like this which keep me subscribed to this list.
Hello Susan!
As I already wrote you and Adam earlier, every type of disclosure (including
full disclosure and responsible full disclosure) can be good in appropriate
situation. And I use that type of disclosure which is suitable for every
particular case.
Taking into account that 3 from 4 vendors answered me (except Microsoft) and
Google had already non affected Chrome 4, and Mozilla and Opera promised to
fix it (we'll see when and how they do it), then you can see that my
===============================================================
===============================================================
!discussion 1 - Denial Of Service
http://wiki.site.org/%08?action=fullsearch&value=linkto%3A%22%0
8%22&context=180
Changing the URL of a linkto URl results in end-user denial of
service conditions if ASCII characters are injected.
===============================================================
The icabar.exe file does launch during an administrator logon to the
desktop via RUN registry key. Unfortunately the IcaBar key value
doesn't have a full binary path, which allows an attacker to escalate
privilege in Windows NT, 2000 in the default configuration and in
Windows 2003 in some circumstances.
This causes several instances of Windows PATH trolling, where Windows
tries to locate the icabar.exe file in the directories listed in its
Hello Bugtraq!
I want to warn you about Cross-Site Scripting, Full path disclosure,
Information Leakage, Directory Traversal, Arbitrary File Deletion and Denial
of Service vulnerabilities in WordPress.
For all these attacks it's needed to have access to admin account, or to
have account with rights for working with plugins. Or to attack admin or
other user with required rights via XSS, to find out token which designed to
protect against CSRF attacks.
web 2.0 threats and malware analysis.
Aside from highly technical presentations we are pleased to have a
roundtable and a number of talks focusing on the economic aspect of
cybersecurity, brought to you by well known cybersecurity and cybercrime
experts. To read the full line-up of speakers please see:
http://www.seacure.it/speakers.htm
The conference will be concluded by a networking event with a full
typical Milanese "aperitivo".
25.04.2010 - informed developers.
10.06.2010 - disclosed at my site.
-----------------------------
Details:
These are Information Leakage and Full path disclosure vulnerabilities.
Information Leakage and Full path disclosure:
http://site/wp-content/uploads/my-md5.txt
Miniweb 2.0 Full Path Disclosure
Name Miniweb 2.0
Vendor http://www.miniweb2.com
Author Salvatore Fresta aka Drosophila
Website http://www.salvatorefresta.net
Contact salvatorefresta [at] gmail [dot] com
Date 2009-12-12
- Severity: 5/10 (CVSS Base Score)
=============================================
I. VULNERABILITY
-------------------------
Joomla! < 1.5.12 Multiple Full Path Disclosure vulnerabilities
II. BACKGROUND
-------------------------
Joomla! is an award-winning content management system (CMS), which
enables you to build Web sites and powerful online applications. Many
References: CVS-2009-0359, DTSA-194-1
Description:
Samizdat 0.6.1 contains several code paths that fail to escape special HTML
characters in message title and user full name before these strings are included
in a Web page (in earlier versions, only user full name is exploitable). This
allows an attacker to perform a cross-site scripting attack by including a
specially crafted string in their full name or message title.
Test:
Apache Jackrabbit version 1.5.2. The release is available for download
at:
http://jackrabbit.apache.org/downloads.html
See the full release notes below for details about this release.
Release Notes -- Apache Jackrabbit -- Version 1.5.2
Introduction
Title: Multiple Security Bugs In Hosting Controller
Critical: Extremely critical
Impact: Full system administrator access
Vendor: Hosting Controller
Version: 6.1 Hot fix <= 3.3
Vendor URL: www.hostingcontroller.com
Solution: N/A From company - There is temporary solution in this report
Exploit: Available
Release Date: 2007 - December
Credit: www.BugReport.ir
INSTALLATION
------------
1. Copy shellexecutefiasco.dll anywhere; %windir%\system32 will do.
2. Run the command:
A. "regsvr32 <full path to shellexecutefiasco.dll>" or "regsvr32 /n
/i:s <full path to shellexecutefiasco.dll>" to install for all
users
B. "regsvr32 /n /i:u <full path to shellexecutefiasco.dll>" to
install for the current user only.
3. A message box will report whether the installation was successful.
From: pgut001 [mailto:pgut001@cs.auckland.ac.nz]
Sent: Monday, September 17, 2007 2:48 AM
To: Thierry@Zoller.lu
Cc: bugtraq@securityfocus.com; Roger A. Grimes; tmb@65535.com;
vuln-dev@securityfocus.com; webappsec@securityfocus.com
Subject: Re: Re[2]: [Full-disclosure] Next generation malware: Windows
Vista's gadget API
Thierry Zoller <Thierry@Zoller.lu> writes:
>PG> No, this is an entirely new level of attack,
http://gallery.live.com/liveItemDetail.aspx?li=8214ecc3-bf7e-4502-9702-9cf7cfe8aa99&bt=1&pl=1
(not picking on this particular whatever-it-is by whoever-it-is, just using it
as an example). So you've got a desktop link to a (to the typical user)
Microsoft web site containing who knows what created by who knows who that,
when run, gets full rights on your system:
Gadgets are mini-applications. Although an individual gadget may only have a
single need . such as reading files and information from the computer,
accessing information from one or more domains, or only displaying buttons
and information for a utility . the full set of gadgets mix and match needs
From: pgut001 [mailto:pgut001@cs.auckland.ac.nz]
Sent: Monday, September 17, 2007 2:48 AM
To: Thierry@Zoller.lu
Cc: bugtraq@securityfocus.com; Roger A. Grimes; tmb@65535.com;
vuln-dev@securityfocus.com; webappsec@securityfocus.com
Subject: Re: Re[2]: [Full-disclosure] Next generation malware: Windows
Vista's gadget API
Thierry Zoller <Thierry@Zoller.lu> writes:
>PG> No, this is an entirely new level of attack,
http://gallery.live.com/liveItemDetail.aspx?li=8214ecc3-bf7e-4502-9702-9cf7cfe8aa99&bt=1&pl=1
(not picking on this particular whatever-it-is by whoever-it-is, just using it
as an example). So you've got a desktop link to a (to the typical user)
Microsoft web site containing who knows what created by who knows who that,
when run, gets full rights on your system:
Gadgets are mini-applications. Although an individual gadget may only have a
single need . such as reading files and information from the computer,
accessing information from one or more domains, or only displaying buttons
and information for a utility . the full set of gadgets mix and match needs
Next Page>>
|
