Next Page >>
mailed
#####################################################################################
Application: Microsoft Outlook Express
Microsoft Windows Mail
Platforms: Windows 2000
Windows XP
Windows Vista
Windows server 2003
Windows Server 2008 SR2
#!/usr/bin/python
#--------------------------------------------------------------------------------
#(POST var 'resetpwemail') BLIND SQL INJECTION EXPLOIT --AlumniServer v-1.0.1-->
#--------------------------------------------------------------------------------
#
#CMS INFORMATION:
#
#-->WEB: http://www.alumniserver.net/
#-->DOWNLOAD: http://www.alumniserver.net/
#-->DEMO: N/A
#####################################################################################
Application: Pegasus Mail Client
Platforms: Windows XP Professional SP2
Exploitation: remote BoF
Date: 2009-10-06
Hi Raju,
On Nov 14, 2007 3:20 AM, Raj Mathur <raju@linux-delhi.org> wrote:
> The mail addresses can only be stored if the server through which the
> mail is relayed (or on which it originates) falls under the law. I'd
> presume that's not a significant percentage of all mails sent out from
> any country.
>
1. Postfix local privilege escalation via hardlinked symlinks
=============================================================
Sebastian Krahmer of SuSE has found a privilege escalation problem.
On some systems an attacker can hardlink a root-owned symlink to
for example /var/mail, and cause Postfix to append mail to existing
files that are owned by root or non-root accounts. This can happen
on operating systems with specific non-standard behavior.
Symlinks (symbolic links) implement aliasing for UNIX pathnames.
They were introduced with 4.2BSD UNIX in 1983, and were adopted by
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Postfix incorrectly checks the ownership of a mailbox, allowing, in
certain circumstances, to append data to arbitrary files on a local
system with root privileges.
Background
==========
== DoS attacks on MIME-capable software via complex MIME emails ==
== Preface ==
On the phneutral 0x7d8 and RSS 08, I gave short talks on a widely unregarded
problem with MIME software. Due to popular demand, I decided to publish a
short writeup of the talk.
== What is MIME? ==
MIME is the standard format for email-messages. One could say, MIME is for
email, what html is for the web. The first RFC for MIME was published in
Dear bruhns@recurity-labs.com,
Idea is not new. Same vulnerabilit was reported for Agnitum Outpost by
Alexander Andrusenko in 2004, http://securityvulns.com/news3687.html
Also, same vulnerabilities were reported and fixed in Sendmail
(CVE-2006-1173).
--Tuesday, December 9, 2008, 1:52:17 AM, you wrote to bugtraq@securityfocus.com:
brlc> == DoS attacks on MIME-capable software via complex MIME emails ==
======================================================================
Secunia Research 08/04/2008
- Symantec Mail Security Folio Flat File Parsing Buffer Overflows -
======================================================================
Table of Contents
Affected Software....................................................1
======================================================================
Secunia Research 08/04/2008
- Symantec Mail Security Applix Graphics Parsing Vulnerabilities -
======================================================================
Table of Contents
Affected Software....................................................1
Title: Simple PHP Blog (sphpblog) <= 0.5.1 Multiple Vulnerabilities
Vendor: http://sourceforge.net/projects/sphpblog/
Advisory: http://acid-root.new.fr/?0:15
Author: DarkFig < gmdarkfig (at) gmail (dot) com >
Released on: 2007/10/21
Changelog: ----------
L M H T
Summary: Ip Spoofing [X] [_] [_] [X]
filters any malicious input, it simply recognizes when an attacker
tries to break your site and reacts in exactly the way you want it
to. Based on a set of approved and heavily tested filter rules any
attack is given a numerical impact rating which makes it easy to
decide what kind of action should follow the hacking attempt. This
could range from simple logging to sending out an emergency mail
to the development team, displaying a warning message for the
attacker or even ending the user’s session."
During our research in unserialize() vulnerabilities it was discovered
that PHPIDS's centrifuge detection unserializes every piece of user
A Remote Code Execution vulnerability exists in Vtiger CRM version
5.0.4. In order to exploit this vulnerability an account on the CRM
system is required.
The vulnerability resides in the "Compose Mail" section. The software
permits sending email with attachments and offers a draft save feature.
When this feature is requested and an attachment is specified, the
"saveForwardAttachments" validation routine is called.
This routine involves some security checks to handle uploaded files, it
The Zend_Log destructor iterates through an array which it expects
inside the _writers property. Each element of this array is then
expected to have a method called shutdown() which is then executed.
The next step in creating an exploit is to find classes that contain
a shutdown() method. The best fitting class is Zend_Log_Writer_Mail.
It is the same class that is also utilized in the generic Zend
Framework exploit.
public function shutdown()
{
sysadmins to check and test their systems.
I used an Ubuntu/Debian (IA32) system which *I had to make vulnerable on
purpose*. The tweaks were:
- - #1: make the spool writable to attacker
chmod o+w /var/mail
- - #2: disable mail aliases (LDA should be able to deliver mail directly to
"root" mailbox)
- - #3: use "local" postfix process as LDA
Perhaps condition #1 is the most difficult to meet, for a normal
Hello,
the reported vulnerability allows logins to mail and probably other
services protected by plesk authentication modules on at least the
current Plesk 8.6.0 Unix/Linux and could eg. be used for relaying spam
through gained smtp auth priviledges.
Only systems which allow short mail login names (SHORTNAMES=1) are
affected, which is not the default but is eg. effective after migrating
from Confixx control panel or by administrators manual choice.
mail_extra_groups=mail setting is often used insecurely to give Dovecot
access to create dotlocks to /var/mail directory. If you don't use
mboxes in /var/mail, make sure this setting is cleared.
If you do use /var/mail mboxes and Dovecot gives permission errors
without it, do one of the following (in the preferred order):
a) Upgrade to v1.0.11 and use the new mail_privileged_group setting
instead of mail_extra_groups.
b) Make /var/mail sticky and world-writable (chmod 01777 /var/mail) and
Microsoft Windows Mail and Outlook Express NNTP Protocol Heap Overflow
iDefense Security Advisory 10.09.07
http://labs.idefense.com/intelligence/vulnerabilities/
Oct 09, 2007
I. BACKGROUND
Microsoft Windows Mail and Outlook Express are the default mail and news
clients for Windows operating systems. More information can be found at
==================================
Exim Mailer, multiple vulnerabilites
June 3, 2010
CVE-2010-2023, CVE-2010-2024
==================================
==Description==
Two vulnerabilities have been discovered in Exim 4, a popular mail transfer
agent used on Unix-like systems (www.exim.org).
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Claws Mail: Insecure temporary file creation
Date: January 09, 2008
Bugs: #201244
ID: 200801-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
> As a native German speaker, allow me to clarify: with respect to IP
> communication, the law mandates saving the following information for
> 6 months:
>
> - which customer was assigned which IP for what timespan
> - sender mail address, receiver mail address and sender IP for each
> mail - in case of VOIP: caller and callee phone number and IP address
The mail addresses can only be stored if the server through which the
mail is relayed (or on which it originates) falls under the law. I'd
presume that's not a significant percentage of all mails sent out from
the process of password cracking, exist a security problem. I have
programmed a Python script that implements the process that I explain in
the proof of concept paragraph, and it has allowed me to run thousands
of automated requests and obtain the password of one of my test accounts.
> Gmail has all sorts of additional limits on password brute forcing.
> The confusion here is the difference between "login incorrect" (due to
> bad password) and "login incorrect" (due to excessive login attempts).
> This protection kicks in after a small number of failed attempts,
> after which even correct credentials will not be accepted. You can't
> tell the difference in the UI you are using, so it's understandable to
Advisory: IceWarp WebMail Server: Client-Side Specification of "Forgot
Password" eMail Content
During a penetration test, RedTeam Pentesting discovered that the emails
sent by the IceWarp WebMail Server when using the "Forgot Password"
function are generated on the client side. Furthermore, the server
expands certain keywords in these emails to users' full names, usernames
and passwords. This allows for advanced social engineering attacks and
the potential disclosure of usernames and passwords.
Debian-specific: no
CVE Id(s) : CVE-2008-1199 CVE-2008-1218
Debian Bug : 469457
Prior to this update, the default configuration for Dovecot used by
Debian runs the server daemons with group mail privileges. This means
that users with write access to their mail directory by other means
(for example, through an SSH login) could read mailboxes owned by
other users for which they do not have direct write access
(CVE-2008-1199). In addition, an internal interpretation conflict in
password handling has been addressed proactively, even though it is
are needed.
ATTENTION: Due to an unavoidable configuration update, the dovecot
settings in /etc/dovecot/dovecot.conf need to be updated manually.
During the update, a configuration file conflict will be shown.
The default setting "mail_extra_groups = mail" should be changed to
"mail_privileged_group = mail". If your local configuration uses groups
other than "mail", you may need to use the new "mail_access_groups"
setting as well.
Details follow:
- Severity: 4.5/10 (CVSS Base Score)
=============================================
I. VULNERABILITY
-------------------------
Gmail vulnerable to automated password cracking.
II. BACKGROUND
-------------------------
Gmail is Google's free webmail service. It comes with built-in Google
search technology and over 7,300 megabytes of storage (and growing
of Alessandro "Jekil" Tanasi, Florin "Slippery" Iamandi and many other
friends.
Giovanni "evilaliv3" Pellerano
web site: http://www.ush.it/, http://www.evilaliv3.org/
mail: evilaliv3 AT ush DOT it
Antonio "s4tan" Parata
web site: http://www.ush.it/
mail: s4tan AT ush DOT it
* Safari (and other webkit-based)browser port blocking bypassed by integer overflow
and a technique that, as far as I know, has not been premiered before:
* XHR (XMLHttpRequest) as a vector for mail merging or wordlist attacks in
XPS/IPE attacks
We're going to show you how these two methods combine like Voltron into a whole
much larger than its parts. At the end of this short advisory you will be able
to take any Safari web browser and make it a spam drone, a wordlist-based logon
CVE-2009-1302 CVE-2009-1303 CVE-2009-1307 CVE-2009-1832 CVE-2009-1392
CVE-2009-1836 CVE-2009-1838 CVE-2009-1841
Several remote vulnerabilities have been discovered in the Icedove
mail client, an unbranded version of the Thunderbird mail client. The
Common Vulnerabilities and Exposures project identifies the following
problems:
CVE-2009-0040
#!/usr/bin/env python
###########################################################
#
# Eureka Mail Client Remote Buffer Overflow Exploit XP SP3 English Egghunter Edition
# Coded By: k4mr4n_st@yahoo.com
# Found By: k4mr4n (Securitylab.ir Member)
# Tested On: Windows XPSP3 English
# Note: This script sets up a fake SMTP server
# Note: Set the client to this address and check your mail
#
Next Page>>
|
