Next Page >>
messages
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security
Appliances and Cisco Catalyst 6500 Series ASA Services Module
Advisory ID: cisco-sa-20120314-asa
Revision 1.0
------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
It has been discovered that certain e-mail message cause Outlook to
create Windows shortcut-like attachments or messages within Outlook.
Through specially crafted TNEF streams with certain MAPI attachment
properties, it is possible to set a path name to files to be executed.
When a user double clicks on such an attachment or message, Outlook will
proceed to execute the file that is set by the path name value. These
The only good solution I see here is that AOL will lock down Local Zone.
Ready, AIM, fire! http://aviv.raffon.net/2007/09/25/ReadyAIMFire.aspx
--Aviv.
-----Original Message-----
From: Core Security Technologies Advisories [mailto:advisories@coresecurity.com]
Sent: Tuesday, September 25, 2007 6:21 PM
To: bugtraq@securityfocus.com; full-disclosure@lists.grok.org.uk; vulnwatch@vulnwatch.org; NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
Subject: CORE-2007-0817: Remote Command execution, HTML and JavaScript injection vulnerabilities in AOL's Instant Messaging software
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Core Security Technologies – CoreLabs Advisory
http://www.coresecurity.com/corelabs
Remote command execution, HTML and JavaScript injection vulnerabilities in
AOL’s Instant Messaging software
*Advisory Information*
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Cisco Security Advisory: Multiple Vulnerabilities in Cisco Firewall
Services Module
Advisory ID: cisco-sa-20111005-fwsm
Revision 1.0
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
MITKRB5-SA-2008-001
MIT krb5 Security Advisory 2008-001
Original release: 2008-03-18
Last update: 2008-03-18
Topic: double-free, uninitialized data vulnerabilities in krb5kdc
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory: IronPort Encryption Appliance / PostX and
PXE Encryption Vulnerabilities
Advisory ID: cisco-sa-20090114-ironport
Revision 1.0
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
fetchmail-SA-2008-01: Crash on large log messages in verbose mode
Topics: Crash in large log messages in verbose mode.
Author: Matthias Andree
Version: 1.2
Announced: 2008-06-17
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA 5500
Series Adaptive Security Appliances
Advisory ID: cisco-sa-20100217-asa
Revision 1.0
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory: Multiple Cisco IOS Session Initiation
Protocol Denial of Service Vulnerabilities
Advisory ID: cisco-sa-20080924-sip
http://www.cisco.com/warp/public/707/cisco-sa-20080924-sip.shtml
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Symantec Vulnerability Research
http://www.symantec.com/research
Security Advisory
Advisory ID: SYMSA-2007-011
---------------------------------------------------------
A] D_NetPlayerEvent global buffer-overflow using PKT_CHAT
---------------------------------------------------------
When a chat message is received, the server takes the incoming packet
and reads who sent it, its destination and naturally the entire message
which is copied in a heap buffer using the remaining size of the packet
for calculating the amount of data to allocate.
Then a strcpy() is performed for copying the message from the packet to
the new allocated buffer called msg.
function send($cmd)
{
global $host, $path;
$message = "POST ".$path."admin/admin_manager.asp?action=add HTTP/1.1\r\n";
$message .= "Accept: */*\r\n";
$message .= "Referer: http://$host$path\r\n";
$message .= "Accept-Language: zh-cn\r\n";
$message .= "Content-Type: application/x-www-form-urlencoded\r\n";
$message .= "User-Agent: securitylab\r\n";
Not Affected:
Unknown
Description:
Affected devices do not perform proper authentication of incoming SMS
Provisioning messages.
The following behaviors have been verified on affected devices:
1.Source of provisioning message is never displayed to user.
disable_functions feature can be bypassed by using functions alias. A
list of aliases is given in http://php.net/aliases/. For example,
ini_alter() may be used instead of ini_set() and vice versa.
SecurityVulns issue: http://securityvulns.com/news/PHP/alias-pb.html
Original message (in Russian): http://securityvulns.ru/Sdocument67.html
2. MustLive reports Crossite-Cripting vulnerability in WordPress
MultiUser 1.0
XSS is possible via Username form field.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory: Firewall Services Module Crafted ICMP Message
Vulnerability
Advisory ID: cisco-sa-20090819-fwsm
http://www.cisco.com/warp/public/707/cisco-sa-20090819-fwsm.shtml
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory: Cisco IOS Software Session Initiation
Protocol Denial of Service Vulnerabilities
Advisory ID: cisco-sa-20100922-sip
http://www.cisco.com/warp/public/707/cisco-sa-20100922-sip.shtml
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Cisco Security Advisory: Cisco IOS Software Session Initiation
Protocol Denial of Service Vulnerabilities
Advisory ID: cisco-sa-20110928-sip
Revision 1.0
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory: Cisco IOS Software Session Initiation
Protocol Denial of Service Vulnerabilities
Advisory ID: cisco-sa-20100324-sip
Revision 1.0
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory: Cisco IOS Software Session Initiation
Protocol Denial of Service Vulnerability
Advisory ID: cisco-sa-20090923-sip
Revision 1.0
XSS Attack using SMS to Optus/Huawei E960 HSDPA Router
Synopsis
--------
Huawei E960 HSDPA Router (firmware version 246.11.04.11.110sp04) is vulnerable to XSS attack using SMS. One of the feature of this router is the ability to send and receive SMS through its web interface. The SMS text is presented unescaped/unfiltered on the inbox view, and an attacker can craft malicious short messages to gain control over victims router.
Details
--------
The first 32 characters of every incoming SMS is presented in unescaped form in the inbox view. The 32 characters limit can be overcome by using several messages, and inserting javascript comment to merge the current message with the next one.
fetchmail-SA-2008-01: Crash on large log messages in verbose mode
Topics: Crash in large log messages in verbose mode.
Author: Matthias Andree
Version: 1.0
Announced: 2008-06-17
Type: Dereferencing garbage pointer trigged by outside circumstances
Impact: denial of service possible
Danger: low
Security Advisory: MVSA-10-002
Vendor: Google
Service: Google Message Security SaaS (powered by Postini)
- Security Console (Admin Console)
- Message Center Classic
- Message Center II
Vulnerabilities: Multiple Cross-Site Scripting (XSS)
Risk: High
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2009:321
http://www.mandriva.com/security/
_______________________________________________________________________
==[ Overview
ICQ (I Seek You) Instant Messenger is one of the most popular internet
chat software. Since 1996, it has grown to a community of over 180
million users. It has features for instant messaging, chat, sending
e-mail, SMS, file transfer, wireless-pager messages, etc.
==[ Vulnerability
INFIGO IS's security team identified a critical remote buffer overflow
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
MITKRB5-SA-2010-007
MIT krb5 Security Advisory 2010-007
Original release: 2010-11-30
Last update: 2010-11-30
Topic: Multiple checksum handling vulnerabilities
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory: Cisco Unified Communications Manager Denial
of Service Vulnerabilities
Advisory ID: cisco-sa-20100303-cucm
Revision 1.0
II. DESCRIPTION
Marc Ruef at scip AG found a denial of service vulnerability in the
current release for Apple MacOS X (version 2.8).
The application provides the possibility of sending messages to other
Skype users via the embedded chat feature.
If a vulnerable client receives a malicious message, the message and all
further messages will be received but not displayed.
Hello,
As a continuation of my advisory about "Sun Java System Communications Express Multiple HTML Injection Vulnerabilities" that can be found here: (http://www.securityfocus.com/bid/34083/info), I would like to introduce another potential security threat in the same product and based on my previous discussion.
This time an attacker can benefit from the HTML injection flaw found in the message subject field to launch a deadly CSRF attack that would delete all the victim's inbox messages permanently and forever. The attack is done via HPP (HTTP Parameter Pollution) in the main queries used by the system.
The URL below would move all the messages with msgid between 0 and 1000000 to the trash:
http[s]://[servername]:[port]/cmd.msc?sid=&mbox=INBOX&cmd=move&argv=0:1000000&argv=Trash&argv=expunge
The URL below would delete all the messages in the trash with msgid between 0 and 1000000:
$file_name = $_FILES['FILE_UPLOAD']['name'];
//$file_type = $_FILES['FILE_UPLOAD']['type'];
$peso = $_FILES['FILE_UPLOAD']['size'];
if (!$file) {
$message = "{$mklib->lang['b_compfile']}";
$mklib->error_page($message);
exit;
}
//Validate file extension
Next Page>>
|
