Title: CAID 34876: CA CleverPath Portal Session Inheritance
Vulnerability
CA Vulnerability ID (CAID): 34876
CA Advisory Date: 2006-12-19
Discovered By: CA customer and CA Technical Support
Impact: Remote attackers can potentially gain access to a user's
Portal session.
Summary: CA
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Publisher Name: OpenPKG GmbH
Publisher Home: http://openpkg.com/
Advisory Id (public):OpenPKG-SA-2006.041
Advisory Type: OpenPKG Security
Hey Bugtraq,
Just a quick clarification about the recently posted code.
On Wed, 20 Dec 2006, sumit kumar soni wrote:
HI, I don't think so its any new vulnerability or exploit (make me
correct).
Yeah, you're right, there's no bug here -- just a feature. I wrote this
code during a recent
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-
Debian Security Advisory DSA-1240-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Steve Kemp
December 21, 2006
-
n.runs AG
http://www.nruns.com/ security at nruns.com
n.runs-SA-2006.005 21-Dec-2006
Vendor:
Dear full-disclosure@lists.grok.org.uk,
There is interesting thing with event logging on Windows. The only
security aspect of it is event log record tampering and performance
degradation, but it may become sensitive is some 3rd party software is
used for automated event log analysis.
Dear full-disclosure@lists.grok.org.uk,
Since it's already wide spread on the public forums and exploit is
published on multiple sites and there is no way to stop it, I think
it's time to alert lists about this.
On the one of Russian forums:
Dear Michele Cicciotti,
--Thursday, December 21, 2006, 6:20:54 PM, you wrote to
full-disclosure@lists.grok.org.uk:
There is interesting thing with event logging on Windows. The only
security aspect of it is event log record tampering and performance
degradation, but it may
Dear lists,
in another Russian forum, Killer{R} made analysis on this issue using
Windows 2000 sources:
http://bugtraq.ru/cgi-bin/forum.mcgi?type=sbb=21m=140672
The problem is in win32k.sys' function GetHardErrorText, which tries to
prepare EXCEPTION data for event log, and seems to be
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2006:234
http://www.mandriva.com/security/
Dear [EMAIL PROTECTED],
It's
https://bugzilla.mozilla.org/show_bug.cgi?query_format=specificorder=relevance+descbug_status=__open__id=360493
and it was discussed. It can only steal password from the site if site
allows to upload form or has crossite scripting errors.
--Wednesday, December
There is interesting thing with event logging on Windows. The only
security aspect of it is event log record tampering and performance
degradation, but it may become sensitive is some 3rd party software is
used for automated event log analysis.
I doubt this. The event logs don't
You should not deploy java.exe in a shared environments where multiple trusted
users use the same JVM. There are simply to many JVM level vulnerabilities
where one user will be able to use the very recent series of JVM level bugs
that can inspect the running code of another user, not to mention
#!/usr/bin/perl
#
# INFORMATIONS
#
# Affected.scr..: Ixprim 1.2
# Poc.ID: 16061221
# Type..: Blind SQL Injection
# Risk.level: Medium
# Conditions: load_file privilege (ixp code only)
# Src.download..: www.ixprim-cms.org
# Poc.link..:
SQL injection digger is a command line program that looks for SQL injections
and common errors
in websites.Current version looks for SQL
injections and common errors in website urls found by performing a google
search.
Sqid can be downloaded from http://sqid.rubyforge.org.
--
MSG //
Preben Nyløkken has discovered this vulnerability in MG2, which can be
exploited by malicious people to conduct script insertion attacks and disclose
potentially sensitive information.
When adding a comment to an image, input passed to the name parameter isn't
properly sanitised before being
It would be a brave criminal or attacker who would pay 50K for a vulnerability
that works on the latest release candidate, but might not function on the final
release, is anyone really sure what Microsoft may change from a security
perspective between the final release candidate and the
Uh, re-read my post. My point was that based upon somewhat recently
prices on XP exploits, $50k for a Vista exploit did not surprise me one
bit. Maybe not exactly the confirmation you or Roger were looking for,
but I've seen high 5 figure offers for XP exploits for a while, I've
heard of low 6
I was wrong about this issue in my previous post.
Unofficial Solution:
FIND in /mkportal/modules/urlobox/index.php:
$message =
preg_replace('/\[URL=(.+?)\](.+)\[\/URL\]/',$no_url,$message);
$message =
Advisory (SA)
Advisory Directory: http://openpkg.com/go/OpenPKG-SA
Advisory Document: http://openpkg.com/go/OpenPKG-SA-2006.040
Advisory Published: 2006-12-21 10:44 UTC
Issue Id (internal): OpenPKG-SI-20061221
Issue First Created: 2006-12-21
Issue Last Modified: 2006-12-21
This is a bogus report. Only Administrators have perms to post URLs in the
Urlobox. I think we can safely assume that an Admin is not going to hack his
own website.
-=DKC=-
mkportal.it
Function of a prototype:
static int parse_expression(char *str, expression **e, expression
**e_exceptions)
in OpenSER 1.1.0 (SIP router implementation) is vulnerable to buffer overflow
as /str/ might be longer than the destination (where it is coppied to).
PWDumpX v1.1 now dumps the domain cache (if available) in addition to
the password hashes and the LSA secrets.
Tool location: http://reedarvin.thearvins.com/tools/PWDumpX11.zip
Source code included.
Tool homepage: http://reedarvin.thearvins.com/tools.html
Thank you,
Reed Arvin [EMAIL
This also occurs in Portal 9.0.2 in the file calendar.jsp, calendarDialog.jsp,
and fred.jsp, all of which are under the $ORACLE_HOME/j2ee directory in various
locations. The offending code is
String enc = request.getParameter(enc);
if ((enc == null) || .equals(enc))
Hi Jim
Well I think about Terminal Server and Citrix environments where Java is
used as an infrastructure for Fat Clients. I do not talk about running a web
application server like JBOSS. In case of Fat Clients under Terminal
Server/Citrix these VMs run as independent VMs under the user account
Additionally, the CVSS (Common Vulnerability Scoring System) Severity score of the issue
is 2.3, i.e. Low:
http://nvd.nist.gov/cvss.cfm?name=CVE-2006-6077vector=%28AV:R/AC:L/Au:NR/C:P/I:N/A:N/B:N%29
- Juha-Matti
3APA3A [EMAIL PROTECTED] wrote:
Dear [EMAIL PROTECTED],
It's
Heya lists 3APA3A,
3APA3A a écrit :
Dear full-disclosure@lists.grok.org.uk,
There is interesting thing with event logging on Windows. The only
security aspect of it is event log record tampering and performance
degradation, but it may become sensitive is some 3rd party software
Yes, probably this bug only affects event viewer itself. I don't
understand how and why Microsoft achieved this effect in event viewer,
which is, by the way, security tool, and if it's hard for different
vendor to make same mistake.
For what it's worth, the updated viewer
3APA3A wrote:
Killer{R} assumes the problem is in strcpy(), because it should not be
used for overlapping buffers, but at least ANSI implementation of strcpy
from Visual C should be safe in this very situation (copying to lower
addresses). May be code is different for Windows XP or
List,
I'm glad to release a beta version of untidy; untidy is general
purpose XML Fuzzer. It takes a string representation of a XML as input
and generates a set of modified, potentially invalid, XMLs based on
the input. It's released under GPL v2 and written in python.
Holy mackerel! Instances of this bug date back to 1999!
http://groups.google.ca/group/microsoft.public.win32.programmer.kernel/browse_thread/thread/c5946bf40f227058/7bd7b5d66a4e5aff
--Pukhraj
On 12/21/06, Alexander Sotirov [EMAIL PROTECTED] wrote:
3APA3A wrote:
Killer{R} assumes the
31 matches
Mail list logo