Guests can view names and emailadresses of all Liferay users in liferay 6.1
Description:
Liferay Portal is an enterprise portal written in Java
As an unauthenticated user it is possible to retrieve the names and
email adresses of all Liferay users.
To retrieve a list of all users simply issue
Liferay 6.1 can be compromised without having an account on the portal
Description:
Liferay Portal is an enterprise portal written in Java
Liferay in it's default configuration exposes a number of remotely
accessible webservices.
Access to these services is restricted by an ip block.
It is
Liferay users can assign themselves to organizations, leading to
possible privilege escalation
Description:
Liferay Portal is an enterprise portal written in Java
Due to insufficient permission checking in the updateOrganizations
method of UserService any user
can assign hem or her self to any
Specially crafted Json service request allows full control over a
Liferay portal instance
Description:
Liferay Portal is an enterprise portal written in Java
By doing a single http request you can reconfigure Liferay to use a
remote Memcached cache instead of it's own cache.
Liferay 6.1 can be compromised in its default configuration
Description:
Liferay Portal is an enterprise portal written in Java
By utilizing the json webservices exposed by the platform you can
register a new user with any role in the system, including the built
in administrator role.
The
Specially crafted webdav request allows reading of local files on liferay 6.0.x
Description:
Liferay Portal is an enterprise portal written in Java
By creating a specially crafted webdav request that contains an
external entity it is possible to read files from a liferay server.
and echo these
WinSCP - URI Handler Command Switch Parsing
About winscp :
WinSCP is an open source freeware SFTP client for Windows using SSH.
Legacy SCP protocol is also supported. Its main function is safe copying
of files between a local and a remote computer.
Versions affected :
It was tested on WinSCP
I don't know if anybody pointed it out before...
yes i did, see http://msgs.securepoint.com/cgi-bin/get/bugtraq0302/12.html
- Original Message -
From: Adam [ckkl] [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Sunday, March 23, 2003 3:10 AM
Subject: IE - reading local files
Hello,
We allready knew pressing the back button on IE is dangerous
(http://online.securityfocus.com/archive/1/267561) So it wont come as a
total shock
that so is clicking a link :)
The problem lies in the dragdrop method that was added as a method on
nearly all HTML elements in ie5.5 This method makes
method caching bugs.
Very nice work indeed.
I'll cc this to bugtraq for clarity sake
--
jelmer
- Original Message -
From: Andreas Sandblad [EMAIL PROTECTED]
To: jelmer [EMAIL PROTECTED]
Sent: Friday, November 08, 2002 4:34 PM
Subject: Re: How to execute programs with parameters in IE
The external method flaw also seems to affects my ie6 sp1 browser
--
jelmer
- Original Message -
From: GreyMagic Software [EMAIL PROTECTED]
To: Bugtraq [EMAIL PROTECTED]
Sent: Tuesday, October 22, 2002 5:24 PM
Subject: Vulnerable cached objects in IE (9 advisories in 1)
GreyMagic
It throws a permission denied exception on my MSIE 6 SP1 + all patches in
place
MSIE 6.0.2600. is way old
--
jelmer
- Original Message -
From: Liu Die Yu [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, October 21, 2002 4:16 PM
Subject: MSIE:SaveRef cracks (VictimWindow
It throws a permission denied exception on my MSIE 6 SP1 + all patches in
place
MSIE 6.0.2600. is way old
--
jelmer
- Original Message -
From: Liu Die Yu [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, October 21, 2002 4:16 PM
Subject: MSIE:SaveRef cracks (VictimWindow
The following message apperently bounced the first time i send it :s
Flash player can read local files
Description
There is a flaw in the macromedia flash player wich allows reading and
sending of local files
The flaw lies in the fact that when a flash movie is loaded from a remote
smb share
the content is under your
control. Thus you can create fake login screens etc without raising
suspicion
--
jelmer
- Original Message -
From: Dave Ahmad [EMAIL PROTECTED]
To: Liu Die Yu [EMAIL PROTECTED]
Sent: Wednesday, September 04, 2002 6:32 PM
Subject: Re: MSIEv6 % encoding causes
) {
}
}
/script
- Original Message -
From: Avleen Vig [EMAIL PROTECTED]
To: Jelmer [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Saturday, August 17, 2002 8:31 PM
Subject: Re: Internet explorer can read local files
On Sat, 17 Aug 2002, Jelmer wrote:
html
head
base href=file
:\jelmer.xml
html
head
base href=file:///C:/
/head
body
applet code=com.ms.xml.dso.XMLDSO.class width=100% height=50 id=xmldso
MAYSCRIPT=true
PARAM NAME=url VALUE=jelmer.xml
/applet
script language=javascript
setTimeout(showIt(),2000);
function showIt() {
var jelmer = xmldso.getDocument
\javalog.txt
Those who have been following HTTP-EQUIV's discovery will realise that
this is extremely dangerous, as it will allow execution of arbitrary
code
However since this feature is disabled by default it can be considered
to be very low risk
--
jelmer
This one was missed by security focus .
Lets try again
--
jelmer
- Original Message -
From: Jelmer [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Sunday, August 11, 2002 1:28 AM
Subject: newly released winamp 3 fails to address serious execution of
arbitrary code issue when combined
='http://kuperus.xs4all.nl' : 0 );
word-wrap : expression(this.done=true); test/a
its a bit messy but gets the job done. It works by using css expressions (a
feature afaik native to Internet explorer) in the style tag.
--
jelmer
- Original Message -
From: -delusion- [EMAIL PROTECTED
.---..--
/ \ __ /--
/ / \( )/-
// ' \/ ` ---
/ // :: ---
// / / /`'--
// //..\\
UUUU
'//||\\` Macromedia Flash plugin can read local files
Description :
Macromedia
several months
and as far as I know they are still looking.
--
jelmer
- Original Message -
From: Next Generation Insight Security Research Team
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Sent: Friday, August 02, 2002 3:59 AM
Subject: Winhelp32 Remote Buffer Overrun
-BEGIN
It would seem that I opened up a can of worms when i created my icq +
msie advisory the other day
Wich presented a new way to execute arbitrary code on a users machine
winamp is equally vulnerable
Winamps starts skin files with the extention wsz and the mime type
interface/x-winamp-skin
Outline
qoute
I was about to put on a home page
right after I discovered it [and still had a hope that I will be
that one who will finally destroy the world :]:
/quote
Well i dont know if it will destroy the world, but sure enough it's enough
to destory a small portion off it :)
Actually i
24 matches
Mail list logo