[FD] [RT-SA-2014-003] Metadata Information Disclosure in OrbiTeam BSCW

2014-05-08 Thread RedTeam Pentesting GmbH
Advisory: Metadata Information Disclosure in OrbiTeam BSCW RedTeam Pentesting discovered an information disclosure vulnerability in OrbiTeam's BSCW collaboration software. An unauthenticated attacker can disclose metadata about internal objects which are stored in BSCW. Details ===

[FD] Discussion: Teamviewer Feature or Bug?

2014-05-08 Thread HHeilemann
Hello List, today i remote-controlled a device with teamviewer. This is not very special. But: with me connected was another person (technican) from another company. He did some maintenance work on the device and me i simply followed him. Now, here comes the issue: the technican copies with

Re: [FD] Discussion: Teamviewer Feature or Bug?

2014-05-08 Thread Keith I Myers
Good Afternoon, This sounds more like a feature than a bug as it is present is most live support software such as LogMeIn Rescue, Bomgar, etc. Most of these applications have controls to limit clipboard sharing. Some even have restrictions on bidirectional sharing. There are a number of

Re: [FD] Discussion: Teamviewer Feature or Bug?

2014-05-08 Thread Dave Warren
On 2014-05-08 02:00, hheilem...@meko-s.de wrote: today i remote-controlled a device with teamviewer. This is not very special. But: with me connected was another person (technican) from another company. He did some maintenance work on the device and me i simply followed him. Now, here comes the

[FD] Beginners error: Synaptics touchpad driver delivered via Windows Update executes rogue program C:\Program.exe with system privileges during installation

2014-05-08 Thread Stefan Kanthak
Hi @ll, the WHQL-signed(!) Synaptics touchpad driver delivered via Windows Update executes a rogue program C:\Program.exe with system privileges after its installation. The observed offending command line is C:\Program Files\Synaptics\SynTP\SynTPEnh.exe /NT /I According to Microsofts