[Full-disclosure] VMSA-2011-0013 VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - VMware Security Advisory Advisory ID: VMSA-2011-0013 Synopsis:VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX Issue date: 2011-10-27 Updated on: 2011-10-27 (initial release of advisory) CVE numbers: --- openssl --- CVE-2008-7270 CVE-2010-4180 --- libuser --- CVE-2011-0002 --- nss, nspr --- CVE-2010-3170 CVE-2010-3173 --- Oracle (Sun) JRE 1.6.0 --- CVE-2010-1321 CVE-2010-3541 CVE-2010-3548 CVE-2010-3549 CVE-2010-3550 CVE-2010-3551 CVE-2010-3552 CVE-2010-3553 CVE-2010-3554 CVE-2010-3555 CVE-2010-3556 CVE-2010-3557 CVE-2010-3558 CVE-2010-3559 CVE-2010-3560 CVE-2010-3561 CVE-2010-3562 CVE-2010-3563 CVE-2010-3565 CVE-2010-3566 CVE-2010-3567 CVE-2010-3568 CVE-2010-3569 CVE-2010-3570 CVE-2010-3571 CVE-2010-3572 CVE-2010-3573 CVE-2010-3574 CVE-2010-4422 CVE-2010-4447 CVE-2010-4448 CVE-2010-4450 CVE-2010-4451 CVE-2010-4452 CVE-2010-4454 CVE-2010-4462 CVE-2010-4463 CVE-2010-4465 CVE-2010-4466 CVE-2010-4467 CVE-2010-4468 CVE-2010-4469 CVE-2010-4470 CVE-2010-4471 CVE-2010-4472 CVE-2010-4473 CVE-2010-4474 CVE-2010-4475 CVE-2010-4476 --- Oracle (Sun) JRE 1.5.0 --- CVE-2010-4447 CVE-2010-4448 CVE-2010-4450 CVE-2010-4454 CVE-2010-4462 CVE-2010-4465 CVE-2010-4466 CVE-2010-4468 CVE-2010-4469 CVE-2010-4473 CVE-2010-4475 CVE-2010-4476 CVE-2011-0862 CVE-2011-0873 CVE-2011-0815 CVE-2011-0864 CVE-2011-0802 CVE-2011-0814 CVE-2011-0871 CVE-2011-0867 CVE-2011-0865 --- SFCB --- CVE-2010-2054 - 1. Summary Update 2 for vCenter Server 4.1, vCenter Update Manager 4.1, vSphere Hypervisor (ESXi) 4.1 and ESX 4.1 addresses several security issues. 2. Relevant releases vCenter Server 4.1 without Update 2 vCenter Update Manager 4.1 without Update 2 ESXi 4.1 without patch ESX410-201110201-SG. ESX 4.1 without patches ESX410-201110201-SG, ESX410-201110204-SG, ESX410-201110206-SG,ESX410-201110214-SG. 3. Problem Description a. ESX third party update for Service Console openssl RPM The Service Console openssl RPM is updated to openssl-0.9.8e.12.el5_5.7 resolving two security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2008-7270 and CVE-2010-4180 to these issues. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch = === = vCenter any Windows not affected hosted* any any not affected ESXiany any not affected ESX 4.1 ESX ESX410-201110204-SG ESX 4.0 ESX patch pending ESX 3.5 ESX not applicable ESX 3.0.3 ESX not applicable * hosted products are VMware Workstation, Player, ACE, Fusion. b. ESX third party update for Service Console libuser RPM The Service Console libuser RPM is updated to version 0.54.7-2.1.el5_5.2 to resolve a security issue. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2011-0002 to this issue. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch = === = vCenter any Windows not affected hosted* any any not affected ESXiany ESXinot affected ESX 4.1 ESX ESX410-201110206-SG ESX 4.0 ESX patch pending ESX 3.5 ESX not applicable ESX 3.0.3 ESX not applicable * hosted products are VMware Workstation, Player, ACE, Fusion. c. ESX third party update for Service Console nss and nspr RPMs The Service Console Network Security Services (NSS) and Netscape Portable Runtime (NSPR) libraries are updated to nspr-4.8.6-1 and nss-3.12.8-4 resolving multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
Re: [Full-disclosure] noise: Possible skydrive link to gov
too lazy to google and find out what skydrive is? or too returded? 2011/10/27 xD 0x41 sec...@gmail.com Hi. I recently have heard that police, in some places, are using an app called SkyDrive to get 'dox' on people, they seem to be hiding it but, i dont know much yet on this expect, that is ptretty certain, they are using skydrive 9police) in some places... but, to what extent.. i know you can share folders etc on skydrive... its just curious to me.. nothing big. If anyone has hard proof would be great. xd ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] noise: Possible skydrive link to gov
i think the latter. grow up. On 28 October 2011 20:49, doc mombasa doc.momb...@gmail.com wrote: too lazy to google and find out what skydrive is? or too returded? 2011/10/27 xD 0x41 sec...@gmail.com Hi. I recently have heard that police, in some places, are using an app called SkyDrive to get 'dox' on people, they seem to be hiding it but, i dont know much yet on this expect, that is ptretty certain, they are using skydrive 9police) in some places... but, to what extent.. i know you can share folders etc on skydrive... its just curious to me.. nothing big. If anyone has hard proof would be great. xd ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] noise: Possible skydrive link to gov
judging from your inane ramblings about things you obviously have zero clue about im pretty sure that you're the australian mirror of n3td3v you even have the same fondness of wowowowowow 1337 h4nd13 !oneoneone 2011/10/28 xD 0x41 sec...@gmail.com i think the latter. grow up. On 28 October 2011 20:49, doc mombasa doc.momb...@gmail.com wrote: too lazy to google and find out what skydrive is? or too returded? 2011/10/27 xD 0x41 sec...@gmail.com Hi. I recently have heard that police, in some places, are using an app called SkyDrive to get 'dox' on people, they seem to be hiding it but, i dont know much yet on this expect, that is ptretty certain, they are using skydrive 9police) in some places... but, to what extent.. i know you can share folders etc on skydrive... its just curious to me.. nothing big. If anyone has hard proof would be great. xd ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [SECURITY] [DSA 2330-1] simplesamlphp security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2330-1 secur...@debian.org http://www.debian.org/security/ Thijs Kinkhorst October 27, 2011 http://www.debian.org/security/faq - - Package: simplesamlphp Vulnerability : xml encryption weakness Problem type : remote Debian-specific: no Issues were found in the handling of XML encryption in simpleSAMLphp, an application for federated authentication. The following two issues have been addressed: It may be possible to use an SP as an oracle to decrypt encrypted messages sent to that SP. It may be possible to use the SP as a key oracle which can be used to forge messages from that SP by issuing 30-200 queries to the SP. The oldstable distribution (lenny) does not contain simplesamlphp. For the stable distribution (squeeze), this problem has been fixed in version 1.6.3-2. The testing distribution (wheezy) will be fixed soon. For the unstable distribution (sid), this problem has been fixed in version 1.8.2-1. We recommend that you upgrade your simplesamlphp packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBAgAGBQJOqY2xAAoJEOxfUAG2iX57GuYH/3hDc2VV0EcJ0zrqcjVMkBE0 q1vAdVqsQ7gwl2c3dIAXr+VrI/C8bx5/8qLBl7K8FMGEvm9Z9RlTXpE1t5JJZd9H 4PY2qAeYrFdovbgkKyovnTCrNrhA0GamTqMoOwaWaCclT0QbV2PgqonbPtKT0AAQ 2ngZxAe3KvV4fleRNdJ0z+iFYMmbJa4KYqa/m1R/EZ2BPfMurv0VCO9sv354YOtR MmkwBdOTZQguwNibxoVW5olV++wcNHyHqQcFbb8d5219zH62Lll/0rcwPNdgIl6X uTztVgQiFFZnzKk4Px3yemWz2zOcEy+JJNxV7XJddDFAAqTPq8CEKVCcA961/9g= =r/ZQ -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Facebook Attach EXE Vulnerability
Is this for real? If so, this is a huge scandal imho. Such a simple error for a Facebook developer to make. On 27 Oct 2011 13:53, Nathan Power n...@securitypentest.com wrote: - 1. Summary: When using the Facebook 'Messages' tab, there is a feature to attach a file. Using this feature normally, the site won't allow a user to attach an executable file. A bug was discovered to subvert this security mechanisms. Note, you do NOT have to be friends with the user to send them a message with an attachment. - Read the rest of this advisory here: http://www.securitypentest.com/2011/10/facebook-attach-exe-vulnerability.html Enjoy :) Nathan Power www.securitypentest.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Tor anonymizing network Compromised by French researchers
Rumors of Tor's compromise are greatly exaggerated : https://blog.torproject.org/blog/rumors-tors-compromise-are-greatly-exaggerated ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] XAMPP 1.7.4 XSS vulnerabilities
Please download the attachment $--- $ Xampp 1.7.4 for Windows multiple Site Scripting Vulnerabilities $ Author : Sangteamtham $ Home : Hcegroup.net $ Download :http://www.apachefriends.org/en/xampp-windows.html $ Date :07/12/2011 $ Twitter: http://twitter.com/Sangte_amtham $** 1.Description: XAMPP is an easy to install Apache distribution containing MySQL, PHP and Perl. XAMPP is really very easy to install and to use - just download, extract and start. 2. Patch: Jul 12, 2011: Contact to vendor. Jul 12, 2011: Vendor said that they would fix in next release Sep 21, 2011: Released XAMPP 1.7.7 Oct 27, 2011: Release the bug. 3. POC: http://localhost/xampp/ming.php?text=%22%20onmouseover%3dalert%28%22XSS%22%29%20bad%22 http://localhost/xampp/cds.php/%27onmouseover=alert%28%22XSS%22%29%3E In adodb.php, we have a form to submit database information, but this form is not filer well. So web can submit the malicious codes. http://localhost/xampp/adodb.php $** $ Greetz to: All Vietnamese hackers and Hackers out there researching for more security $ $ $___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Facebook Attach EXE Vulnerability
Nice one Nathan :) On Thu, Oct 27, 2011 at 9:33 PM, Dan Ballance tzewang.do...@gmail.comwrote: Is this for real? If so, this is a huge scandal imho. Such a simple error for a Facebook developer to make. On 27 Oct 2011 13:53, Nathan Power n...@securitypentest.com wrote: - 1. Summary: When using the Facebook 'Messages' tab, there is a feature to attach a file. Using this feature normally, the site won't allow a user to attach an executable file. A bug was discovered to subvert this security mechanisms. Note, you do NOT have to be friends with the user to send them a message with an attachment. - Read the rest of this advisory here: http://www.securitypentest.com/2011/10/facebook-attach-exe-vulnerability.html Enjoy :) Nathan Power www.securitypentest.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- Thanks and Regards, Vipul Agarwal ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Tor anonymizing network Compromised by French researchers
Bravo! A completely impartial source. -- Leon Kaiser - Head of GNAA Public Relations - litera...@gnaa.eu || litera...@goatse.fr http://gnaa.eu || http://security.goatse.fr 7BEECD8D FCBED526 F7960173 459111CE F01F9923 The mask of anonymity is not intensely constructive. -- Andrew weev Auernheimer On Fri, 2011-10-28 at 11:58 +0200, Lucas wrote: Rumors of Tor's compromise are greatly exaggerated : https://blog.torproject.org/blog/rumors-tors-compromise-are-greatly-exaggerated ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Facebook Attach EXE Vulnerability
Not fixed yet. At least not yesterday when I checked. Nathan, didn't Facebook ask for some time to fix this bug after they have acknowledged it? Pablo Ximenes http://ximen.es/ http://twitter.com/pabloximenes Em 27/10/2011, às 19:29, Joshua Thomas rappercra...@gmail.com escreveu: can't believe such was on FB wahahaha !!! lol rofl ... When was this discovered and fixed ? On Thu, Oct 27, 2011 at 1:02 AM, Nathan Power n...@securitypentest.com n...@securitypentest.com wrote: - 1. Summary: When using the Facebook 'Messages' tab, there is a feature to attach a file. Using this feature normally, the site won't allow a user to attach an executable file. A bug was discovered to subvert this security mechanisms. Note, you do NOT have to be friends with the user to send them a message with an attachment. - Read the rest of this advisory here: http://www.securitypentest.com/2011/10/facebook-attach-exe-vulnerability.html http://www.securitypentest.com/2011/10/facebook-attach-exe-vulnerability.html Enjoy :) Nathan Power http://www.securitypentest.comwww.securitypentest.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Facebook Attach EXE Vulnerability
Not fixed yet. I checked today. On Fri, Oct 28, 2011 at 1:18 PM, Pablo Ximenes pa...@ximen.es wrote: Not fixed yet. At least not yesterday when I checked. Nathan, didn't Facebook ask for some time to fix this bug after they have acknowledged it? Pablo Ximenes http://ximen.es/http://ximen.es/ http://twitter.com/pabloximeneshttp://twitter.com/pabloximenes Em 27/10/2011, às 19:29, Joshua Thomas rappercra...@gmail.com rappercra...@gmail.com escreveu: can't believe such was on FB wahahaha !!! lol rofl ... When was this discovered and fixed ? On Thu, Oct 27, 2011 at 1:02 AM, Nathan Power n...@securitypentest.comn...@securitypentest.com n...@securitypentest.com wrote: - 1. Summary: When using the Facebook 'Messages' tab, there is a feature to attach a file. Using this feature normally, the site won't allow a user to attach an executable file. A bug was discovered to subvert this security mechanisms. Note, you do NOT have to be friends with the user to send them a message with an attachment. - Read the rest of this advisory here: http://www.securitypentest.com/2011/10/facebook-attach-exe-vulnerability.htmlhttp://www.securitypentest.com/2011/10/facebook-attach-exe-vulnerability.html http://www.securitypentest.com/2011/10/facebook-attach-exe-vulnerability.html Enjoy :) Nathan Power http://www.securitypentest.com http://www.securitypentest.com www.securitypentest.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.htmlhttp://lists.grok.org.uk/full-disclosure-charter.html http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/http://secunia.com/ http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.htmlhttp://lists.grok.org.uk/full-disclosure-charter.html http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/http://secunia.com/ http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Facebook Attach EXE Vulnerability
I dont think that he waited for vendor to confirm fix in production and I dont see a reason that he needs to wait . If FB did not ask him to refrain from disclosure.. y shld he ? 09/30/2011 Reported Vulnerability to the Vendor 10/26/2011 Vendor Acknowledged Vulnerability 10/27/2011 Publicly Disclosed On Fri, Oct 28, 2011 at 11:18 AM, Pablo Ximenes pa...@ximen.es wrote: Not fixed yet. At least not yesterday when I checked. Nathan, didn't Facebook ask for some time to fix this bug after they have acknowledged it? Pablo Ximenes http://ximen.es/ http://twitter.com/pabloximenes Em 27/10/2011, às 19:29, Joshua Thomas rappercra...@gmail.com escreveu: can't believe such was on FB wahahaha !!! lol rofl ... When was this discovered and fixed ? On Thu, Oct 27, 2011 at 1:02 AM, Nathan Power n...@securitypentest.com n...@securitypentest.com wrote: - 1. Summary: When using the Facebook 'Messages' tab, there is a feature to attach a file. Using this feature normally, the site won't allow a user to attach an executable file. A bug was discovered to subvert this security mechanisms. Note, you do NOT have to be friends with the user to send them a message with an attachment. - Read the rest of this advisory here: http://www.securitypentest.com/2011/10/facebook-attach-exe-vulnerability.html http://www.securitypentest.com/2011/10/facebook-attach-exe-vulnerability.html Enjoy :) Nathan Power http://www.securitypentest.com/www.securitypentest.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Facebook Attach EXE Vulnerability
Agreed. What I'm asking is whether Facebook did ask him to wait. Did it? If it did it's a whole different ball game. Pablo Ximenes http://ximen.es/ http://twitter.com/pabloximenes Em 28/10/2011, às 13:01, Peter Dawson slash...@gmail.com escreveu: I dont think that he waited for vendor to confirm fix in production and I dont see a reason that he needs to wait . If FB did not ask him to refrain from disclosure.. y shld he ? 09/30/2011 Reported Vulnerability to the Vendor 10/26/2011 Vendor Acknowledged Vulnerability 10/27/2011 Publicly Disclosed On Fri, Oct 28, 2011 at 11:18 AM, Pablo Ximenes pa...@ximen.es wrote: Not fixed yet. At least not yesterday when I checked. Nathan, didn't Facebook ask for some time to fix this bug after they have acknowledged it? Pablo Ximenes http://ximen.es/http://ximen.es/ http://twitter.com/pabloximeneshttp://twitter.com/pabloximenes Em 27/10/2011, às 19:29, Joshua Thomas rappercra...@gmail.com rappercra...@gmail.com escreveu: can't believe such was on FB wahahaha !!! lol rofl ... When was this discovered and fixed ? On Thu, Oct 27, 2011 at 1:02 AM, Nathan Power n...@securitypentest.comn...@securitypentest.com n...@securitypentest.com wrote: - 1. Summary: When using the Facebook 'Messages' tab, there is a feature to attach a file. Using this feature normally, the site won't allow a user to attach an executable file. A bug was discovered to subvert this security mechanisms. Note, you do NOT have to be friends with the user to send them a message with an attachment. - Read the rest of this advisory here: http://www.securitypentest.com/2011/10/facebook-attach-exe-vulnerability.htmlhttp://www.securitypentest.com/2011/10/facebook-attach-exe-vulnerability.html http://www.securitypentest.com/2011/10/facebook-attach-exe-vulnerability.html Enjoy :) Nathan Power http://www.securitypentest.com/ http://www.securitypentest.com/ www.securitypentest.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.htmlhttp://lists.grok.org.uk/full-disclosure-charter.html http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/http://secunia.com/ http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.htmlhttp://lists.grok.org.uk/full-disclosure-charter.html http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/http://secunia.com/ http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Facebook Attach EXE Vulnerability
oh ok..i c ur point.. if they did tell him to wait and he failed their NDA.. then its an issue /pd On Fri, Oct 28, 2011 at 12:04 PM, Pablo Ximenes pa...@ximen.es wrote: Agreed. What I'm asking is whether Facebook did ask him to wait. Did it? If it did it's a whole different ball game. Pablo Ximenes http://ximen.es/ http://twitter.com/pabloximenes Em 28/10/2011, às 13:01, Peter Dawson slash...@gmail.com escreveu: I dont think that he waited for vendor to confirm fix in production and I dont see a reason that he needs to wait . If FB did not ask him to refrain from disclosure.. y shld he ? 09/30/2011 Reported Vulnerability to the Vendor 10/26/2011 Vendor Acknowledged Vulnerability 10/27/2011 Publicly Disclosed ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [SECURITY] [DSA 2331-1] tor security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA-2331-1 secur...@debian.org http://www.debian.org/security/Moritz Muehlenhoff October 28, 2011 http://www.debian.org/security/faq - -- Package: tor Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2011-2768 CVE-2011-2769 It has been discovered by frosty_un that a design flaw in Tor, an online privacy tool, allows malicious relay servers to learn certain information that they should not be able to learn. Specifically, a relay that a user connects to directly could learn which other relays that user is connected to directly. In combination with other attacks, this issue can lead to deanonymizing the user. The Common Vulnerabilities and Exposures project has assigned CVE-2011-2768 to this issue. In addition to fixing the above mentioned issues, the updates to oldstable and stable fix a number of less critical issues (CVE-2011-2769). Please see this posting from the Tor blog for more information: https://blog.torproject.org/blog/tor-02234-released-security-patches For the oldstable distribution (lenny), this problem has been fixed in version 0.2.1.31-1~lenny+1. Due to technical limitations in the Debian archive scripts, the update cannot be released synchronously with the packages for stable. It will be released shortly. For the stable distribution (squeeze), this problem has been fixed in version 0.2.1.31-1. For the unstable and testing distributions, this problem has been fixed in version 0.2.2.34-1. For the experimental distribution, this problem have has fixed in version 0.2.3.6-alpha-1. We recommend that you upgrade your tor packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iEYEARECAAYFAk6q1UIACgkQXm3vHE4uylrH1ACg6Y7x6by9MtC6d2whbYQvf0sV qdgAoM3IeWEe985DCPmvdBDHmEQBDzpk =HWr2 -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Tor anonymizing network Compromised by French researchers
I don't do blogs. -- Leon Kaiser - Head of GNAA Public Relations - litera...@gnaa.eu || litera...@goatse.fr http://gnaa.eu || http://security.goatse.fr 7BEECD8D FCBED526 F7960173 459111CE F01F9923 The mask of anonymity is not intensely constructive. -- Andrew weev Auernheimer On Fri, 2011-10-28 at 16:26 +0200, Mario Vilas wrote: Did you read the comments? On Fri, Oct 28, 2011 at 3:36 PM, Leon Kaiser litera...@gmail.com wrote: Bravo! A completely impartial source. -- Leon Kaiser - Head of GNAA Public Relations - litera...@gnaa.eu || litera...@goatse.fr http://gnaa.eu || http://security.goatse.fr 7BEECD8D FCBED526 F7960173 459111CE F01F9923 The mask of anonymity is not intensely constructive. -- Andrew weev Auernheimer On Fri, 2011-10-28 at 11:58 +0200, Lucas wrote: Rumors of Tor's compromise are greatly exaggerated : https://blog.torproject.org/blog/rumors-tors-compromise-are-greatly-exaggerated ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- “There's a reason we separate military and the police: one fights the enemy of the state, the other serves and protects the people. When the military becomes both, then the enemies of the state tend to become the people.” ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Facebook Attach EXE Vulnerability
seems they use string.endwith to decide if it is exe -- 抱歉暂时无法详细说明。这份邮件是使用安装有K-9 Mail的Android移动设备发送的。 Vipul Agarwal vi...@nuttygeeks.com写到: Nice one Nathan :) On Thu, Oct 27, 2011 at 9:33 PM, Dan Ballance tzewang.do...@gmail.com wrote: Is this for real? If so, this is a huge scandal imho. Such a simple error for a Facebook developer to make. On 27 Oct 2011 13:53, Nathan Power n...@securitypentest.com wrote: - 1. Summary: When using the Facebook 'Messages' tab, there is a feature to attach a file. Using this feature normally, the site won't allow a user to attach an executable file. A bug was discovered to subvert this security mechanisms. Note, you do NOT have to be friends with the user to send them a message with an attachment. - Read the rest of this advisory here: http://www.securitypentest.com/2011/10/facebook-attach-exe-vulnerability.html Enjoy :) Nathan Power www.securitypentest.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- Thanks and Regards, Vipul Agarwal ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [SECURITY] [DSA 2323-1] radvd security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2323-1 secur...@debian.org http://www.debian.org/security/ Yves-Alexis Perez October 26, 2011 http://www.debian.org/security/faq - - Package: radvd Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2011-3602 CVE-2011-3604 CVE-2011-3605 Debian Bug : 644614 Multiple security issues were discovered by Vasiliy Kulikov in radvd, an IPv6 Router Advertisement daemon: CVE-2011-3602 set_interface_var() function doesn't check the interface name, which is chosen by an unprivileged user. This could lead to an arbitrary file overwrite if the attacker has local access, or specific files overwrites otherwise. CVE-2011-3604 process_ra() function lacks multiple buffer length checks which could lead to memory reads outside the stack, causing a crash of the daemon. CVE-2011-3605 process_rs() function calls mdelay() (a function to wait for a defined time) unconditionnally when running in unicast-only mode. As this call is in the main thread, that means all request processing is delayed (for a time up to MAX_RA_DELAY_TIME, 500 ms by default). An attacked could flood the daemon with router solicitations in order to fill the input queue, causing a temporary denial of service (processing would be stopped during all the mdelay() calls). Note: upstream and Debian default is to use anycast mode. For the oldstable distribution (lenny), this problem has been fixed in version 1:1.1-3.1. For the stable distribution (squeeze), this problem has been fixed in version 1:1.6-1.1. For the testing distribution (wheezy), this problem has been fixed in version 1:1.8-1.2. For the unstable distribution (sid), this problem has been fixed in version 1:1.8-1.2. We recommend that you upgrade your radvd packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iEYEARECAAYFAk6q2QcACgkQXm3vHE4uylqlEQCgpdFwHzpKLF6KHlJs4y/ykeo/ oEYAniJXFaff25pMtXzM6Ovu8zslZm7H =VfHu -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Facebook Attach EXE Vulnerability
I see. I have seen this kinda behavior from vendors too often. I supose the reason for this is the flood of false positives. I think they need a better way to sift the wheat from the chaff. Congrats for your work! 2011/10/28 Nathan Power n...@securitypentest.com I was basically told that Facebook didn't see it as an issue and I was puzzled by that. Ends up the Facebook security team had issues reproducing my work and that's why they initially disgarded it. After publishing, the Facebook security team re-examined the issue and by working with me they seem to have been able to reproduce the bug. Nathan Power www.securitypentest.com On Fri, Oct 28, 2011 at 11:18 AM, Pablo Ximenes pa...@ximen.es wrote: Not fixed yet. At least not yesterday when I checked. Nathan, didn't Facebook ask for some time to fix this bug after they have acknowledged it? Pablo Ximenes http://ximen.es/http://ximen.es/ http://twitter.com/pabloximeneshttp://twitter.com/pabloximenes Em 27/10/2011, às 19:29, Joshua Thomas rappercra...@gmail.com rappercra...@gmail.com escreveu: can't believe such was on FB wahahaha !!! lol rofl ... When was this discovered and fixed ? On Thu, Oct 27, 2011 at 1:02 AM, Nathan Power n...@securitypentest.comn...@securitypentest.com n...@securitypentest.com wrote: - 1. Summary: When using the Facebook 'Messages' tab, there is a feature to attach a file. Using this feature normally, the site won't allow a user to attach an executable file. A bug was discovered to subvert this security mechanisms. Note, you do NOT have to be friends with the user to send them a message with an attachment. - Read the rest of this advisory here: http://www.securitypentest.com/2011/10/facebook-attach-exe-vulnerability.htmlhttp://www.securitypentest.com/2011/10/facebook-attach-exe-vulnerability.html http://www.securitypentest.com/2011/10/facebook-attach-exe-vulnerability.html Enjoy :) Nathan Power http://www.securitypentest.com http://www.securitypentest.com www.securitypentest.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.htmlhttp://lists.grok.org.uk/full-disclosure-charter.html http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/http://secunia.com/ http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.htmlhttp://lists.grok.org.uk/full-disclosure-charter.html http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/http://secunia.com/ http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Facebook Attach EXE Vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I think they need a better way to sift the wheat from the chaff. Numbers can be magic and eight bytes is enough of a taste to tell honey from vinegar. Nice find Dave On 28/10/2011 18:56, Pablo Ximenes wrote: I see. I have seen this kinda behavior from vendors too often. I supose the reason for this is the flood of false positives. I think they need a better way to sift the wheat from the chaff. Congrats for your work! 2011/10/28 Nathan Power n...@securitypentest.com I was basically told that Facebook didn't see it as an issue and I was puzzled by that. Ends up the Facebook security team had issues reproducing my work and that's why they initially disgarded it. After publishing, the Facebook security team re-examined the issue and by working with me they seem to have been able to reproduce the bug. Nathan Power www.securitypentest.com On Fri, Oct 28, 2011 at 11:18 AM, Pablo Ximenes pa...@ximen.es wrote: Not fixed yet. At least not yesterday when I checked. Nathan, didn't Facebook ask for some time to fix this bug after they have acknowledged it? Pablo Ximenes http://ximen.es/http://ximen.es/ http://twitter.com/pabloximeneshttp://twitter.com/pabloximenes Em 27/10/2011, às 19:29, Joshua Thomas rappercra...@gmail.com rappercra...@gmail.com escreveu: can't believe such was on FB wahahaha !!! lol rofl ... When was this discovered and fixed ? On Thu, Oct 27, 2011 at 1:02 AM, Nathan Power n...@securitypentest.comn...@securitypentest.com n...@securitypentest.com wrote: - 1. Summary: When using the Facebook 'Messages' tab, there is a feature to attach a file. Using this feature normally, the site won't allow a user to attach an executable file. A bug was discovered to subvert this security mechanisms. Note, you do NOT have to be friends with the user to send them a message with an attachment. - Read the rest of this advisory here: http://www.securitypentest.com/2011/10/facebook-attach-exe-vulnerability.htmlhttp://www.securitypentest.com/2011/10/facebook-attach-exe-vulnerability.html http://www.securitypentest.com/2011/10/facebook-attach-exe-vulnerability.html Enjoy :) Nathan Power http://www.securitypentest.com http://www.securitypentest.com www.securitypentest.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.htmlhttp://lists.grok.org.uk/full-disclosure-charter.html http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/http://secunia.com/ http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.htmlhttp://lists.grok.org.uk/full-disclosure-charter.html http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/http://secunia.com/ http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEVAwUBTqr2iLIvn8UFHWSmAQKk8Qf+MS1xLQGhYgHV0TcKb3OvRYxCt043xCXq bos1xRb+ggAj/AHzaHg9R4jwYKvTO2B6vpLXfUnx3vvQA0Ygu4xAjDxoLEObtz4C hHs62YeL5SGkxFyYVk54l/P26agr+Ev/HnspMdMBGCLc5iqNc/hbL3I23vYzLjEA KwDJjERMk0RAZMHJqZUqYkDEmASo8sCLDqInI8l4BqP5JiD+YoXHMUKjxRESo4TZ l7we1/nE2gOXncfJLwT+fqzIfI6LMgRU6ddxdwmc6QhVIK+dfoLnwVh0lfLSzhXE s250/+Cy3JDo0K2VpdEdu93SBPfsgqAJrKa/3NwQak40oFXEsizkHQ== =Y2jI -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Vulnerabilities in poMMo
Hello list! I want to warn you about multiple security vulnerabilities in poMMo. These are Cross-Site Scripting, Brute Force and Insufficient Anti-automation vulnerabilities. - Affected products: - Vulnerable are all versions of poMMo (poMMo Aardvark PR16.1 and previous versions). -- Details: -- XSS (WASC-08): http://site/pommo/user/pending.php?input=a:2:{s:7:%22adminID%22;b:1;s:5:%22Email%22;s:39:%22%3Cscript%3Ealert(document.cookie)%3C/script%3E%22;} It will work only after initiation of changing password for admin. Which can be done (manually or in automated way) by sending required CSRF request to http://site/pommo/user/pending.php before an attack, or by using IAA vulnerability on http://site/pommo/index.php (after that XSS is working for a long time). Brute Force (WASC-11): http://site/pommo/user/login.php It's possible to reveal e-mails of subscribers (which are logins, at that without passwords), and to receive access to their accounts by revealed e-mails. And also to use e-mails for spam purposes. Insufficient Anti-automation (WASC-21): http://site/pommo/user/subscribe.php?Email=1...@1.com In this functionality there is no protection against automated requests (captcha). Which allows to automatically initiate the process of subscribing on e-mail (which will spammed these e-mails). Timeline: 2011.08.06 - announced at my site. 2011.08.08 - informed developers. 2011.10.28 - disclosed at my site. I mentioned about these vulnerabilities at my site: http://websecurity.com.ua/5315/ Best wishes regards, MustLive Administrator of Websecurity web site http://websecurity.com.ua ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Opera Browser v11.52 - Stack Buffer Overflow Vulnerability (DoS) Full
Title: == Opera Browser v11.52 - Stack Buffer Overflow Vulnerability Date: = 2011-10-28 References: === http://www.vulnerability-lab.com/get_content.php?id=275 http://packetstormsecurity.org/files/106020/opera1152-overflow.txt VL-ID: = 299 Introduction: = Opera is a web browser and Internet suite developed by Opera Software with over 200 million users worldwide. The browser handles common Internet-related tasks such as displaying web sites, sending and receiving e-mail messages, managing contacts, chatting on IRC, downloading files via BitTorrent, and reading web feeds. Opera is offered free of charge for personal computers and mobile phones. Opera does not come packaged with any desktop operating system. However, it is the most popular desktop browser in some countries, such as Ukraine. Opera Mini, which is the most popula mobile web browser as of May 2011, has been chosen as the default integrated web browser in several mobile handsets by their respective manufacturers. Features include tabbed browsing, page zooming, mouse gestures, and an integrated download manager. Its security features include built-in phishing and malware protection, SSL/TLS encryption when browsing HTTPS websites, and the ability to easily[citation needed] delete private data such as HTTP cookies. Opera is known for originating many features later adopted by other web browsers. Opera runs on a variety of personal computer operating systems, including Microsoft Windows, Mac OS X, Linux, and FreeBSD. Editions of Opera are available for devices using the Maemo, BlackBerry, Symbian, Windows Mobile, Android, and iOS operating systems, as well as Java ME-enabled devices. Approximately 120 million mobile phones have been shipped with Opera. Opera is the only commercial web browser available for the Nintendo DS and Wii gaming systems. Some television set-top boxes use Opera. Adobe Systems has licensed Opera technology for use in the Adobe Creative Suite. (Copy of the Vendor Homepage: http://en.wikipedia.org/wiki/Opera_%28web_browser%29) Abstract: = The Vulnerability Laboratory Team discovered a Stack Buffer Overflow Vulnerability (denial of service effect) on Operas new browser v11.52 Report-Timeline: 2011-10-28: Public or Non-Public Disclosure Status: Published Exploitation-Technique: === Remote Severity: = Medium Details: A stack buffer overflow Vulnerability is detected on Operas v11.52 web browser. The bug is located on operas browser when processing to switch between 2 different escape sequences. The vulnerability can result in a remote denial of service application crash. Overwrite of EIP co. is not possible! Vulnerable Module(s): [+] Escape sequence switch --- Debug Logs --- Executable search path is: ModLoad: 0124 01329000 C:\\Program Files (x86)\\Opera\\opera.exe ModLoad: 7743 775b C:\\Windows\\SysWOW64\\ntdll.dll ModLoad: 76a3 76b4 C:\\Windows\\syswow64\\kernel32.dll ModLoad: 765b 765f6000 C:\\Windows\\syswow64\\KERNELBASE.dll ModLoad: 74db 74eb C:\\Windows\\syswow64\\USER32.dll ModLoad: 7555 755e C:\\Windows\\syswow64\\GDI32.dll ... ... ... ... ModLoad: 7504 75075000 C:\\Windows\\syswow64\\WS2_32.dll ModLoad: 74da 74da6000 C:\\Windows\\syswow64\\NSI.dll ModLoad: 7513 751ab000 C:\\Windows\\syswow64\\COMDLG32.dll ModLoad: 7660 7662d000 C:\\Windows\\system32\\Wintrust.dll ModLoad: 767d 768ed000 C:\\Windows\\syswow64\\CRYPT32.dll ModLoad: 7740 7740c000 C:\\Windows\\syswow64\\MSASN1.dll ModLoad: 7495 74963000 C:\\Windows\\system32\\dwmapi.dll ModLoad: 744f 744fb000 C:\\Windows\\system32\\profapi.dll ModLoad: 6fac 6fac9000 C:\\Windows\\system32\\LINKINFO.dll ModLoad: 716e 716e5000 C:\\Windows\\system32\\Msimg32.dll ModLoad: 7453 7456c000 C:\\Windows\\system32\\mswsock.dll ModLoad: 7452 74525000 C:\\Windows\\System32\\wshtcpip.dll ModLoad: 73a9 73aa C:\\Windows\\system32\\NLAapi.dll ModLoad: 73a8 73a9 C:\\Windows\\system32\\napinsp.dll ModLoad: 73a5 73a62000 C:\\Windows\\system32\\pnrpnsp.dll ModLoad: 73a0 73a44000 C:\\Windows\\system32\\DNSAPI.dll ModLoad: 739f 739f8000 C:\\Windows\\System32\\winrnr.dll ModLoad: 6fbf 6fbf6000 C:\\Windows\\System32\\wship6.dll ... ... ... ... ModLoad: 6f28 6f2ae000 C:\\Windows\\system32\\mlang.dll ModLoad: 7350 73508000 C:\\Windows\\system32\\Secur32.dll ModLoad: 6f1a 6f1a8000 C:\\Windows\\system32\\credssp.dll ModLoad: 6eaf 6eb2a000 C:\\Windows\\SysWOW64\\schannel.dll ModLoad: 6fba 6fbec000 C:\\Windows\\system32\\apphelp.dll ModLoad: 6fa4 6fab C:\\Windows\\system32\\ntshrui.dll ModLoad: 7401 74029000 C:\\Windows\\system32\\srvcli.dll ModLoad: 71b2
[Full-disclosure] eFront Enterprise v3.6.10 - Multiple Remote Vulnerabilities
Title: == eFront Enterprise v3.6.10 - Multiple Remote Vulnerabilities Date: = 2011-10-27 References: === http://www.vulnerability-lab.com/get_content.php?id=298 VL-ID: = 298 Introduction: = Tailored with larger organizations in mind, eFront Enterprise offers solutions for the management of companies most valued asset - the people. Based on a coherent approach to human capital management which keeps the workforce actively engaged, the eFront Enterprise platform offers the means of aligning learning programs with business goals to cultivate employee skills and knowledge associated with business performance. eFront Enterprise builds on top of eFront Educational. (Copy of the Vendor Homepage: http://efrontlearning.net/product/efront-enterprise.html) Abstract: = An anonymous Researcher of the Vulnerability Laboratory Team discovered multiple remote vulnerabilties on the eFronts Enterprise CMS v3.6.10 Report-Timeline: 2011-10-20: Vendor Notification 2011-10-21: Vendor Response/Feedback 2011-10-26: Vendor Fix/Patch 2011-10-27: Public or Non-Public Disclosure Status: Published Exploitation-Technique: === Remote Severity: = Critical Details: 1.1 An anonymous Researcher of the Vulnerability Laboratory Team discovered a multiple sql injection vulnerabilities on eFronts Enterprise CMS v3.6.10. The vulnerability allows an remote attacker or local privileged user account(low:trainee) to inject own sql commands/statements over a vulnerable param. Successful exploitation of the sql injection vulnerability can result in dbms cms compromise. Vulnerable Module(s): [+] survey Vulnerable File(s): [+] professor.php Vulnerable Param(s): [+] ?ctg=surveysurveys_ID= [+] ?ctg=surveyscreen_survey= 1.2 An anonymous Researcher of the Vulnerability Lab Team discovered a database disclosure vulnerability on eFronts Enterprise CMS v3.6.10. Successful exploitation can result in a database steal after upgrade or installation of the CMS. Vulnerable Module(s): [+] Install Vulnerable File(s): [+] install.php Vulnerable Param(s): [+] ?step=2upgrade=1 Proof of Concept: = The vulnerabilities can be exploited by remote attackers local low privileged user accounts. For demonstration or reproduce ... 1.1 - SQL Injection Vulnerabilities PoC: http://xxx.com/enterprise/www/professor.php?ctg=surveyaction=previewsurveys_ID=1+and%201=0-- http://xxx.com/enterprise/www/professor.php?ctg=surveyaction=previewsurveys_ID=1+and%201=1-- 1.2 - Database Disclosure Vulnerability PoC: http://www.xxx.com/e-learning/www/install2/install.php?step=2upgrade=1 View Source Solution: = 2011-10-26: Vendor Fix/Patch = http://forum.efrontlearning.net/viewtopic.php?f=15t=3501 Risk: = The security risk of the vulnerabilities are estimated as high(+). Credits: Vulnerability Research Laboratory - Mohammed Abdelkader A. Disclaimer: === The information provided in this advisory is provided as it is without any warranty. Vulnerability-Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability- Lab or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business profits or special damages, even if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. Any modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability- Lab. Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other media, are reserved by Vulnerability-Lab or its suppliers. Copyright © 2011|Vulnerability-Lab -- Website: www.vulnerability-lab.com ; vuln-lab.com or vuln-db.com Contact: ad...@vulnerability-lab.com or supp...@vulnerability-lab.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Maxdome Website - SQL Injection Vulnerability
Title: == Maxdome Website - SQL Injection Vulnerability Date: = 2011-10-26 References: === http://www.vulnerability-lab.com/get_content.php?id=300 VL-ID: = 300 Introduction: = maxdome ist das Video-on-Demand-Angebot der ProSiebenSat.1 Media. Das Pay-per-View-Angebot ist das größte und am meisten genutzte im europäischen Raum. Erhältlich sind aktuelle Filme und Serien, oftmals sogar vor der eigentlichen TV-Ausstrahlung im Free- oder Pay-TV sowie eine Vielzahl an Comedy-Inhalten, Dokumentationen, Sport- und Musikvideos. (Copy of the Vendor Homepage: http://www.maxdome.com) Abstract: = Vulnerability-Lab researcher discovered a remote SQL Injection vulnerability on the famous Maxdome`s Portal (videothek) website. Report-Timeline: 2010-12-14: Vendor Notification 2011-05-07: Vendor Response/Feedback 2011-09-03: Vendor Fix/Patch - CHECK BY US! 2011-10-26: Public or Non-Public Disclosure Status: Published Exploitation-Technique: === Remote Severity: = Critical Details: A remote SQL Injection vulnerability is detected on MaxDomes Videothek Portal website. The vulnerability allows an remote attacker to inject own sql commands over the weak id param request. Vulnerable Module(s): [+] Home Flash Video Componente Picture(s): ../sql1.png Proof of Concept: = The sql injection vulnerability can be exploited by remote attackers. For demonstration or reproduce ... Path: /php-bin/functions/home_flash/ File: homeflash.swf Para: ?id= htmlheadbody titleMaxDome - Remote SQL Injection PoC/title brbr bVersion/b iframe src=http://www.maxdome.de/php-bin/functions/home_flash/homeflash.swf?id=- 1+union+select+1,2,3,4,5,6,7,8,9,10,11,12,@@version,14,15,16,17,18,19,20,21,22,23,24,25,26,27, 28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45--+ width=800 height=800 brbr /body/head/html Reference(s): http://www.maxdome.de/php-bin/functions/home_flash/homeflash.swf?id=- 1+union+select+1,2,3,4,5,6,7,8,9,10,11,12,@@version,14,15,16,17,18,19,20,21,22,23,24,25,26,27, 28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45--+ Risk: = The security risk of the sql injection vulnerability is estimated as critical. Credits: Vulnerability Research Laboratory - N/A Anonymous Disclaimer: === The information provided in this advisory is provided as it is without any warranty. Vulnerability-Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability- Lab or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business profits or special damages, even if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. Any modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability- Lab. Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other media, are reserved by Vulnerability-Lab or its suppliers. Copyright © 2011|Vulnerability-Lab -- Website: www.vulnerability-lab.com ; vuln-lab.com or vuln-db.com Contact: ad...@vulnerability-lab.com or supp...@vulnerability-lab.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Tor anonymizing network Compromised by French researchers
2011/10/28 valdis.kletni...@vt.edu And if I'm reading the French paper right, it basically boils down to If you pwn a significant fraction of the relays, you can compromise the network, Where did you find the paper ? A link plz ! wanna read that. which was a long-known result - the security of Tor is based on the assumption that you can't pwn 40% or 50% of 2,500 nodes in multiple organizations without *anybody* noticing the attacks and raising the alarm. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Facebook Attach EXE Vulnerability
I was basically told that Facebook didn't see it as an issue and I was puzzled by that. Ends up the Facebook security team had issues reproducing my work and that's why they initially disgarded it. After publishing, the Facebook security team re-examined the issue and by working with me they seem to have been able to reproduce the bug. Nathan Power www.securitypentest.com On Fri, Oct 28, 2011 at 11:18 AM, Pablo Ximenes pa...@ximen.es wrote: Not fixed yet. At least not yesterday when I checked. Nathan, didn't Facebook ask for some time to fix this bug after they have acknowledged it? Pablo Ximenes http://ximen.es/http://ximen.es/ http://twitter.com/pabloximeneshttp://twitter.com/pabloximenes Em 27/10/2011, às 19:29, Joshua Thomas rappercra...@gmail.com rappercra...@gmail.com escreveu: can't believe such was on FB wahahaha !!! lol rofl ... When was this discovered and fixed ? On Thu, Oct 27, 2011 at 1:02 AM, Nathan Power n...@securitypentest.comn...@securitypentest.com n...@securitypentest.com wrote: - 1. Summary: When using the Facebook 'Messages' tab, there is a feature to attach a file. Using this feature normally, the site won't allow a user to attach an executable file. A bug was discovered to subvert this security mechanisms. Note, you do NOT have to be friends with the user to send them a message with an attachment. - Read the rest of this advisory here: http://www.securitypentest.com/2011/10/facebook-attach-exe-vulnerability.htmlhttp://www.securitypentest.com/2011/10/facebook-attach-exe-vulnerability.html http://www.securitypentest.com/2011/10/facebook-attach-exe-vulnerability.html Enjoy :) Nathan Power http://www.securitypentest.com http://www.securitypentest.com www.securitypentest.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.htmlhttp://lists.grok.org.uk/full-disclosure-charter.html http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/http://secunia.com/ http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.htmlhttp://lists.grok.org.uk/full-disclosure-charter.html http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/http://secunia.com/ http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Tor anonymizing network Compromised by French researchers
Did you not hear me when I said I don't do blogs? -- Leon Kaiser - Head of GNAA Public Relations - litera...@gnaa.eu || litera...@goatse.fr http://gnaa.eu || http://security.goatse.fr 7BEECD8D FCBED526 F7960173 459111CE F01F9923 The mask of anonymity is not intensely constructive. -- Andrew weev Auernheimer On Fri, 2011-10-28 at 12:19 -0400, valdis.kletni...@vt.edu wrote: On Fri, 28 Oct 2011 07:36:32 MDT, Leon Kaiser said: Bravo! A completely impartial source. Did you actually *read* the posting? There's certainlly someting fishy about the French results - they found 6,000 relays and 181 bridges, when the actual number is closer to 2,500 relays and 600 bridges. (Given that the current list of relays is public info, the blog posting *is* right - any claim the French had a complete *and accurate* idea of the topology is suspect, and being that wrong about the numbers is just sad). I'll note that Phobos was apparently as surprised by the 1/3 of relays are vulnerable claim as I was Also, note that the Tor people have a history of being *very* up front about security problems - if you read the *very next* posting on that blog: https://blog.torproject.org/blog/tor-02234-released-security-patches Somebody else *did* find a hole (believed to be different than whatever the French guys are claiming) - and they came out and admitted there was a hole and released a patch. Oh, and they even point at several other known issues that somebody ambitious could do some research on. ;) And if I'm reading the French paper right, it basically boils down to If you pwn a significant fraction of the relays, you can compromise the network, which was a long-known result - the security of Tor is based on the assumption that you can't pwn 40% or 50% of 2,500 nodes in multiple organizations without *anybody* noticing the attacks and raising the alarm. OK. Maybe they *are* less than completely impartial. But who you gonna believe, the guys who wrote it and tell you what the already-known weaknesses are, or some researchers who can't even get the count of relays anywhere *close* when there's a totally public list of relays available? ;) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Facebook Attach EXE Vulnerability
I would also like to note this vulnerability was reported responsibly in regards to full disclosure. http://en.wikipedia.org/wiki/Full_disclosure Nathan Power www.securitypentest.com On Fri, Oct 28, 2011 at 1:38 PM, Nathan Power n...@securitypentest.comwrote: I was basically told that Facebook didn't see it as an issue and I was puzzled by that. Ends up the Facebook security team had issues reproducing my work and that's why they initially disgarded it. After publishing, the Facebook security team re-examined the issue and by working with me they seem to have been able to reproduce the bug. Nathan Power www.securitypentest.com On Fri, Oct 28, 2011 at 11:18 AM, Pablo Ximenes pa...@ximen.es wrote: Not fixed yet. At least not yesterday when I checked. Nathan, didn't Facebook ask for some time to fix this bug after they have acknowledged it? Pablo Ximenes http://ximen.es/http://ximen.es/ http://twitter.com/pabloximeneshttp://twitter.com/pabloximenes Em 27/10/2011, às 19:29, Joshua Thomas rappercra...@gmail.com rappercra...@gmail.com escreveu: can't believe such was on FB wahahaha !!! lol rofl ... When was this discovered and fixed ? On Thu, Oct 27, 2011 at 1:02 AM, Nathan Power n...@securitypentest.comn...@securitypentest.com n...@securitypentest.com wrote: - 1. Summary: When using the Facebook 'Messages' tab, there is a feature to attach a file. Using this feature normally, the site won't allow a user to attach an executable file. A bug was discovered to subvert this security mechanisms. Note, you do NOT have to be friends with the user to send them a message with an attachment. - Read the rest of this advisory here: http://www.securitypentest.com/2011/10/facebook-attach-exe-vulnerability.htmlhttp://www.securitypentest.com/2011/10/facebook-attach-exe-vulnerability.html http://www.securitypentest.com/2011/10/facebook-attach-exe-vulnerability.html Enjoy :) Nathan Power http://www.securitypentest.com http://www.securitypentest.com www.securitypentest.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.htmlhttp://lists.grok.org.uk/full-disclosure-charter.html http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/http://secunia.com/ http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.htmlhttp://lists.grok.org.uk/full-disclosure-charter.html http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/http://secunia.com/ http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Tor anonymizing network Compromised by French researchers
Did you read the comments? On Fri, Oct 28, 2011 at 3:36 PM, Leon Kaiser litera...@gmail.com wrote: ** Bravo! A completely impartial source. -- *Leon Kaiser* - Head of GNAA Public Relations - litera...@gnaa.eu || litera...@goatse.fr http://gnaa.eu || http://security.goatse.fr 7BEECD8D FCBED526 F7960173 459111CE F01F9923http://pgp.mit.edu:11371/pks/lookup?op=vindexfingerprint=onsearch=0x459111CEF01F9923 The mask of anonymity is not intensely constructive. -- Andrew weev Auernheimer On Fri, 2011-10-28 at 11:58 +0200, Lucas wrote: *Rumors of Tor's compromise are greatly exaggerated :* https://blog.torproject.org/blog/rumors-tors-compromise-are-greatly-exaggerated ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- “There's a reason we separate military and the police: one fights the enemy of the state, the other serves and protects the people. When the military becomes both, then the enemies of the state tend to become the people.” ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Facebook Attach EXE Vulnerability
You know this? ;) https://www.facebook.com/whitehat/bounty/ On Fri, Oct 28, 2011 at 17:49, Nathan Power n...@securitypentest.com wrote: I would also like to note this vulnerability was reported responsibly in regards to full disclosure. http://en.wikipedia.org/wiki/Full_disclosure Nathan Power www.securitypentest.com On Fri, Oct 28, 2011 at 1:38 PM, Nathan Power n...@securitypentest.com wrote: I was basically told that Facebook didn't see it as an issue and I was puzzled by that. Ends up the Facebook security team had issues reproducing my work and that's why they initially disgarded it. After publishing, the Facebook security team re-examined the issue and by working with me they seem to have been able to reproduce the bug. Nathan Power www.securitypentest.com On Fri, Oct 28, 2011 at 11:18 AM, Pablo Ximenes pa...@ximen.es wrote: Not fixed yet. At least not yesterday when I checked. Nathan, didn't Facebook ask for some time to fix this bug after they have acknowledged it? Pablo Ximenes http://ximen.es/ http://twitter.com/pabloximenes Em 27/10/2011, às 19:29, Joshua Thomas rappercra...@gmail.com escreveu: can't believe such was on FB wahahaha !!! lol rofl ... When was this discovered and fixed ? On Thu, Oct 27, 2011 at 1:02 AM, Nathan Power n...@securitypentest.com wrote: - 1. Summary: When using the Facebook 'Messages' tab, there is a feature to attach a file. Using this feature normally, the site won't allow a user to attach an executable file. A bug was discovered to subvert this security mechanisms. Note, you do NOT have to be friends with the user to send them a message with an attachment. - Read the rest of this advisory here: http://www.securitypentest.com/2011/10/facebook-attach-exe-vulnerability.html Enjoy :) Nathan Power www.securitypentest.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Tor anonymizing network Compromised by French researchers
On Fri, Oct 28, 2011 at 8:02 PM, Leon Kaiser litera...@gmail.com wrote: ** Did you not hear me when I said I don't do blogs? Hardly anyone heard you, unless they were in the same room as you. Some of us read you, though. It's a good thing you know, reading. You should try sometime. By the way, have you heard of the Internet, grandpa? I hear it's all the rage nowadays. They say it's even better than Fidonet! -- “There's a reason we separate military and the police: one fights the enemy of the state, the other serves and protects the people. When the military becomes both, then the enemies of the state tend to become the people.” ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Facebook Attach EXE Vulnerability
On 10/28/2011 6:17 PM, Ulises2k wrote: You know this? ;) https://www.facebook.com/whitehat/bounty/ On Fri, Oct 28, 2011 at 17:49, Nathan Powern...@securitypentest.com wrote: I would also like to note this vulnerability was reported responsibly in regards to full disclosure. http://en.wikipedia.org/wiki/Full_disclosure Nathan Power www.securitypentest.com On Fri, Oct 28, 2011 at 1:38 PM, Nathan Powern...@securitypentest.com wrote: I was basically told that Facebook didn't see it as an issue and I was puzzled by that. Ends up the Facebook security team had issues reproducing my work and that's why they initially disgarded it. After publishing, the Facebook security team re-examined the issue and by working with me they seem to have been able to reproduce the bug. Nathan Power www.securitypentest.com On Fri, Oct 28, 2011 at 11:18 AM, Pablo Ximenespa...@ximen.es wrote: Not fixed yet. At least not yesterday when I checked. Nathan, didn't Facebook ask for some time to fix this bug after they have acknowledged it? Pablo Ximenes http://ximen.es/ http://twitter.com/pabloximenes Em 27/10/2011, às 19:29, Joshua Thomasrappercra...@gmail.com escreveu: can't believe such was on FB wahahaha !!! lol rofl ... When was this discovered and fixed ? On Thu, Oct 27, 2011 at 1:02 AM, Nathan Powern...@securitypentest.com wrote: - 1. Summary: When using the Facebook 'Messages' tab, there is a feature to attach a file. Using this feature normally, the site won't allow a user to attach an executable file. A bug was discovered to subvert this security mechanisms. Note, you do NOT have to be friends with the user to send them a message with an attachment. - Read the rest of this advisory here: http://www.securitypentest.com/2011/10/facebook-attach-exe-vulnerability.html Enjoy :) Nathan Power www.securitypentest.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ Facebook has a habit of ignoring issues ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Facebook Attach EXE Vulnerability
On Fri, 28 Oct 2011 20:44:04 CDT, Laurelai said: On 10/28/2011 6:17 PM, Ulises2k wrote: You know this? ;) https://www.facebook.com/whitehat/bounty/ Facebook has a habit of ignoring issues So? That's their problem, not yours. The moral thing to do is to work with them on a responsible disclosure in hopes of a bounty. Then when it becomes apparent they intend to ignore the issue, you've at least tried to do the right thing - so publish and at least score some reputation points. ;) Of course, the devil is in the details - for instance, how long is it responsible to wait if you discover a zero-day that's already being exploited on a large scale? pgpaWm2MC5yZJ.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Facebook Attach EXE Vulnerability
On 10/28/2011 10:03 PM, valdis.kletni...@vt.edu wrote: On Fri, 28 Oct 2011 20:44:04 CDT, Laurelai said: On 10/28/2011 6:17 PM, Ulises2k wrote: You know this? ;) https://www.facebook.com/whitehat/bounty/ Facebook has a habit of ignoring issues So? That's their problem, not yours. The moral thing to do is to work with them on a responsible disclosure in hopes of a bounty. Then when it becomes apparent they intend to ignore the issue, you've at least tried to do the right thing - so publish and at least score some reputation points. ;) Of course, the devil is in the details - for instance, how long is it responsible to wait if you discover a zero-day that's already being exploited on a large scale? When we informed facebook of our discovery ( not this one another one) they ignored us and when asked by the media they denied it was even a problem, I wonder how many people actually have cashed in on that bounty they offered? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Facebook Attach EXE Vulnerability
On Fri, Oct 28, 2011 at 11:15 PM, Laurelai laure...@oneechan.org wrote: On 10/28/2011 10:03 PM, valdis.kletni...@vt.edu wrote: On Fri, 28 Oct 2011 20:44:04 CDT, Laurelai said: On 10/28/2011 6:17 PM, Ulises2k wrote: You know this? ;) https://www.facebook.com/whitehat/bounty/ Facebook has a habit of ignoring issues So? That's their problem, not yours. The moral thing to do is to work with them on a responsible disclosure in hopes of a bounty. Then when it becomes apparent they intend to ignore the issue, you've at least tried to do the right thing - so publish and at least score some reputation points. ;) Of course, the devil is in the details - for instance, how long is it responsible to wait if you discover a zero-day that's already being exploited on a large scale? When we informed facebook of our discovery ( not this one another one) they ignored us and when asked by the media they denied it was even a problem, I wonder how many people actually have cashed in on that bounty they offered? Its funny how that works in practice. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/