Hello Bugtraq!
I want to warn you about Cross-Site Scripting vulnerability in Tagcloud
plugin for DataLife Engine (DLE). Which I found at 07.01.2010.
It is similar to XSS vulnerability in 3D Cloud for Joomla
(http://websecurity.com.ua/3883/). About millions of flash files
tagcloud.swf which are
Hello Sebastien!
You can confirm it by yourself. Just find a site on XAMPP (Google can help
you with it) and check the holes using PoCs which I provided.
and what target of xampp is it ? win32 ? linux ?
As far as I remember last year when I found all these vulnerabilities in
XAMPP, it was XAM
Dear Dan,
> The bug here is that out-of-path symlinks are remotely writable. ...
You mean "creatable".
> ... the fact that he can *generate* the symlink breaks ...
Nothing breaks if the admin sets "wide links = no" for that share: the
link is not followed.
> But Samba supports dropping a user
|--|
| __ __ |
| _ / /___ _ / / _ ___ |
| / ___/ __ \/ ___/ _ \/ / __ `/ __ \ / __/ _ \/ __ `/ __ `__ \ |
| / /__/ /_/ / / / __
ActiveX component contains insecure method that can overwrite any file in
system
Digital Security Research Group [DSecRG] Advisory #DSECRG-09-065
Application: TVUPlayer
Versions Affected: Tested on v2.4.9beta1[build1797]
Vendor URL: www.tvunetworks.com
Bugs:
I find it puzzling how this discussion, including the official Samba
response
http://www.samba.org/samba/news/symlink_attack.html
fails to consider whether the mentioned configuration (when admin sets
non-default "writeable = yes" but leaving default "wide links = yes")
allows write access to t
Dear Thierry,
> Of course you could disable ... but is it by enabled default?
Hmm... looking at
http://www.samba.org/samba/docs/man/manpages-3/smb.conf.5.html#WRITEABLE
http://www.samba.org/samba/docs/man/manpages-3/smb.conf.5.html#READONLY
it seems that writeable is off by default: a Samba insta
Dan Kaminsky wrote:
[...]
> (On a side note, you're not going to see this sort of symlink stuff on
> Windows,
What exactly do you mean?
Traversing symlinks on the server/share, or creation of "wide" symlinks
by the client on the server/share?
Since Windows 2000 NTFS supports "junctions", which
Product : LDF
vendor : www.ldf.22.cn
Vulnerable Versions : All
Default.asp Page has an issue on validating "Page" parameter , It could be
exploited by attacker & attacker can inject arbitrary Sql Commands
http://www.example.com/[ldf path]/default.asp?page=[SQL COMMAND]
#
# Securitylab.ir
#
# Application Info:
# Name: mongoose
# Version: 2.8
# Download: http://code.google.com/p/mongoose/downloads/list
#
[MajorSecurity Advisory #65]Motorola Milestone Smartphone Denial of Service
Details
Product: Motorola Milestone(Droid) Smartphone
Security-Risk: low
Remote-Exploit: yes
Vendor-URL: http://www.motorola.com/
Vendor-Status: informed
Advisory-Status: published on 02-02-2010
Cr
Dear Kingcope,
> Turning off symlink support in samba closes the hole but then no
> access to symlinks created by the administrator is possible ...
Correct.
Maybe what you want is for Samba to add and support an option like
"allow create symlink" (with default "no"). I myself do not think it
wou
Hi Paul,
Facts :
- Several distributions run with vulnerable settings per default
if there is a "misconfiguration" it is part of the vendor.
- Your not supposed to be able to traverse dirs.
Consequence it is a vulnerability, whether you can mitigate it is
a different piece of cake.
Next time s
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c02002298
Version: 1
HPSBMA02487 SSRT100024 rev.1 - HP Operations Agent Running on Solaris 10,
Remote Unauthorized Access
NOTICE: The information in this Security Bulletin should be acted upon
Vulnerabilities
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01997760
Version: 1
HPSBUX02503 SSRT100019 rev.1 - HP-UX Running Java, Remote Increase in
Privilege, Denial of Service and Other
Vulnerabilities
NOTICE: The information in th
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2010:034
http://www.mandriva.com/security/
http://blog.metasploit.com/2010/02/exploiting-samba-symlink-traversal.html
--
http://blog.zoller.lu
Thierry Zoller
On Feb 6, 2010, at 5:26 PM, "Stefan Kanthak"
wrote:
Dan Kaminsky wrote on February 06, 2010 6:43 PM:
You need admin rights to create junctions.
OUCH!
No, creating junctions (as well as the Vista introduced symlinks)
DOESN'T need admin rights!
[snip]
Really? Try. Especially remot
> From: Stefan Kanthak [mailto:stefan.kant...@nexgo.de]
> Sent: Saturday, 06 February, 2010 08:21
>
> Dan Kaminsky wrote:
>
> [...]
>
> > (On a side note, you're not going to see this sort of symlink stuff
> > on Windows,
>
> What exactly do you mean?
> Traversing symlinks on the server/share,
Hello Paul,
First and foremost I did not know about the configuration setting which
closes the bug when i posted the advisory. So this was my mistake.
But for the most servers which are not entirely hardened (and my
assumption is that this applies to many servers in internal networks)
the traversa
You need admin rights to create junctions. At that point, path
constraints aren't relevant, just psexec and get not only arbitrary
path but arbitrary code.
The fix is to do what everybody with a directory traversal bug has to
do, block out of path relative directories. In this specific case
- Night Da Hack 2010
Date: June 19-20 2010
Time: 4 PM - 7 AM
Location: Paris, France
What is Night da Hack?
“Night da Hack” comes from a rough translation from French “Nuit du Hack”.
Started in 2003 by Hackerz Voice team, and inspired by world famous DEF CON,
“Nuit du Hack” is one of the oldest
Dear Kingcope,
The samba server follows symlinks by default. There are options
("follow symlinks", "wide links") for turning it off:
http://www.samba.org/samba/docs/using_samba/ch08.html#samba2-CHP-8-SECT-1.2
http://www.samba.org/samba/docs/man/manpages-3/smb.conf.5.html#FOLLOWSYMLINKS
http://www
Dan Kaminsky wrote on February 06, 2010 6:43 PM:
> You need admin rights to create junctions.
OUCH!
No, creating junctions (as well as the Vista introduced symlinks)
DOESN'T need admin rights!
[snip]
Stefan
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -- Product
JDownloader[1] is an open source download manager for One-Click-
Filehoster like Rapidshare or Megaupload. The Click'n'Load[2] interface
allows external applications and websites to send URLs to the local
running JDownloader. With Click'n
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Core Security Technologies - CoreLabs Advisory
http://www.coresecurity.com/corelabs/
Multiple Vulnerabilities with 8.3 Filename Pseudonyms in Web Servers
1. *Advisory Information*
Title: Multiple Vulnerabilities with 8.3 Filename
26 matches
Mail list logo
