Jira Server - Template injection in various resources - CVE-2019-11581

2019-07-22 Thread Anton Black
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 This email refers to the advisory found at https://confluence.atlassian.com/x/AzoGOg . CVE ID: * CVE-2019-11581. Product: Jira Server and Data Center. Affected Jira Server and Data Center product versions: 4.0.0 <= version < 7.6.14 7.13.0 <=

Bitbucket Server security advisory 2019-05-22

2019-05-23 Thread Anton Black
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 This email refers to the advisory found at https://confluence.atlassian.com/x/V87JOQ . CVE ID: * CVE-2019-3397. Product: Bitbucket Server. Affected Bitbucket Server product versions: 5.13.0 <= version < 5.13.5 5.14.0 <= version < 5.14.3

October 2018 Sourcetree Advisory

2018-10-31 Thread Anton Black
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 This email refers to the advisory found at https://confluence.atlassian.com/display/SOURCETREEKB/Sourcetree+Security+Advisory+2018-10-31 . CVE ID: * CVE-2018-13396. * CVE-2018-13397. Product: Sourcetree. Affected Sourcetree product versions:

Sourcetree - Remote Code Execution vulnerabilities - CVE-2018-11235

2018-07-23 Thread Anton Black
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 This email refers to the advisory found at https://confluence.atlassian.com/sourcetreekb/sourcetree-security-advisory-2018-07-18-953674465.html . CVE ID: * CVE-2018-11235. * CVE-2018-13385. * CVE-2018-13386. Product: Sourcetree. Affected

Re: /proc filesystem allows bypassing directory permissions on Linux

2009-10-26 Thread Anton Ivanov
to the file, can't he? So why do you believe that pretension legitimate? -- Understanding is a three-edged sword: your side, their side, and the truth. --Kosh Naranek A. R. Ivanov E-mail: aiva...@sigsegv.cx WWW: http://www.sigsegv.cx/ pub 1024D/DDE5E715 2002-03-03 Anton R. Ivanov

Re: /proc filesystem allows bypassing directory permissions on Linux

2009-10-26 Thread Anton Ivanov
ramifications. Cheers, -- Understanding is a three-edged sword: your side, their side, and the truth. --Kosh Naranek A. R. Ivanov E-mail: aiva...@sigsegv.cx WWW: http://www.sigsegv.cx/ pub 1024D/DDE5E715 2002-03-03 Anton R. Ivanov ariva...@sigsegv.cx Fingerprint: C824 CBD7 EE4B

Re: /proc filesystem allows bypassing directory permissions on Linux

2009-10-26 Thread Anton Ivanov
On Sat, 2009-10-24 at 21:39 +0400, Dan Yefimov wrote: On 24.10.2009 20:59, Anton Ivanov wrote: Not to tell about that /proc/PID/fd/ contains only symbolic links, not files, so I can't understand, how the original reporter managed to gain access to the file in the restricted directory

Re: /proc filesystem allows bypassing directory permissions on Linux

2009-10-26 Thread Anton Ivanov
Not that I would have expected anything different considering who posted it in the first place. Thus Debian kernel team should be blamed for that misbehaviour. Don't worry, hardlinks behave just the same way, as you describe. Use authentic Linux kernels, if you dislike that. Just

Re: recursive DNS servers DDoS as a growing DDoS problem

2006-04-04 Thread Anton Ivanov
. Personally, I would not do it (there are failure cases which will not be covered), but nothing prevents an oversealous BOFH from doing it. - -- A. R. Ivanov E-mail: [EMAIL PROTECTED] WWW: http://www.sigsegv.cx/ pub 1024D/DDE5E715 2002-03-03 Anton R. Ivanov [EMAIL PROTECTED] Fingerprint: C824

Re: recursive DNS servers DDoS as a growing DDoS problem

2006-04-03 Thread Anton Ivanov
save resources so on the balance of things they are worth it even without getting into the aspects of mitigating DDOS attacks. They are not that hard to implement either. [snip] -- A. R. Ivanov E-mail: [EMAIL PROTECTED] WWW: http://www.sigsegv.cx/ pub 1024D/DDE5E715 2002-03-03 Anton R. Ivanov

Re: recursive DNS servers DDoS as a growing DDoS problem

2006-03-27 Thread Anton Ivanov
antispoofing on access networks. It is the same story as with smurf and broadcast amplification 7 years ago. It is time to put up a name and shame list out there. - -- A. R. Ivanov E-mail: [EMAIL PROTECTED] WWW: http://www.sigsegv.cx/ pub 1024D/DDE5E715 2002-03-03 Anton R. Ivanov [EMAIL

Re: Microsoft Windows CreateRemoteThread Exploit

2005-12-02 Thread Anton
It is functioning as designed: Once you have enough permissions to call OpenProcess on some process, be it firewall or antivirus, you can do with it whatever you wish, in Your case create invalid thread. On 1 Dec 2005 10:01:51 -, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Microsoft Windows

Re: single-DES phase 1

2001-02-28 Thread Anton Rager
.A better list would be a comprehensive summary of additional IKE methods and transforms supported, as well as additional ESP methods and transforms supported by different vendors. Anton Rager __ Do You Yahoo!? Get email at your own domain wi

Re: Nortel CES (3DES version) offers false sense of security when usi ng IPSEC

2001-02-27 Thread Anton Rager
is the only IPSec/IKE implementation I know of that is paranoid enough to drop both DES and DH 768MODP completely. Anton Rager __ Do You Yahoo!? Get email at your own domain with Yahoo! Mail. http://personal.mail.yahoo.com/

Re: ProFTPD

1999-08-30 Thread Krzysztof Anton
Hi! If you want to disable this fast on your ProFTPD, just add: PathAllowFilter ".*/[A-Za-z0-9]+-$" Greetz. -- Krzysztof Anton, [EMAIL PROTECTED] http://www.powernet.pl/~kloss GSM/SMS: +48-601-276972 IRC: Mr_Kloss "In Cyberspace No One Can Hear Your Scream..."