Liferay 6.1 can be compromised without having an account on the portal
Description:
Liferay Portal is an enterprise portal written in Java
Liferay in it's default configuration exposes a number of remotely
accessible webservices.
Access to these services is restricted by an ip block.
It is poss
Guests can view names and emailadresses of all Liferay users in liferay 6.1
Description:
Liferay Portal is an enterprise portal written in Java
As an unauthenticated user it is possible to retrieve the names and
email adresses of all Liferay users.
To retrieve a list of all users simply issue th
Liferay users can assign themselves to organizations, leading to
possible privilege escalation
Description:
Liferay Portal is an enterprise portal written in Java
Due to insufficient permission checking in the updateOrganizations
method of UserService any user
can assign hem or her self to any o
Specially crafted webdav request allows reading of local files on liferay 6.0.x
Description:
Liferay Portal is an enterprise portal written in Java
By creating a specially crafted webdav request that contains an
external entity it is possible to read files from a liferay server.
and echo these b
Liferay 6.1 can be compromised in its default configuration
Description:
Liferay Portal is an enterprise portal written in Java
By utilizing the json webservices exposed by the platform you can
register a new user with any role in the system, including the built
in administrator role.
The proble
Specially crafted Json service request allows full control over a
Liferay portal instance
Description:
Liferay Portal is an enterprise portal written in Java
By doing a single http request you can reconfigure Liferay to use a
remote Memcached cache instead of it's own cache.
http://vulnerableho
WinSCP - URI Handler Command Switch Parsing
About winscp :
WinSCP is an open source freeware SFTP client for Windows using SSH.
Legacy SCP protocol is also supported. Its main function is safe copying
of files between a local and a remote computer.
Versions affected :
It was tested on WinSCP 3.
be difficult to
get this to work on just about any site
--jelmer
- Original Message -
From: "GreyMagic Software" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, June 17, 2003 12:09 PM
Subject: [Full-Disclosure] Cross-Site Scripting in Unparsable XML File
>> I don't know if anybody pointed it out before...
yes i did, see http://msgs.securepoint.com/cgi-bin/get/bugtraq0302/12.html
- Original Message -
From: "Adam [ckkl]" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Sunday, March 23, 2003 3:10 AM
Subject: IE - reading local files
>
I believe from ie6 SP1 on IE doesn't open any mht files directly from the
web anymore.
from the local filesystem it still works though.
- Original Message -
From: "Tom Tanaka" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, March 10, 2003 5:30 AM
Subject: .MHT Buffer Overflow in
We allready knew pressing the back button on IE is dangerous
(http://online.securityfocus.com/archive/1/267561) So it wont come as a
total shock
that so is clicking a link :)
The problem lies in the dragdrop method that was added as a method on
nearly all HTML elements in ie5.5 This method makes
nds then a 1000
method caching bugs.
Very nice work indeed.
I'll cc this to bugtraq for clarity sake
--
jelmer
- Original Message -
From: "Andreas Sandblad" <[EMAIL PROTECTED]>
To: "jelmer" <[EMAIL PROTECTED]>
Sent: Friday, November 08, 2002 4:34 PM
The external method flaw also seems to affects my ie6 sp1 browser
--
jelmer
- Original Message -
From: "GreyMagic Software" <[EMAIL PROTECTED]>
To: "Bugtraq" <[EMAIL PROTECTED]>
Sent: Tuesday, October 22, 2002 5:24 PM
Subject: Vulnerable cached
It throws a permission denied exception on my MSIE 6 SP1 + all patches in
place
MSIE 6.0.2600. is way old
--
jelmer
- Original Message -
From: "Liu Die Yu" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, October 21, 2002 4:16 PM
Subject:
It throws a permission denied exception on my MSIE 6 SP1 + all patches in
place
MSIE 6.0.2600. is way old
--
jelmer
- Original Message -
From: "Liu Die Yu" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, October 21, 2002 4:16 PM
Subject:
So you want to browse anonymously
- You have disabled cookies
- You have disabled the media player ID
(http://www.computerbytesman.com/privacy/supercookie.htm)
- and you have disallowed storing of userData on your pc
(http://news.com.com/2100-1023-245556.html?legacy=cnet&tag=st.ne.1002.tgif.ni)
The following message apperently bounced the first time i send it :s
Flash player can read local files
Description
There is a flaw in the macromedia flash player wich allows reading and
sending of local files
The flaw lies in the fact that when a flash movie is loaded from a remote
smb share i
ite however the content is under your
control. Thus you can create fake login screens etc without raising
suspicion
--
jelmer
- Original Message -
From: "Dave Ahmad" <[EMAIL PROTECTED]>
To: "Liu Die Yu" <[EMAIL PROTECTED]>
Sent: Wednesday, September 04, 200
match = pattern.test(text);
} catch(exception) {
}
}
- Original Message -
From: "Avleen Vig" <[EMAIL PROTECTED]>
To: "Jelmer" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Saturday, August 17, 2002 8:31 PM
Subject: Re: Internet explorer can read local fi
This one was missed by security focus .
Lets try again
--
jelmer
- Original Message -
From: "Jelmer" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Sunday, August 11, 2002 1:28 AM
Subject: newly released winamp 3 fails to address serious "execution of
ava\javalog.txt
Those who have been following HTTP-EQUIV's discovery will realise that
this is extremely dangerous, as it will allow execution of arbitrary
code
However since this feature is disabled by default it can be considered
to be very low risk
--
jelmer
lasspath
from a local file.
It gets nasty when you add a tag to the head
section, the applet now thinks it's codebase is local
and you are allowed to read local xml files
So this snippet will read c:\jelmer.xml
setTimeout("showIt()",2000);
function showIt() {
v
bit messy but gets the job done. It works by using css expressions (a
feature afaik native to Internet explorer) in the style tag.
--
jelmer
- Original Message -
From: "<-delusion->" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent:
.---..--
/ \ __ /--
/ / \( )/-
// ' \/ ` ---
/ // :: ---
// / / /`'--
// //..\\
UUUU
'//||\\` Macromedia Flash plugin can read local files
Description :
Macromedia F
veral months
and as far as I know they are still looking.
--
jelmer
- Original Message -
From: "Next Generation Insight Security Research Team"
<[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Friday, August 02, 2002 3:59 AM
Subject
It would seem that I opened up a can of worms when i created my icq +
msie advisory the other day
Wich presented a new way to execute arbitrary code on a users machine
Java webstart is equally vulnerable
Java webstart is a revolutionary way of deploying java applications and
comes standard with j
It would seem that I opened up a can of worms when i created my icq +
msie advisory the other day
Wich presented a new way to execute arbitrary code on a users machine
winamp is equally vulnerable
Winamps starts skin files with the extention wsz and the mime type
interface/x-winamp-skin automatic
>>Outline<<
I was about to put on a home page
right after I discovered it [and still had a hope that I will be
that one who will finally destroy the world :>]:
Well i dont know if it will destroy the world, but sure enough it's enough
to destory a small portion off it :)
Actually i found the
28 matches
Mail list logo
