Confirmed on some 3.8.6 version.
Thanks for spreading this :)
-Original Message-
From: advisor...@intern0t.net [mailto:advisor...@intern0t.net]
Sent: jeudi 22 juillet 2010 20:17
To: bugtraq@securityfocus.com
Subject: vBulletin - Critical Information Disclosure
Versions Affected: 3.8.6 (O
c.exe process that was started by the command
that crashed, not the smcgui.exe process.) And yes, I tried adding the
space after the tilde as you originally quoted in the email :)
Regards,
Jon.
ps: A list of smc.exe command line parameters is available here:
http://service1.symantec.com/SUPPORT/
Parser Unspecified Remote Overflow
41518 2008-02-04 IBM OS/400 V5R3M0 / V5R4M0 HTTP Server Expect HTTP
Header XSS
46082 2008-06-06 IBM OS/400 BrSmRcvAndCheck Boundary Error Local Overflow
I hope this summary is of use.
Now, if we can only get some of the vulnerability assessment ve
raises a couple of questions:
1) Is anyone really doing any vulnerability research in this area?
2) Are the boxes really just unstable to malformed network data, but
not exploitable?
THANKS!
Jon Kibler
- --
Jon R. Kibler
Chief Technical Officer
Advanced Systems Engineering Technology, Inc
On Wed, May 14, 2008 at 05:20:52PM -, [EMAIL PROTECTED] wrote:
> It appears there is little that web servers can do to thwart this,
> short of changing all '+' characters to %2B. That seems excessive.
To be fair, this is what Microsoft has recommended, explicitly for the
purpose of preventing
Business and IT Security Efforts
-- Emerging Threats and Technology Trends
-- Computer and Communications Law
Contact:
Dr. John Stamey
Coastal Carolina University
[EMAIL PROTECTED]
Jon Kibler
--
Jon R. Kibler
Chief Technical Officer
Advanced Systems Engineering Technology, Inc
All,
Due to the package compromise of 1.4.11, and 1.4.12, we are forced to
release 1.4.13 to ensure no confusions. While initial review didn't
uncover a need for concern, several proof of concepts show that the
package alterations introduce a high risk security issue, allowing
remote inclusion of
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
All,
It has been brought to our attention that the MD5 sums for the 1.4.12
package were not matching the actual package. We've been
investigating this issue, and uncovered that the package was modified
post release. This was believed to have been ca
/hell/save.php > /dev/null
2&>/dev/[EMAIL PROTECTED]@[EMAIL PROTECTED]@Trying to connect to %s port %d
------
Jon Lewis | I route
Senior Network Engineer | therefore you are
Atlantic Net
On Thu, Jun 14, 2007 at 05:31:14PM -0400, John M. Martinelli wrote:
> It is up to the editors of the board to decide whether this
> vulnerability is fact or fiction. They don't post incorrect
> vulnerability information.
Um, no, actually they mostly just post whatever you send them.
Whether this
On Sat, Jun 02, 2007 at 08:15:09PM -, [EMAIL PROTECTED] wrote:
> if [ "$X" = "y" ];then
> telnet $victamIP $victamport
Um, is it just me, or does this "exploit" do nothing at all?
Author: Jon Oberheide <[EMAIL PROTECTED]>
Date:Wed, April 11th, 2007
Summary
===
Application: Cosign Single Sign-On
Affected Versions:2.0.1 and previous
Vendor Website: http://weblogin.org
Type of Vulnerability:Authentication Bypass -
Author: Jon Oberheide <[EMAIL PROTECTED]>
Date:Sun, February 18th, 2007
Summary
===
Application: libevent
Affected Versions:1.2 - 1.2a
Vendor Website: http://monkey.org/~provos/libevent/
Type of Vulnerability:Denial of Service - Remote
Back
ested yet) on FreeBSD6 (and maybe on some other BSD flavors).
And of course, it wouldn't be complete without a python port:
http://jon.oberheide.org/projects/0trace/
Regards,
Jon Oberheide
--
Jon Oberheide <[EMAIL PROTECTED]>
GnuPG Key: 1024D/F47C17FE
Fingerprint: B716 DA66 8173 6
LFT is similar to tcptraceroute in that it uses TCP SYN probes. As
Michal stated in his original message, 0trace is different as it
piggybacks on an already established TCP connection.
Regards,
Jon Oberheide
On Tue, 2007-01-09 at 09:03 +0100, Alessandro Dellavedova wrote:
> Hi,
>
s it'll give admins one less way
to shoot themselves in the foot. Similar to how most *nix admins `alias
mv='mv -i'`.
-jon
I was looking through the feedsplitter.php script avaiable from
http://chxo.com/software/feedsplitter/, version 2006-01-21 (revision 1.7
according to the RCS $Id$, but that looks out of date) today, and noticed a few
problems. (Background: feedsplitter turns RSS feeds into HTML or javascript so
by Cisco DDTS
CSCse47646, and fixed in version 4.2.1 and newer.
Enjoy,
-jon
#!/usr/bin/perl
#
# Cisco/Protego CS-MARS < 4.2.1 remote command execution, system compromise
# via insecure JBoss installation.
#
# Fully functional POC code by Jon Hart <[EMAIL PROTECTED]>
#
# Addressed in CSCse47
ELsmp (provided with RH EL 4 update 1) is also
vulnerable.
If this is the case of backporting, this should come as no surprise. If
it is not a backport issue, what vulnerability is being exploited on
these supposedly older kernels?
-jon
ur systems and the way
things are presently done are as a result of that testing. However,
count thoroughly on continued improvements based on continued testing.
However, we do not make Truecrypt, we make PGP. The Truecrypt people
make Truecrypt.
Jon
--
Jon Callas
CTO, CSO
PGP Co
he core of this, there is a very complex issue. We're discussing if
we should do something in response to the real issue here. But the
base issue, that there is some flaw in PGP and Truecrypt and other
software that only an idiot could have let out is flat out false.
Jon
--
Jon
s put on the web and posted on
bugtraq. Had we been contacted, we could discuss this in private rather than
have to air the details of this misunderstanding in a public forum. I am truly
sorry for the sake of the Information Security Institute of Quebec and its
staff that this complex issue has turne
erwise.
TIA for your opinions!
Jon Kibler
--
Jon R. Kibler
Chief Technical Officer
A.S.E.T., Inc.
Charleston, SC USA
(843) 849-8214
==
Filtered by: TRUSTEM.COM's Email Filtering Service
http://www.trustem.com/
No Spam. No Viruses. Just Good Clean Email.
Wow...this is definitely a big can of worms to open...
I both agree and disagree with your stance. Hopefully I'm caffeinated
enough to express my reasoning clearly.
While I don't feel like elaborating too much, my drive to become an
InfoSec professional was driven mostly by the hacker
scene/cult
Windows .wmf vulnerability, look here:
http://secunia.com/advisories/18255/
JTP
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Tuesday, December 27, 2005 3:20 PM
To: bugtraq@securityfocus.com
Subject: Is this a new exploit?
Warning the following URL success
PGP Desktop 9.0.4 that includes this fix. We expect to release PGP
Desktop 9.0.4 next Wednesday, 21 Dec 2005.
Jon
--
Jon Callas
CTO, CSO
PGP Corporation Tel: +1 (650) 319-9016
3460 West Bayshore Fax: +1 (650) 319-9001
Palo Alto, CA 94303 PGP: ed15 5bdf cd41 adfc 00f3
d responsive and is a
pleasure to work with. We are working now to investigate this issue
thoroughly and come up with the best solution for our customers.
Jon
--
Jon Callas
CTO, CSO
PGP Corporation Tel: +1 (650) 319-9016
3460 West Bayshore Fax: +1 (650) 319-9001
Palo Alto, C
t must be met for this (or similar)
attacks to work properly -- /var/run/sudo/$USER/ must exist. This means
that the user must have previously sudo'd at lease once and
/var/run/sudo/$USER/ will have been created.
I'm sure there are ways to work around this, but in my experiments,
/var/run/sudo/$USER/ must exist if you hope to exploit something like
this with the predictable file name creation + symlink trick.
-jon
Javi Lavandeira <[EMAIL PROTECTED]> wrote:
> You seem to be forgetting about PHP's safe_mode, disable_functions
> and open_basedir directives. If configured properly, a user in a
> server with PHP support should not be able to execute commands, read
> other users' files or do anything outside his d
re of.
Thanks,
Jon Larabee
ng at and ended up not being terribly clear. Hope that makes sense.
Jon.
attached for those who really do not see my point.
This is bound to be covered somewhere, I just want to get viewpoints.
Jon.
/* sigtest.c
* A quick and dirty hack for proof of concept exploit against local Solaris
* system scripts which have +x permission without +r. This allows the user
o get these things right, and
we're trying to eschew boilerplate, as boilerplate licenses frequently have things in
them none of us like. Send me mail, let me know what you find confusing, and I'll
look at it personally.
Jon
--
Jon Callas
CTO, CSO
PGP Corporation
3460 West Bayshore
Palo Alto, CA 94303
>From what I have received personally from my post, 2 * resolution_height
sounds like a good idea.
Jon
> -Original Message-
> From: Keith Warno [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, June 13, 2002 9:48 AM
> To: 'Tom'; [EMAIL PROTECTED]
> Subject: R
thing that we
discuss in this thread.
Unfortunately, there is no easy answer because we put our dependence on a
3rd party library. This thread leaves a funny taste in my mouth.
Jon
le, I found that the limit for
Passport passwords is 15 characters (mine was longer). This is
(obviously) much more difficult to brute force than an 8 character
password, but unpublished password limits piss me off.
-jon
--
[EMAIL PROTECTED] || www.divisionbyzero.com
gpg key: www.divisionbyzero.com
During the infection phase of Code Red (on the 19th) we wrote a small tool
for research purposes.
This tool read in logs of machines sending the default.ida attack and connected
back to them on port 80, made a GET request and dumped the resulting data.
This tool was run continuously from 3 un
ystem32\cmd.exe+c:\inetpub\scripts\
shell.exe" 404 -
The machine that sent that to me had that same web page up, and I
also got one from a different IP (on the same subnet) a few hours
before that. That was a week ago though - July 13...
--
Jon-o Addleman
Laurent Sintes <[EMAIL PROTECTED]> wrote:
> extra_cmd = php_escape_shell_arg(Z_STRVAL_PP(argv[4]));
>
> But it is not a suffisant check because php_escape_shell_arg
> does not escape all charaters.
False. escape_shell_arg will successfully escape all characters from
shells.
Login incorrect
However, just another example of a company leaving their users open to stupid attacks,
hacks and providing DDoS ammo. Cayman, please require the user to set BOTH passwords
before doing anything else and/or at least warn them...
Thanks,
Jon
On 11-Jul-2001, Russell Handorf wr
doesn't seem to work on OpenBSD 2.6:
foo:/tmp$ uname -mrsv
OpenBSD 2.6 GENERIC#696 i386
foo:/tmp$ whoami
jon
foo:/tmp$ ./vvopenbsd
Written by Georgi Guninski
Shall jump to dfbfde1d
Started pid1=22257 target=22257
Attached!
sig=4479 Suspended (signal)
eip=400543c7 esp=dfbfdb74
exiting
ex
> (http://www.chinansl.com)
What is with this Copyright stuff?
#1. Please report security issues to [EMAIL PROTECTED] and/or
[EMAIL PROTECTED] first. It seems like that is a common
courtesy.
#2. Please test against the latest Tomcat 4.0 which is 4.0b2. I believe that
this has already been fixed.
p.s. Your [EMAIL PROTECTED] email address bounces.
-jon
HKLM\Software\TrendMicro\ScanMail for Exchange\RemoteManagement
HKLM\Software\TrendMicro\ScanMail for Exchange\UserInfo
The vendor is implementing a new encryption method that will be
available in version 5.1 of ScanMail for Exchange.
4. Credits
This vulnerability was discovered and researche
ct that it isn't).
I also may have missed your posting, but giving advance notice to
[EMAIL PROTECTED] and/or [EMAIL PROTECTED] would be more
appropriate than posting to bugtraq first.
thanks,
Jon S. Stevens
[EMAIL PROTECTED]
ASF Member
PMC Member - Jakarta Group
--
If you come from a Perl or
is by design. It is mentioned
in every Novell manual I've read, and is well known.
It's a fact of life, Printers need to log in to get to the queue
directories. Just don't assign rights to the container that queues are
in.
jon
--
.Jonathan J. Miner
racle or anyone else that they would notify [EMAIL PROTECTED] directly so
that the matter can be resolved quickly.
thanks,
-jon stevens
[EMAIL PROTECTED]
> Patch for Potential Vulnerability in the execution of JSPs outside
> doc_root
>
> Description of the problem
> A potential securit
Didn't work on an IBM 770 laptop with fat32. Opened 40,000 files with no
remarkable events.
Here is the system summary:
Also, I should add that I had 5 folders opened and one IE 5 browser
session going. No email or outlook running.
System Information report written at: 03/01/2000 12:03:36 PM
d HP about
the bug several weeks ago, and they have not yet released a patch. The
following sample code will demonstrate the problem, but a better exploit
could probably be written.
Jon Hittner
#!/usr/bin/perl
#
# Jon Hittner
# Raise the memory size for omnilnet until Windows NT crashes
# Te
e 3 dots in it. The real domain
is .com.au. (notice the trailing dot). All FQDNs end in a trailing
dot. However, that clearly violates the intent behind the
restriction. On the other hand, bugs in the domain verification of
cookies are dirt common, so this could be allowed because it'
m was often broken, so I've
been using crypt-pw for nearly a year.
------
Jon Lewis *[EMAIL PROTECTED]*| Spammers will be winnuked or
System Administrator| nestea'd...whatever it takes
Atlantic Net| t
ets of letters:
You type: abcd
Transmits: VUTS
You type: ABCD
Transmits: vuts
Thanks to Joe Munson for helping debug this and coming up with the Secret
Decoder Ring reference (which reminded me of the Little Orphan Annie Ring,
that only says to drink more Ovaltine, in the Christmas Story).
--
to be using SCO Doctor or some other such Skunkware utility should
uninstall it until patches can be made. Not all of us in support want to
wait six months for the next release supplement to fix problems critical
to our systems.
--
Jon Mitchell
Systems Engineer, Subject Wills and Company
[EMAIL
;s more likely at this point that Hybrid will
merely check the source address (!) of the packets, and compare those
addresses with a table configured by the provider.
I'd like to believe that Hybrid will fix this in a sane way, but since
they're remaining hush-hush about the fix, I think t
2.168.1.3: icmp: echo request (DF)
There is a package for hunt that is part of the 'potato' distribution of
Debian GNU/Linux. I'm not aware of any RPM's.
Jon
[EMAIL PROTECTED]
54 matches
Mail list logo
