It's been confirmed that this is not problem in IE. Sorry I didn't mention
that. Microsoft uses Silverlight:
GET /index.php?page=Poem/Poem.php HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,
application/x-ms-application, application/vnd.ms-xpsdocument,
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200902-04
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - -
For what is is worth...
I'm running MR4 version (11.0.4000.2295) and executing the command under a
non-privileged account does throw a dialog box with the error message. It also
puts an event in the application event log to the effect of Faulting
application smc.exe, version 11.0.4000.2261,
This is a bug in WMP:
http://support.microsoft.com/kb/947541
Firefox should not use WMP though.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01650939
Version: 1
HPSBUX02401 SSRT090005 rev.2 - HP-UX Running Apache Web Server Suite, Remote
Denial of Service (DoS), Cross-site Scripting (XSS), Execution of Arbitrary
Code, Cross-Site
Application: Nokia N95-8
OS: Symbian
--
1 - Description
2 - Vulnerability
3 - POC/EXPLOIT
--
Description
The nokia n95 is a smartphone, this phone have more tools, for example:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hello, folks,
The United Kingdom's Centre for the Protection of National
Infrastructure has just released the document Security Assessment of
the Transmission Control Protocol (TCP), on which I have had the
pleasure to work during the last few
Enomaly ECP/Enomalism: Silent update remote command execution vulnerability
Synopsis
All versions of Enomaly ECP/Enomalism have an insecure silent update mechanism
that could allow a remote attacker to execute arbitrary code as root.
Background
Enomaly ECP (formerly Enomalism) is management
Hey Jon,
I am sorry about the space after the ~, That was a typo.
Its been tested it on all the versions prior to MR4MP1 since the
RTM(11.0.776)
But what's interesting is that the process isn't crashing. But a possible
arbitrary execution of code.
I will do some more research into it to
Software: Samizdat, an open publishing web application written in Ruby
Vulnerability: cross-site scripting
Vulnerable Versions: 0.6.1 and earlier
Non-vulnerable Versions: 0.6.2, Debian package 0.6.1-3lenny1
Patch:
http://samizdat.nongnu.org/release-notes/samizdat-0.6.1-xss-escape-title.patch
Hi,
Probably this bug exists on majorly all the software's but security
software's like antivirus and firewall have to bucket it which is not what
its for SEP.
I have tested it on all versions of SEP from 11.0.776 to 11.0.4000(XP and
2k3)
You can kill smc.exe with the help of drwtsn32.exe
For the users its working for SmcGUI.exe
Please find the code as below.
:here
tasklist | find /i SmcGui.exe c:\pid.txt
FOR /F tokens=2 %%R IN ('TYPE c:\pid.txt') DO SET pidopt=%%R
drwtsn32 -p %pidopt%
goto :here
I have tried it and when let this file run for around 2 mins, The SmcGui.exe
Hi Sandeep,
Are you saying this is supposed to affect 11.0.4000.x? If so, what
sub-sub-minor versions did you test it on?
I just tested this on 11.0.4000.2295 (on a managed client) and all it
did was crash the smc.exe process started by the command you supplied,
not smcgui.exe process. I tested
As an update its not happening for Users account, Though no access denied.
Anyone knows why?
Thank you.
Regards, Sandeep
--
From: Sandeep Cheema 51l...@live.in
Sent: Friday, February 13, 2009 6:18 PM
To: bugtraq@securityfocus.com
Subject:
Just as an update couldn't get any further other than t.he fact that
SMCGui.exe is getting killed as its running in the user account and SMC.exe
in the system account.
Thank you.
Regards, Sandeep
--
From: Sandeep Cheema 51l...@live.in
Sent:
Can't you just disable their ECP VMCasting Production Module Feed to prevent
this behavior?
You are right, but that will require admin privilege. Isn't it ?
Regards, Sandeep
--
From: David Calabro dcala...@transitionalwork.org
Sent: Saturday, February 14, 2009 1:02 AM
To: 'Sandeep Cheema' 51l...@live.in; bugtraq@securityfocus.com
If the Symantec Management Client service was somehow changed from smc.exe to
smc.exe -P it would effectively prevent the service from starting in the
first place. Correct?
-Original Message-
From: Sandeep Cheema [mailto:51l...@live.in]
Sent: Friday, February 13, 2009 12:25 PM
To:
==
Call for Workshop Proposals:
16th ACM Conference on Computer and Communications Security (CCS) 2009
Web page: http://www.sigsac.org/ccs/CCS2009/cfw.shtml
==
On Wed, 11 Feb 2009 security@amxl.com wrote:
DISCLAIMER: THIS SECURITY ADVISORY IS PROVIDED AS-IS, AND WITHOUT ANY
GUARANTEE OF ANY KIND THAT THE INFORMATION IS ACCURATE, OR THAT THE
WORKAROUND, SOLUTIONS, OR PATCHES PROVIDED WILL PROTECT SYSTEMS, OR THAT
THEY WILL NOT CREATE NEW
We have just released the version 1.3 of the RainbowCrack software - the
time-memory tradeoff hash cracker.
A proof of concept implementation of GPU accelerated RainbowCrack is also
available for download.
Visit http://project-rainbowcrack.com/ for more information.
Zhu
Hello everyone,
I noticed last week that the Debian packaged version of cryptsetup has a
little limitation, which could be a security issue for people who have to
destroy their data forever.
It is impossible to destroy a keyslot when you used it to unlock the master
key.
I reported the bug to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
xiash...@gmail.com wrote:
It's been confirmed that this is not problem in IE. Sorry I didn't mention
that. Microsoft uses Silverlight:
GET /index.php?page=Poem/Poem.php HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 1724-1secur...@debian.org
http://www.debian.org/security/ Steffen Joeris
February 13th, 2009
24 matches
Mail list logo