http://www.gnucitizen.org/blog/remote-desktop-command-fixation-attacks

Security in depth does not exist! No matter what you do, dedicated
attackers will always be able to penetrate your network. Seriously!
Information security is mostly about risk assessment and crisis
management.

When it comes to

[ more ]  [ reply ]

########################################################################
#################################

# wmtrssreader joomla component 1.0 Remote File Include Vulnerability

Component : com_wmtrssreader version 1.0

Download script : http://www.webmaster-tips.net/flash-rss-reader.html

[ more ]  [ reply ]

Hello,

We would like to announce that we have released a patch of ideal_process.php after release 3.3 beta has been issued.

There was a vulnerability which permitted a site visitor to view paths to certificates and private key of the merchant for the iDEAL payment gateway.

All releases incl

[ more ]  [ reply ]

3Com 3CRWER100-75 is a wireless cable/DSL router (widely used here, in
israel).

The router has a web management interface in it's port 80 (available from
inside the network).

When the administrator assign a virtual server to port 80 (In the management
web filled under the firewall tab) and th

[ more ]  [ reply ]

Hello,

Cisco PSIRT is aware of the three videos IRM Plc. published on their
web site at <http://www.irmplc.com/index.php/153-Embedded-Systems-Security>.

Cisco and IRM agree that the videos do not demonstrate or represent a
vulnerability in Cisco IOS. Specifically, the code to manipulate
Cisco I

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200710-09
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200710-08
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

[ more ]  [ reply ]

Invitation to Hack.lu [1] - A small but nice Conference in the
Heart of Europe.

As you may or may not know, we always prepare something special
for Hack.lu, last year BTcrack, this year we'd like to announce
our (n.runs AG) Presentation @ this years Hack. lu, entitled:

----------------

[ more ]  [ reply ]

#######################################################################

Luigi Auriemma

Application: World in Conflict
http://www.worldinconflict.com
Versions: <= 1.000
Platforms: Windows
Bug: access to NULL pointer
Exploitation: remote,

[ more ]  [ reply ]

Microsoft Windows Mail and Outlook Express NNTP Protocol Heap Overflow

iDefense Security Advisory 10.09.07
http://labs.idefense.com/intelligence/vulnerabilities/
Oct 09, 2007

I. BACKGROUND

Microsoft Windows Mail and Outlook Express are the default mail and news
clients for Windows operating syste

[ more ]  [ reply ]

I think that you're both right, but the only solution is the same old, same old: speed, code size, and maintainability/complexity versus the padding and added IO checking of a very secure app. Nothing new, nothing different. It's the same problem that has existed since the dawn of programming.

[ more ]  [ reply ]

----- Original Message -----
From: "Thierry Zoller" <Thierry (at) Zoller (dot) lu [email concealed]>

> Again Geo, NOBODY has said that this is a vulnerability OF IE7 ITSELF we
> said
> the handler that IE7 installs is broken.

I'm not disagreeing with that statement. I'm saying this input should never
get that far.

Geo.

[ more ]  [ reply ]

Glynn Clements ha scritto:
> Modifying individual programs to protect against a shell-injection bug
> in Windows' URI handler is a workaround (mitigation strategy), not a
> fix.

I repeat. Nowhere is said that ShellExecute (the default "run stuff"
function) takes URLs. It takes strings. A desktop sh

[ more ]  [ reply ]

On Sat, 06 Oct 2007 12:43:16 EDT, "Geo." said:

> If the application is what exposes the URI handling routine to untrusted
> code from the internet, then it's the application's job to make sure that
> code is trusted before exposing system components to it's commands, no?

I think that given a sys

[ more ]  [ reply ]

Roger A. Grimes wrote Friday, October 05, 2007 3:54 PM

> I'm asking, with genuine interest and a listening ear, what is the best
> long term
> solution you envision, to solve the larger problem?

Apparently the long term solution is for third-party apps to point blame at
Microsoft, and for Micro

[ more ]  [ reply ]

===========================================================
Ubuntu Security Notice USN-527-1 October 05, 2007
xen-3.0 vulnerability
CVE-2007-4993
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 7.04

This advisor

[ more ]  [ reply ]

Kurt Dillard wrote:

> In my opinion, every application should handle incoming data as bad data.
> Its poor programming to assume that incoming data is properly formatted and
> safe to process as is, even if the data is supposed to come from a process
> you own. Why so extreme? Because the bad g

[ more ]  [ reply ]

Bugtraq readers,

This may be a little off-topic, but hopefully still of interest to this
audience,

Last Friday I had the opportunity to moderate a panel - Political
Phishing - A Threat to the 2008 Campaign? - held as part of the
Anti-Phishing Working Group eCrime Researchers Summit hosted by Car

[ more ]  [ reply ]

Hey.

I've been waiting to see when somebody finally got around to testing
Outlook express.

It's also possible to exploit this through Outlook full version from
office 2003.

I have also discovered other problems (not difficult to fine) which
allows the execution of any program which has register

[ more ]  [ reply ]

New Advisory:

modx-0.9.6

http://www.dear-pets.com

???????Summary?????-

Software: modx-0.9.6

Sowtware?s Web Site: http://www.modxcms.com

Versions: 0.9.6

Critical Level: Moderate

Type: Multiple Vulnerabilities

Class: Remote

Status: Unpatched

PoC/Exploit: Not Available

Solution: Not Avai

[ more ]  [ reply ]

these work inside OE, default with html turned off
they do not work when clicked from a normal
local html.

----- Original Message -----
From: "Thierry Zoller" <Thierry (at) Zoller (dot) lu [email concealed]>
To: <bugtraq (at) securityfocus (dot) com [email concealed]>; <full-disclosure (at) lists.grok.org (dot) uk [email concealed]>
Sent: Saturday, October 06, 2007 8:06 AM
Subject:

[ more ]  [ reply ]

Severity: Critical
Effect: Compromise of FInancial Data, deletion of audit trails,
alteration of system settings, disclosure of confidential information
possible in some setups.
Affected products: LedgerSMB 1.0.0-1.2.7 , SQL-Ledger 2.x (all versions).

1: SQL injection issue in invoice quantity

[ more ]  [ reply ]

[HSC] DNewsWeb Softwares Cross Site Scripting Vulrnability

The DNews News Server is advanced news server software that makes it easy for you to

provide users with fast access to Internet (Usenet) news groups. Installing your own l

ocal news server software also gives you complete control to

[ more ]  [ reply ]

Juergen Schmidt wrote:

> the URI handling problem on Windows XP systems with IE 7 installed hits
> a lot of applications, not only Firefox (and mIRC) -- namely Skype,
> Acrobat Reader, Miranda, Netscape.

To be more specific:

A custom .pdf with a link inside like this:

> mailto:test%../../../../w

[ more ]  [ reply ]

rPath Security Advisory: 2007-0212-1
Published: 2007-10-08
Products: rPath Linux 1
Rating: Major
Exposure Level Classification:
Local Root Deterministic Privilege Escalation
Updated Versions:
util-linux=/conary.rpath.com@rpl:devel//1/2.12r-1.5-1

rPath Issue Tracking System:
https://issu

[ more ]  [ reply ]

I appreciate everyone's replies. Thanks for the replies and the
explanations. I'm not a Microsoft developer, I'm just a security
consultant. I didn't understand the nature of the central issue, at
first, but now I do.

Thanks again.

Roger

**********************************************************

[ more ]  [ reply ]

Aria-Security Team

----------------------

Viart Shopping Cart Directory Transversal Vuln

Vendor:

http://www.viart.com/

POC:

function createCertFingerprint($filename) {

$fp = fopen($filename, "r");

http://target/path/payments/ideal_process.php

Credits Goes To Aria-Security

[ more ]  [ reply ]

----- Original Message -----
From: "Thierry Zoller" <Thierry (at) Zoller (dot) lu [email concealed]>

> The user clicks on a mailto link, is that untrusted code?

Depends on where the link comes from. If it's a shortcut on the users
desktop no it's not untrusted, if it's in a PDF file you received in your
email then yes it's

[ more ]  [ reply ]

Juergen Schmidt wrote:

> the URI handling problem on Windows XP systems with IE 7 installed hits
> a lot of applications, not only Firefox (and mIRC) -- namely Skype,
> Acrobat Reader, Miranda, Netscape.

Testing shows that the mailto: thingy in Acrobat also works on Windows
2003 Server, SP2.

--

[ more ]  [ reply ]

----- Original Message -----
From: "Glynn Clements" <glynn (at) gclements.plus (dot) com [email concealed]>

> URIs which it passes to an external handler (e.g. mailto:), it only
> needs to identify the scheme (to select the correct handler); it is
> the handler's responsibility to validate its own URIs (i.e. mail
> programs n

[ more ]  [ reply ]