Bugtraq

Liferay 6.1 json webservices are subject to cross-site request forgery attacks

Tue, 15 May 2012 18:02:17 GMT

Posted by Jelmer Kuperus on May 15

Liferay 6.1 json webservices are subject to cross-site request forgery attacks

Description:

Liferay Portal is an enterprise portal written in Java

If a user is currently logged in to the portal (or has ticked the
remember me box) then with a
little help of social engineering (like sending a link via
email/chat), an attacker can read most
data the logged in user is priviliged to see. The reason for this is
that the new json webservices
let you...

[ MDVSA-2012:075 ] ffmpeg

Tue, 15 May 2012 17:51:10 GMT

Posted by security on May 15

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2012:075
http://www.mandriva.com/security/
_______________________________________________________________________

Package : ffmpeg
Date : May 15, 2012
Affected: 2010.1
_______________________________________________________________________

Problem Description:

Multiple vulnerabilities has been...

Liferay 6.1 can be compromised without having an account on the portal

Tue, 15 May 2012 17:39:24 GMT

Posted by Jelmer Kuperus on May 15

Liferay 6.1 can be compromised without having an account on the portal

Description:

Liferay Portal is an enterprise portal written in Java

Liferay in it's default configuration exposes a number of remotely
accessible webservices.
Access to these services is restricted by an ip block.

It is possible to circumvent this ip block in the following way :...

Guests can view names and emailadresses of all Liferay users in liferay 6.1

Tue, 15 May 2012 17:27:18 GMT

Posted by Jelmer Kuperus on May 15

Guests can view names and emailadresses of all Liferay users in liferay 6.1

Description:

Liferay Portal is an enterprise portal written in Java

As an unauthenticated user it is possible to retrieve the names and
email adresses of all Liferay users.
To retrieve a list of all users simply issue the following request

http://vulnerablehost/c/search/open_search?p=1&c=5000&keywords=entryClassName:com.liferay.portal.model.User

Getting to...

Multiple xss issues in Liferay

Tue, 15 May 2012 17:15:37 GMT

Posted by Jelmer Kuperus on May 15

Multiple xss issues in Liferay

Description:

Liferay Portal is an enterprise portal written in Java

Multiple xss vulnerabilities where found in liferay. Because liferay
has a "remember me"
option in their login screen that stores an encrypted password in a
cookie this is more
problematic than it otherwise would be

1. xss vulnerability in upload_progress_poller.jsp...

APPLE-SA-2012-05-14-2 Leopard Security Update 2012-003

Tue, 15 May 2012 17:04:37 GMT

Posted by Apple Product Security on May 15

APPLE-SA-2012-05-14-2 Leopard Security Update 2012-003

Leopard Security Update 2012-003 is now available and addresses the
following:

Internet plug-ins
Available for: Mac OS X v10.5 to 10.5.8 Intel
Impact: Out-of-date versions of Adobe Flash Player are disabled
Description: This update disables Adobe Flash Player if it is older
than 10.1.102.64 by moving its files to a new directory. This update
presents the option to install an updated...

APPLE-SA-2012-05-14-1 Flashback Removal Security Update

Tue, 15 May 2012 16:53:11 GMT

Posted by Apple Product Security on May 15

APPLE-SA-2012-05-14-1 Flashback Removal Security Update

Flashback Removal Security Update is now available and addresses the
following:

Malware removal
Available for: Mac OS X v10.5 to v10.5.8
Impact: A Flashback malware removal tool will be run
Description: This update runs a malware removal tool that will
remove the most common variants of the Flashback malware. If the
Flashback malware is found, it presents a dialog notifying the user...

NETGEAR Exposure of Sensitive Information - Security Advisory - SOS-12-005

Tue, 15 May 2012 16:42:17 GMT

Posted by Lists on May 15

Sense of Security - Security Advisory - SOS-12-005

Release Date. 13-May-2012
Last Update. -
Vendor Notification Date. 06-Mar-2012
Product. NETGEAR WNDRMAC
Platform. Hardware
Affected versions. 1.0.0.22 and below
Severity Rating. High
Impact. Exposure of sensitive information
Attack Vector. From remote without...

ICACLS.EXE ignores and destroys SE_DACL_PROTECTED/SE_SACL_PROTECTED

Tue, 15 May 2012 16:30:48 GMT

Posted by Stefan Kanthak on May 15

Hi @ll,

since Windows Vista resp. Windows Server 2003 Service Pack 2, the
command line tool to modify/set file/directory permissions is
ICACLS.EXE [0][1][2][3][4].

Main advantage over the previous command line tools CACLS.EXE [5],
XCACLS.EXE [6] and XCACLS.VBS [7] is the ability to specify
inheritance and to process/propagate inheritable permissions.

But exactly the handling of inheritance is severely broken: in an
objects security descriptor...

Trigerring Java code from a SVG image

Tue, 15 May 2012 16:19:03 GMT

Posted by Nicolas Grégoire on May 15

Hello,

SVG is a XML-based file format for static or animated images. Some SVG
specifications (like SVG 1.1 and SVG Tiny 1.2) allow to trigger some
Java code when the SVG file is opened.

Given that I had to look at these features for a customer, I developed
some PoC codes which are now available online:
http://www.agarri.fr/docs/batik-evil.svg
http://www.agarri.fr/docs/batik-evil.jar

I published a more detailed article on my blog:...

Re: rssh security announcement

Tue, 15 May 2012 16:08:26 GMT

Posted by Derek Martin on May 15

Actually, I have a patch for this. I'll be publishing it later this
week, when I can find some time to do it.

[ MDVSA-2012:076 ] ffmpeg

Tue, 15 May 2012 15:57:50 GMT

Posted by security on May 15

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2012:076
http://www.mandriva.com/security/
_______________________________________________________________________

Package : ffmpeg
Date : May 15, 2012
Affected: 2011.
_______________________________________________________________________

Problem Description:

Multiple vulnerabilities has been...

[ MDVSA-2012:074 ] ffmpeg

Tue, 15 May 2012 15:06:45 GMT

Posted by security on May 15

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2012:074
http://www.mandriva.com/security/
_______________________________________________________________________

Package : ffmpeg
Date : May 14, 2012
Affected: Enterprise Server 5.0
_______________________________________________________________________

Problem Description:

Multiple...

[ MDVSA-2012:073 ] openssl

Tue, 15 May 2012 14:56:38 GMT

Posted by security on May 15

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2012:073
http://www.mandriva.com/security/
_______________________________________________________________________

Package : openssl
Date : May 11, 2012
Affected: 2010.1, 2011., Enterprise Server 5.0
_______________________________________________________________________

Problem Description:

A...

[SECURITY] [DSA 2457-2] New icedove/iceweasel packages fix regression

Tue, 15 May 2012 14:45:38 GMT

Posted by Moritz Muehlenhoff on May 15

-------------------------------------------------------------------------
Debian Security Advisory DSA-2457-2 security () debian org
http://www.debian.org/security/ Moritz Muehlenhoff
May 13, 2012 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : iceweasel / icedove
Vulnerability : several
Problem type...