Posted by Jelmer Kuperus on May 15

Liferay 6.1 json webservices are subject to cross-site request forgery attacks

Description:

Liferay Portal is an enterprise portal written in Java

If a user is currently logged in to the portal (or has ticked the
remember me box) then with a
little help of social engineering (like sending a link via
email/chat), an attacker can read most
data the logged in user is priviliged to see. The reason for this is
that the new json webservices
let you...

Posted by security on May 15

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2012:075
http://www.mandriva.com/security/
_______________________________________________________________________

Package : ffmpeg
Date : May 15, 2012
Affected: 2010.1
_______________________________________________________________________

Problem Description:

Multiple vulnerabilities has been...

Posted by Jelmer Kuperus on May 15

Liferay 6.1 can be compromised without having an account on the portal

Description:

Liferay Portal is an enterprise portal written in Java

Liferay in it's default configuration exposes a number of remotely
accessible webservices.
Access to these services is restricted by an ip block.

It is possible to circumvent this ip block in the following way :...

Posted by Jelmer Kuperus on May 15

Guests can view names and emailadresses of all Liferay users in liferay 6.1

Description:

Liferay Portal is an enterprise portal written in Java

As an unauthenticated user it is possible to retrieve the names and
email adresses of all Liferay users.
To retrieve a list of all users simply issue the following request

http://vulnerablehost/c/search/open_search?p=1&c=5000&keywords=entryClassName:com.liferay.portal.model.User

Getting to...

Posted by Jelmer Kuperus on May 15

Multiple xss issues in Liferay

Description:

Liferay Portal is an enterprise portal written in Java

Multiple xss vulnerabilities where found in liferay. Because liferay
has a "remember me"
option in their login screen that stores an encrypted password in a
cookie this is more
problematic than it otherwise would be

1. xss vulnerability in upload_progress_poller.jsp...

Posted by Apple Product Security on May 15

APPLE-SA-2012-05-14-2 Leopard Security Update 2012-003

Leopard Security Update 2012-003 is now available and addresses the
following:

Internet plug-ins
Available for: Mac OS X v10.5 to 10.5.8 Intel
Impact: Out-of-date versions of Adobe Flash Player are disabled
Description: This update disables Adobe Flash Player if it is older
than 10.1.102.64 by moving its files to a new directory. This update
presents the option to install an updated...

Posted by Apple Product Security on May 15

APPLE-SA-2012-05-14-1 Flashback Removal Security Update

Flashback Removal Security Update is now available and addresses the
following:

Malware removal
Available for: Mac OS X v10.5 to v10.5.8
Impact: A Flashback malware removal tool will be run
Description: This update runs a malware removal tool that will
remove the most common variants of the Flashback malware. If the
Flashback malware is found, it presents a dialog notifying the user...

Posted by Lists on May 15

Sense of Security - Security Advisory - SOS-12-005

Release Date. 13-May-2012
Last Update. -
Vendor Notification Date. 06-Mar-2012
Product. NETGEAR WNDRMAC
Platform. Hardware
Affected versions. 1.0.0.22 and below
Severity Rating. High
Impact. Exposure of sensitive information
Attack Vector. From remote without...

Posted by Stefan Kanthak on May 15

Hi @ll,

since Windows Vista resp. Windows Server 2003 Service Pack 2, the
command line tool to modify/set file/directory permissions is
ICACLS.EXE [0][1][2][3][4].

Main advantage over the previous command line tools CACLS.EXE [5],
XCACLS.EXE [6] and XCACLS.VBS [7] is the ability to specify
inheritance and to process/propagate inheritable permissions.

But exactly the handling of inheritance is severely broken: in an
objects security descriptor...

Posted by Nicolas Grégoire on May 15

Hello,

SVG is a XML-based file format for static or animated images. Some SVG
specifications (like SVG 1.1 and SVG Tiny 1.2) allow to trigger some
Java code when the SVG file is opened.

Given that I had to look at these features for a customer, I developed
some PoC codes which are now available online:
http://www.agarri.fr/docs/batik-evil.svg
http://www.agarri.fr/docs/batik-evil.jar

I published a more detailed article on my blog:...

Posted by Derek Martin on May 15

Actually, I have a patch for this. I'll be publishing it later this
week, when I can find some time to do it.

Posted by security on May 15

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2012:076
http://www.mandriva.com/security/
_______________________________________________________________________

Package : ffmpeg
Date : May 15, 2012
Affected: 2011.
_______________________________________________________________________

Problem Description:

Multiple vulnerabilities has been...

Posted by security on May 15

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2012:074
http://www.mandriva.com/security/
_______________________________________________________________________

Package : ffmpeg
Date : May 14, 2012
Affected: Enterprise Server 5.0
_______________________________________________________________________

Problem Description:

Multiple...

Posted by security on May 15

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2012:073
http://www.mandriva.com/security/
_______________________________________________________________________

Package : openssl
Date : May 11, 2012
Affected: 2010.1, 2011., Enterprise Server 5.0
_______________________________________________________________________

Problem Description:

A...

Posted by Moritz Muehlenhoff on May 15

-------------------------------------------------------------------------
Debian Security Advisory DSA-2457-2 security () debian org
http://www.debian.org/security/ Moritz Muehlenhoff
May 13, 2012 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : iceweasel / icedove
Vulnerability : several
Problem type...

Posted by Jelmer Kuperus on May 14

Liferay users can assign themselves to organizations, leading to
possible privilege escalation

Description:

Liferay Portal is an enterprise portal written in Java

Due to insufficient permission checking in the updateOrganizations
method of UserService any user
can assign hem or her self to any organization by issueing a single http request...

Posted by demonalex on May 14

Title: Universal Reader Filename Denial Of Service Vulnerability
Software : Universal Reader

Software Version : 1.16.740.0 (product version: 0.63.538)

Vendor: http://uread.superfection.com/

Vulnerability Published : 2012-05-12

Vulnerability Update Time :

Status :

Impact : Medium(CVSS2 Base : 5.0, AV:N/AC:L/Au:N/C:N/I:N/A:P)

Bug Description :
Universal Reader is a online/offline reader for reading polytype e-book files.
Universal Reader...

Posted by Yves-Alexis Perez on May 14

-------------------------------------------------------------------------
Debian Security Advisory DSA-2670-1 security () debian org
http://www.debian.org/security/ Yves-Alexis Perez
May 11, 2012 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : wordpress
Vulnerability : several
Problem type : remote...

Posted by pereira on May 14

#################################################
b2ePMS 1.0 Authentication Bypass Vulnerability
#################################################

Discovered by: Jean Pascal Pereira <pereira () secbiz de>

Vendor Information:

"b2ePMS stands for Browser to Email Phone Message System. It is intended to replace the standard
paper/carbon phone message slips commonly used in offices, with the capability of sending the message
via a web...

Posted by Tomi Tuominen on May 11

# t2'12 - Call For Papers #
Helsinki, Finland
October 25 - 26, 2012

We are pleased to announce the annual t2'12 infosec conference, which
will take place in Helsinki, Finland, from October 25 to 26, 2012.

We are looking for original, preferably technical presentations in the
fields of information security. Presentations should last a minimum of
60 minutes and a maximum of two...