Feed aggregator

Bugtraq: Re: [FD] Beginner's error: import function of Windows Mail executes rogue program C:\Program.exe with credentials of other account

Re: [FD] Beginner's error: import function of Windows Mail executes rogue program C:\Program.exe with credentials of other account
Categories:

Bugtraq: RE: [FD] Beginner's error: import function of Windows Mail executes rogue program C:\Program.exe with credentials of other account

RE: [FD] Beginner's error: import function of Windows Mail executes rogue program C:\Program.exe with credentials of other account
Categories:

Bugtraq: Re: [FD] Beginner's error: import function of Windows Mail executes rogue program C:\Program.exe with credentials of other account

Re: [FD] Beginner's error: import function of Windows Mail executes rogue program C:\Program.exe with credentials of other account
Categories:

Bugtraq: [ MDVSA-2014:144 ] live

[ MDVSA-2014:144 ] live
Categories:

More rss feeds from SecurityFocus

News, Infocus, Columns, Vulnerabilities, Bugtraq ...
Categories:

Re: [FD] Beginner's error: import function of Windows Mail executes rogue program C:\Program.exe with credentials of other account

BugTraq Latest Security Advisories - 9 hours 44 min ago

Posted by Stefan Kanthak on Jul 31

"Joe Souza" <Joe.Souza () NetMotionWireless com> wrote:

I dont: I but blame PEBKAC for the HTML or other deficiencies.

Really?
Where did I write that CreateProcess() should guess how many parts of
the command line form the path to the application?

You still dont get the point, you dont even read what I wrote.

Stefan

-----Original Message-----
From: Stefan Kanthak [mailto:stefan.kanthak () nexgo de]
Sent: Wednesday, July 30,...
Categories:

next-20140731: linux-next

Linux Kernel Updates - 9 hours 46 min ago
Version:next-20140731 (linux-next) Released:2014-07-31

RE: [FD] Beginner's error: import function of Windows Mail executes rogue program C:\Program.exe with credentials of other account

BugTraq Latest Security Advisories - 9 hours 53 min ago

Posted by Joe Souza on Jul 31

You can blame the Mail app on Android for the HTML.

You have illustrated below exactly the reason why CreateProcess needs to handle unquoted paths. Thanks for helping me
make my point.

-----Original Message-----
From: Stefan Kanthak [mailto:stefan.kanthak () nexgo de]
Sent: Wednesday, July 30, 2014 10:11 AM
To: Joe Souza; Michael Cramer; Gynvael Coldwind
Cc: fulldisclosure; Brandon Perry; bugtraq () securityfocus com
Subject: Re: [FD]...
Categories:

Re: [FD] Beginner's error: import function of Windows Mail executes rogue program C:\Program.exe with credentials of other account

BugTraq Latest Security Advisories - 10 hours 4 min ago

Posted by Stefan Kanthak on Jul 31

"Joe Souza" <Joe.Souza () NetMotionWireless com> wrote:

Stop sending HTML!

It does: the Win16 API does NOT support LFNs, just SFNs. With this
precondition (which you did not take into account, again) WinExec()
supports under Win32 exact the same semantics as under Win16.

Stefan

-------- Original message --------
From: Stefan Kanthak
Date:07/30/2014 8:26 AM (GMT-08:00)
To: Joe Souza , Michael Cramer , Gynvael Coldwind
Cc:...
Categories:

Re: [FD] Beginner's error: import function of Windows Mail executes rogue program C:\Program.exe with credentials of other account

BugTraq Latest Security Advisories - 10 hours 17 min ago

Posted by Stefan Kanthak on Jul 31

"Joe Souza" <Joe.Souza () NetMotionWireless com> wrote:

What else is it then?

Really? Let's see how good your understanding of the Win32 API and its
compatibility to the Win16 API is.

And every so often they made the wrong decision!

Such crap deserves to break: better be safe than sorry.

NTFS was LFN-aware, from its very beginning, 20+ years ago!

Which Windows API?

The Win32 API was introduced with Windows NT, together...
Categories:

[ MDVSA-2014:144 ] live

BugTraq Latest Security Advisories - 10 hours 25 min ago

Posted by security on Jul 31

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:144
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : live
Date : July 30, 2014
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:

Updated live...
Categories:

Bugtraq: Re: [FD] Beginner's error: import function of Windows Mail executes rogue program C:\Program.exe with credentials of other account

Re: [FD] Beginner's error: import function of Windows Mail executes rogue program C:\Program.exe with credentials of other account
Categories:

Bugtraq: [ MDVSA-2014:143 ] phpmyadmin

[ MDVSA-2014:143 ] phpmyadmin
Categories:

[ MDVSA-2014:143 ] phpmyadmin

BugTraq Latest Security Advisories - 10 hours 34 min ago

Posted by security on Jul 31

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:143
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : phpmyadmin
Date : July 30, 2014
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:...
Categories:

[ MDVSA-2014:142 ] apache

BugTraq Latest Security Advisories - 10 hours 44 min ago

Posted by security on Jul 31

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:142
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : apache
Date : July 30, 2014
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:

Updated...
Categories:

Improper Access Control in ArticleFR

BugTraq Latest Security Advisories - 10 hours 54 min ago

Posted by High-Tech Bridge Security Research on Jul 31

Advisory ID: HTB23219
Product: ArticleFR
Vendor: Free Reprintables
Vulnerable Version(s): 11.06.2014 and probably prior
Tested Version: 11.06.2014
Advisory Publication: June 11, 2014 [without technical details]
Vendor Notification: June 11, 2014
Public Disclosure: July 30, 2014
Vulnerability Type: Improper Access Control [CWE-284]
CVE Reference: CVE-2014-4170
Risk Level: High
CVSSv2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Solution...
Categories:

Bugtraq: Vulnerabilities in Facebook and Facebook Messenger for Android [STIC-2014-0529]

Vulnerabilities in Facebook and Facebook Messenger for Android [STIC-2014-0529]
Categories:

Bugtraq: [ MDVSA-2014:141 ] java-1.7.0-openjdk

[ MDVSA-2014:141 ] java-1.7.0-openjdk
Categories:

Bugtraq: [security bulletin] HPSBMU03078 rev.1 - HP CloudSystem Foundation and HP CloudSystem Enterprise Software running OpenSSL, Remote Unauthorized Access or Disclosure of Information

[security bulletin] HPSBMU03078 rev.1 - HP CloudSystem Foundation and HP CloudSystem Enterprise Software running OpenSSL, Remote Unauthorized Access or Disclosure of Information
Categories:

Bugtraq: [ MDVSA-2014:140 ] owncloud

[ MDVSA-2014:140 ] owncloud
Categories: