Encrypted tunnels enable users to circumvent security controls

In the previous article, I talked a bit about how employees are using external proxies to hide web activity from the prying eyes of the IT department. This article discusses the use of encrypted tunnel applications to hide from detection. To someone like myself an admitted web 1.2 kinda guy, usin...

SquirrelMail: Multiple cross site scripting issues

Multiple cross-site scripting XSS vulnerabilities in SquirrelMail before 1.4.18 and NaSMail before 1.7 allow remote attackers to inject arbitrary web script or HTML via vectors involving 1 certain encrypted strings in e-mail headers, related to contrib/decryptheaders.php; 2 PHPSELF; and 3 the que...

Encrypted passwords in osuser.xml

panel:bgColor=e7f4fa NOTE: This suggestion is for JIRA Server. Using JIRA Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/JRACLOUD-17317. panel We need to set a crypted password instead plain text password in java.naming.security.credentials within osuser.xml...

Encrypted passwords in osuser.xml

panel:bgColor=e7f4fa NOTE: This suggestion is for JIRA Cloud. Using JIRA Server? See the corresponding suggestion|http://jira.atlassian.com/browse/JRASERVER-17317. panel We need to set a crypted password instead plain text password in java.naming.security.credentials within osuser.xml...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in SquirrelMail before 1.4.18 and NaSMail before 1.7 allow remote attackers to inject arbitrary web script or HTML via vectors involving 1 certain encrypted strings in e-mail headers, related to contrib/decryptheaders.php; 2 PHPSELF; and 3 the que...

CVE-2009-1578

Multiple cross-site scripting XSS vulnerabilities in SquirrelMail before 1.4.18 and NaSMail before 1.7 allow remote attackers to inject arbitrary web script or HTML via vectors involving 1 certain encrypted strings in e-mail headers, related to contrib/decryptheaders.php; 2 PHPSELF; and 3 the que...

CVE-2009-1578

CVE-2009-1578 affects SquirrelMail < 1.4.18 and NaSMail

How employees evade IT security controls

Prior to January of 2007, I had very little exposure to the vast array of applications that employees use while at work. Sure, I used IM, webmail and listened to music online, but I was being paid to do a job, not entertain myself. After joining Palo Alto Networks, and analyzing 18 months worth o...

Formshield Captcha - Older Version vulnerable to replay attacks

Replay attack on CAPTCHA Libraries Summary A CAPTCHA implementation that we tested were found to be vulnerable to replay attacks. The attack is explained in detail for Formshield – A popular DOT NET CAPTCHA implementation. NOTE: We discovered this during a Black Box engagement with one of our...

Mandriva Linux Security Advisory : evolution (MDVSA-2008:063)

Ulf Harnhammar of Secunia Research discovered a format string flaw in how Evolution displayed encrypted mail content. If a user were to open a carefully crafted email message, arbitrary code could be executed with the permissions of the user running Evolution. The updated packages have been patch...

What's on the cover of that Verizon breach report?

Psst! Psst! Ryan here. Did you notice that all the text on the cover of Verizon’s 2009 data breach report pdf is selectable? A little birdie tells me that’s no coincidence. Encrypted message, etc. Even better, the report contains some obvious clues to decrypt. And something about cash prizes for...

CVE-2008-6706

Multiple unspecified vulnerabilities in the Web management interface in Avaya SIP Enablement Services SES 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, allow remote attackers to obtain 1 application server configuration, 2 database server configuration including encrypted passwords...

Code injection

Multiple unspecified vulnerabilities in the Web management interface in Avaya SIP Enablement Services SES 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, allow remote attackers to obtain 1 application server configuration, 2 database server configuration including encrypted passwords...

CVE-2008-6706

Multiple unspecified vulnerabilities in the Web management interface in Avaya SIP Enablement Services SES 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, allow remote attackers to obtain 1 application server configuration, 2 database server configuration including encrypted passwords...

Mandriva Update for evolution MDVSA-2008:063 (evolution)

Check for the Version of evolution OpenVAS Vulnerability Test Mandriva Update for evolution MDVSA-2008:063 evolution Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify i...

Ubuntu Update for evolution vulnerability USN-583-1

Ubuntu Update for Linux kernel vulnerabilities USN-583-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN5831.nasl 7969 2017-12-01 09:23:16Z santu $ Ubuntu Update for evolution vulnerability USN-583-1 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH,...

Ubuntu Update for enigmail vulnerability USN-427-1

Ubuntu Update for Linux kernel vulnerabilities USN-427-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN4271.nasl 7969 2017-12-01 09:23:16Z santu $ Ubuntu Update for enigmail vulnerability USN-427-1 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH,...

Ubuntu: Security Advisory (USN-583-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RedHat Update for evolution RHSA-2008:0177-01

Check for the Version of evolution OpenVAS Vulnerability Test RedHat Update for evolution RHSA-2008:0177-01 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under t...

CentOS Update for evolution CESA-2008:0177 centos4 x86_64

Check for the Version of evolution OpenVAS Vulnerability Test CentOS Update for evolution CESA-2008:0177 centos4 x8664 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify...