[Full-disclosure] High security hole in NullLogic Groupware



Hi,

I've identified a couple of security flaws affecting the NullLogic Groupware
which may allow compromise of accounts, denial of service or even remote code
execution.  These issues were reported by email to the developer but no
response was forthcoming.
 
Tim
--
Tim Brown
<mailto:timb@xxxxxxxxxxxxxxxxxxxx>
<http://www.nth-dimension.org.uk/>

Attachment: NDSA20090413.txt.asc
Description: application/pgp-keys

Attachment: signature.asc
Description: This is a digitally signed message part.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Relevant Pages

  • High security hole in NullLogic Groupware
    ... which may allow compromise of accounts, denial of service or even remote code ... execution. ...
    (Bugtraq)
  • Re: BSD VM architecture...
    ... change the environment when thread execution ... The only compromise I see is a mixture ... | can access a few megs of shared data. ... | of reference within the memory mapped data. ...
    (comp.unix.programmer)
  • Re: Password Cracking
    ... Agreed about monitoring/logging. ... SecureID is much better. ... In the process of trying to compromise our passwords, ... assessment the security vendor we hired locked out many of our accounts. ...
    (Security-Basics)
  • Update for VML Vulnerability Released
    ... Microsoft Security Bulletin MS06-055 - ... Vulnerability in Vector Markup Language Could Allow Remote Code ... Execution http://www.microsoft.com/technet/security/Bulletin/MS06-055.mspx ...
    (microsoft.public.windowsupdate)
  • Ah Sweet Liberty!!
    ... There are inconsistencies in the accounts of the incident ... The police are human beings like the rest of us. ... that Kelly's execution was most probably by a team of ex-Mukharabat Iraqi ... How safe we are evidently is as safe as the intelligence agencies and Crowns ...
    (uk.legal)