"DrWhax" of the Tails project reported that Claws Mail is missing range checks in some text conversion functions. A remote attacker could exploit this to run arbitrary code under the account of a user that receives a message from them using Claws Mail.
For the oldstable distribution (wheezy), this problem has been fixed in version 3.8.1-2+deb7u1.
For the stable distribution (jessie), this problem has been fixed in version 3.11.1-3+deb8u1.
We recommend that you upgrade your claws-mail packages.
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at:https://www.debian.org/security/
##################################### Thanks to all the friends and Iranian hackers, and thank all the membershttp://Iedb.IrAnd IrIsT.Ir Team Home :http://iedb.ir-http://xssed.ir-http://iedb.ir/acc http://Xssed.Ir: On this site, all bugs Xss and Sql which sites are placed.Be sure to check the site and sites vulnerable to it. ##################################### Archive Exploit :http://iedb.ir/exploits.php?id=4582 #####################################
Product: ====================================== XMB - eXtreme Message Board v1.9.11.13 XMB forum software is open source and runs PHP scripts with a MySQL database backend.
XMB Forum uses weak MD5 hashing algorithm and no salt, the unsalted passwords are then stored in a browser cookie and also in the 'xmb_members' table of the XMB database. Using weak cryptographic one-way hash functions like MD5 without using salt for storing user passwords allows attackers that gain access to this data ability to conduct password cracking attacks using pre-computed dictionaries, e.g. rainbow tables.
2) Insecure Storage
Storing user passwords in unsalted MD5 hash form leaves them vulnerable both online and offline. I noticed XMB has no session timeout/logout mechanism for if a user is inactive for a certain period of time and does not logout, leaving thier MD5 unsalted passwords stored in cookies on disc. This further allows thier passwords to be vulnerable to theft if their local machine is compromised. However, even if the user logs out and XMB cookies are cleared the passwords are still in the MySQL database on the server unsalted and MD5 hashed.
POC: =====
Example XMB cookie ...
MD5 password of 'abc123' ----> 'e99a18c428cb38d5f260853678922e03'
In "member.php" on line 493 under files/ dir of XMB application we see hashing of user password using weak MD5 hashing function, then being stored in the MySQL database.
$password = md5($password);
if ($SETTINGS['regoptional'] == 'off') {
$db->query("INSERT INTO ".X_PREFIX."members (username, password, regdate, postnum, email, ....
etc....
In 'member.php' line 599 we see it stored in cookie ---> put_cookie("xmbpw", $password, $currtime, $cookiepath, $cookiedomain);
Disclosure Date: ==================================== Vendor Notification: NA January 23, 2016 : Public Disclosure
[+] Disclaimer Permission is hereby granted for the redistribution of this advisory, provided that it is not altered except by reformatting it, and that due credit is given. Permission is explicitly given for insertion in vulnerability databases and similar, provided that due credit is given to the author. The author is not responsible for any misuse of the information contained herein and prohibits any malicious use of all security related information or exploits by the author or elsewhere.