The following message apperently bounced the first time i send it :s
Flash player can read local files
Description
There is a flaw in the macromedia flash player wich allows reading and
sending of local files
The flaw lies in the fact that when a flash movie is loaded from a remote
smb share
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- --
PACKAGE : apache
SUMMARY : DoS and other
ArGoSoft Web-Mail security problem.
A vulnerability affects ArGoSoft Mail Server Pro for WinNT/2000/XP
(Version 1.8.1.9)
I did not test other versions, this is the only I have, but others should be
vulnerable too. The problem is in the Web-Mail interface, it is posible to
execute javascript by
-BEGIN PGP SIGNED MESSAGE-
__
SuSE Security Announcement
Package:mod_php4
Announcement-ID:SuSE-SA:2002:036
Date: Friday,
1)
Informations :
°°
Product : phpSecurePages
Tested version : 0.27b
Website : http://www.phpsecurepages.f2s.com
Problem : include file
PHP Code :
°°
-- checklogin.php -
if (!$login) {
// no login available
include($cfgProgDir .
Goodevening people,
I've found a little (not sure) xss bug in the Hotmail login page, i just started to
learn about xss bugs. I didnt tryd to much on this, i even contacted Microsoft. They
prolly very busy with counting do, or its a harmless bug.. got no idea ;). They didnt
reacted, and im
-BEGIN PGP SIGNED MESSAGE-
__
SuSE Security Announcement
Package:hylafax
Announcement-ID:SuSE-SA:2002:035
Date: Friday,
On Tue, Oct 01, 2002 at 09:57:27AM -0400, Rossen Raykov wrote:
A request like the quoted below will cause Zope to produce stack traces in
the response that will reveal the information mentioned above.
The same is if you try to access the manage interface and, after a failed
login, click
Hi,
A while ago I was made aware of services such as www.tinyurl.com,
which will shorten a long url into a shorter one, such as:
http:[EMAIL PROTECTED]
val.tool.html
to
http://tinyurl.com/1qoo
I can see two problems with this type of system, both of which I have
contacted the [EMAIL
On Fri, 4 Oct 2002, 3APA3A wrote:
The only change in Ikonboard 3.1.1 (at least on sending private
messages) is it checks URL extension to be .gif or .jpg, so
[IMG]javascript:alert(document.cookie).gif[/IMG] still works
perfectly
Not working for me, IconBoard
Andrew Hodgson [EMAIL PROTECTED] writes:
The second is that anyone can create any url, and the user knows very
little about what they are clicking on.
And this differs in what way from the current state of affairs on the
rest of the net?
Anybody is free to start his own shortcut service.
Get SPIKE 2.7 at http://www.immunitysec.com/SPIKE2.7.tar.gz
Homepage: http://www.immunitysec.com/spike.html
Remotes in the package:
pptp kernel bug on Windows 2000 and XP (not originally found by SPIKE
but there is no other repro available)
Many fun IIS DoS's
Many fun MSRPC bugs
Now it is redirecting back to the /index.php on all attempts mentioned
previously , No more HTTP VARIABLE Error.
Regards
Muhammad Faisal Rauf Danka
Head of GemSEC / Chief Technology Officer
Gem Internet Services (Pvt) Ltd.
web: www.gem.net.pk
Key Id: 0x784B0202
Key Fingerprint: 6F8C
On Mon, 07 Oct 2002 21:38:51 +0200, you wrote:
Andrew Hodgson [EMAIL PROTECTED] writes:
The second is that anyone can create any url, and the user knows very
little about what they are clicking on.
And this differs in what way from the current state of affairs on the
rest of the net?
If the
I used ad-aware from www.ad-aware.com to remove all my spyware. The
CommonName bar required some reative registry hacking due to file locking.
Use ad-aware to help you locate the regkeys and then edit the reistry to
prevent CommonName to load into IE upon startup. When it isn't loaded it's
easy
Eric Stevens [EMAIL PROTECTED] wrote:
Due to a bug in the URL validation done in CommonName Toolbar (in at least
dll version 3.5.2.0 on IE 6), addresses from local intranets may be exposed
to the CommonName organization.
During my tests this also occurred on all TLDs not belonging to
a
In-Reply-To: [EMAIL PROTECTED]
Does not work for me:
boris@reston-0491:~/convert$ gv -v
gv 3.5.8 (debian)
boris@reston-0491:~/convert$ gv gv-exploit.pdf
Segmentation fault
boris@reston-0491:~/convert$ ls -al /tmp/itworked
ls: /tmp/itworked: No such file or directory
Sure, it works
17 matches
Mail list logo
