NGSSoftware Insight Security Research Advisory
Name: SQL Agent Jobs
Systems: Microsoft SQL Server 2000 and 7
Severity: High Risk
Category: Privilege Escalation
Vendor URL: http://www.microsoft.com/
Author: David Litchfield ([EMAIL PROTECTED])
Advisory URL:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
@stake Inc.
www.atstake.com
Security Advisory
Advisory Name: NTFS Hard Links Subvert Auditing (A081602-1)
Release Date: 08/16/2002
Application:
##
Auriemma Luigi, PivX security advisory AL#001
Application: Apache WebServer (http://httpd.apache.org)
Version: 2.0.39 and previous 2.0.x, ONLY on systems that supports
backslash path delimiters
At 12:01 PM 8/16/2002, Auriemma Luigi wrote:
B) CAN-2002-0661
The problem is in the management of the bad chars that can be used to
launch some attacks, such as the directory traversal. In fact the
backslash char ('\' == %5c) is not checked as a bad char, so it can be
used for
IMHO this whole email is just stating the obvious. On top of that the
proposed fix is flawed.
The PHP strip_tags function does not strip attributes so this is possible in
your proposed fix :
a done=false STYLE=visibility : hidden; word-spacing : expression(
!(eval(this.done)) ?
Jelmer [EMAIL PROTECTED] said:
This allows for execution of arbitrary code see my winamp and ICQ
exploits
http://kuperus.xs4all.nl/winamp.htm
www.xs4all.nl/~jkuperus/icq/icq.htm
I posted a message explaining how it works (and proofing winamp 3 is
vulnerable aswell) but the fine
In message [EMAIL PROTECTED], Carl R Diliberto
[EMAIL PROTECTED] writes
Did anyone else see August 2002 Cumulative Update For Internet Explorer
(Q323759) appear on the MS Website at
http://www.microsoft.com/windows/ie/downloads/critical/default.asp and then
disappear too?
Nice one!
Google saw
This didn't affect me, running Win2k pro SP3, IE 6.0 with google toolbar
1.1.60-big/en
Chuck
On Thursday, August 15, 2002 1:31 PM,
Bill Fryberger [EMAIL PROTECTED] scribbled:
snip
You may test it by visiting the following page
http://www.sztolnia.pl/hack/googIE/googIE.html
It should crash
In-Reply-To: [EMAIL PROTECTED]
Given my background in cryptographic programming,
it is difficult for me to imagine how the cause of this
alleged vulnerability could be explained as programmer
error or oversight. Yet I cannot fathom why MS would
purposely skip such a basic step.
I am
It also affects IE 6.0 (fully patched)/Google Toolbar 1.1.60-deleon/en
Mark
-Original Message-
From: Bill Fryberger [mailto:[EMAIL PROTECTED]]
Sent: Thursday, August 15, 2002 6:32 PM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Re: IE [with Google Toolbar installed] crash
snip
Shane Hird wrote:
Temporary solutions may be;
+ delete/move the uplddrvinfo.htm file
+ edit the script of uplddrvinfo.htm to remove the offending code
+ unregister the hcp protocol handler
FYI. If a user runs across an exploit of this, a window titled
Help and Support Center will pop up
Jelmer's accusation that my proposed fix is flawed is wrong. He demonstrates
a code that uses the a tag, if you look at my solution:
$message = strip_tags($message, 'brbui');
The a tag is not allowed. Only the tags brbui are allowed. I did
talk to Jelmer and told him my solution successfully
[EMAIL PROTECTED] wrote:
http://lists.netsys.com/pipermail/full-disclosure/2002-August/001073.html
#old solaris bug die hard.something similar, but not quite. Have you audited
your Solstice
#products recently? lit_tty was nothing.
M^ got lost again
(
On Thu, 2002-08-15 at 21:16, -delusion- wrote:
Jelmer's accusation that my proposed fix is flawed is wrong. He demonstrates
a code that uses the a tag, if you look at my solution:
$message = strip_tags($message, 'brbui');
The a tag is not allowed. Only the tags brbui are allowed. I did
I think his point is this: simply invoking strip_tags doesn't prevent
scripts or other harmfuls from getting through on the tags that you do
allow.
The PHP manual, under the function for entry for strip_tags() even notes a
warning:
---
Warning
This function does not modify any attributes on the
Hi BugTraq reader,
I would like to inform you about security issue in
DirectX Files Viewer control was available
on ActiveX gallery page
http://activex.microsoft.com/activex
site but fixed not so long time ago.
=
Overview:
Risk: High
16 matches
Mail list logo