Microsoft SQL Server Agent Jobs Vulnerabilities (#NISR15002002B)

NGSSoftware Insight Security Research Advisory Name: SQL Agent Jobs Systems: Microsoft SQL Server 2000 and 7 Severity: High Risk Category: Privilege Escalation Vendor URL: http://www.microsoft.com/ Author: David Litchfield ([EMAIL PROTECTED]) Advisory URL:

NTFS Hard Links Subvert Auditing (A081602-1)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 @stake Inc. www.atstake.com Security Advisory Advisory Name: NTFS Hard Links Subvert Auditing (A081602-1) Release Date: 08/16/2002 Application:

Apache 2.0.39 directory traversal and path disclosure bug

## Auriemma Luigi, PivX security advisory AL#001 Application: Apache WebServer (http://httpd.apache.org) Version: 2.0.39 and previous 2.0.x, ONLY on systems that supports backslash path delimiters

Re: Apache 2.0.39 directory traversal and path disclosure bug

At 12:01 PM 8/16/2002, Auriemma Luigi wrote: B) CAN-2002-0661 The problem is in the management of the bad chars that can be used to launch some attacks, such as the directory traversal. In fact the backslash char ('\' == %5c) is not checked as a bad char, so it can be used for

Re: PHP-Nuke v5.6 - Users can compromise admin accts.

IMHO this whole email is just stating the obvious. On top of that the proposed fix is flawed. The PHP strip_tags function does not strip attributes so this is possible in your proposed fix : a done=false STYLE=visibility : hidden; word-spacing : expression( !(eval(this.done)) ?

MODERATOR WAIT ! Re: SILLY BEHAVIOR : Internet Explorer 5.5 - 6.0

Jelmer [EMAIL PROTECTED] said: This allows for execution of arbitrary code see my winamp and ICQ exploits http://kuperus.xs4all.nl/winamp.htm www.xs4all.nl/~jkuperus/icq/icq.htm I posted a message explaining how it works (and proofing winamp 3 is vulnerable aswell) but the fine

Re: August 2002 Cumulative Update For Internet Explorer (Q323759) IE6 SP1

In message [EMAIL PROTECTED], Carl R Diliberto [EMAIL PROTECTED] writes Did anyone else see August 2002 Cumulative Update For Internet Explorer (Q323759) appear on the MS Website at http://www.microsoft.com/windows/ie/downloads/critical/default.asp and then disappear too? Nice one! Google saw

Re: IE [with Google Toolbar installed] crash

This didn't affect me, running Win2k pro SP3, IE 6.0 with google toolbar 1.1.60-big/en Chuck On Thursday, August 15, 2002 1:31 PM, Bill Fryberger [EMAIL PROTECTED] scribbled: snip You may test it by visiting the following page http://www.sztolnia.pl/hack/googIE/googIE.html It should crash

Re: IE SSL Vulnerability

In-Reply-To: [EMAIL PROTECTED] Given my background in cryptographic programming, it is difficult for me to imagine how the cause of this alleged vulnerability could be explained as programmer error or oversight. Yet I cannot fathom why MS would purposely skip such a basic step. I am

RE: IE [with Google Toolbar installed] crash

It also affects IE 6.0 (fully patched)/Google Toolbar 1.1.60-deleon/en Mark -Original Message- From: Bill Fryberger [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 15, 2002 6:32 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: IE [with Google Toolbar installed] crash snip

Re: Delete arbitrary files using Help and Support Center [MSRC 1198dg]

Shane Hird wrote: Temporary solutions may be; + delete/move the uplddrvinfo.htm file + edit the script of uplddrvinfo.htm to remove the offending code + unregister the hcp protocol handler FYI. If a user runs across an exploit of this, a window titled Help and Support Center will pop up

Re: PHP-Nuke v5.6 - Users can compromise admin accts.

Jelmer's accusation that my proposed fix is flawed is wrong. He demonstrates a code that uses the a tag, if you look at my solution: $message = strip_tags($message, 'brbui'); The a tag is not allowed. Only the tags brbui are allowed. I did talk to Jelmer and told him my solution successfully

Subtle insinuations may be more than idle threats I'm afraid.

[EMAIL PROTECTED] wrote: http://lists.netsys.com/pipermail/full-disclosure/2002-August/001073.html #old solaris bug die hard.something similar, but not quite. Have you audited your Solstice #products recently? lit_tty was nothing. M^ got lost again (

Re: PHP-Nuke v5.6 - Users can compromise admin accts.

On Thu, 2002-08-15 at 21:16, -delusion- wrote: Jelmer's accusation that my proposed fix is flawed is wrong. He demonstrates a code that uses the a tag, if you look at my solution: $message = strip_tags($message, 'brbui'); The a tag is not allowed. Only the tags brbui are allowed. I did

RE: PHP-Nuke v5.6 - Users can compromise admin accts.

I think his point is this: simply invoking strip_tags doesn't prevent scripts or other harmfuls from getting through on the tags that you do allow. The PHP manual, under the function for entry for strip_tags() even notes a warning: --- Warning This function does not modify any attributes on the

Repost: Buffer overflow in Microsoft DirectX Files Viewer xweb.ocx (2,0,16,15) ActiveX sample

Hi BugTraq reader, I would like to inform you about security issue in DirectX Files Viewer control was available on ActiveX gallery page http://activex.microsoft.com/activex site but fixed not so long time ago. = Overview: Risk: High