Roughly 100 days after the Binary Planting (a.k.a. DLL hijacking, DLL
preloading,
Insecure Library Loading) vulnerability has been (re)discovered in hundreds of
Windows applications (and likely undiscovered in thousands more), we've taken a
unique opportunity to compare software vendors' fixing
PoC:
body onload=location='';alert('DoS');
By: Pouya Daneshmand
Advisory:
http://securitylab.ir/Advisories/Firefox%203.6.12%20Denial%20of%20Service%20Vulnerability.txt
New eVuln Advisory:
Multiple XSS in MCG GuestBook
Summary: http://evuln.com/vulns/144/summary.html
Details: http://evuln.com/vulns/144/description.html
---Summary---
eVuln ID: EV0144
Software: MCG GuestBook
Vendor: Mrcgiguy
Version: 1.0
Critical Level: low
Type: Cross
New eVuln Advisory:
email XSS in SimpLISTic
Summary: http://evuln.com/vulns/145/summary.html
Details: http://evuln.com/vulns/145/description.html
---Summary---
eVuln ID: EV0145
Software: SimpLISTic
Vendor: Mrcgiguy
Version: 2.0
Critical Level: low
Type: Cross Site
body onload=location='';alert('DoS');
Welcome to the world of browsers. You could just as easily do
while(1) alert(1). See:
http://code.google.com/p/browsersec/wiki/Part2#Defenses_against_disruptive_scripts
/mz