Re: [Full-disclosure] Firefox onUnload + document.write() memory corruption vulnerability (MSIE7 null ptr)

On 2/25/07, Daniel Veditz [EMAIL PROTECTED] wrote: Michal Zalewski wrote: A quick test case that crashes while trying to follow partly user-dependent corrupted pointers near valid memory regions (can be forced to write, too): http://lcamtuf.coredump.cx/ietrap/testme.html Firefox problem

Re: [Full-disclosure] Firefox: serious cookie stealing / same-domain bypass vulnerability

On 2/15/07, Michal Zalewski [EMAIL PROTECTED] wrote: Actually, there are several odd problems related to location updates and location.hostname specifically, including one scenario that apparently makes the script run with document.location in about: namespace. I did not research them any

Re: SAP Security Contact

In all fairness here, many companies have canned responses to [EMAIL PROTECTED] and may never actually respond to a sender even if action is being taken. Looking for an actual person to assure something has been recognized as a vulnerability and will be patched is not unreasonable. -sb On

Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotaged hosts-file lookup

On 4/13/06, Brandon S. Allbery KF8NH [EMAIL PROTECTED] wrote: On Apr 13, 2006, at 1:29 , Dave Korn wrote: Hey, guess what I just found out: Microsoft have deliberately sabotaged their DNS client's hosts table lookup functionality. I thought this was part of avoiding malware attempts

Re: HR Block contact

On 2/22/06, Rory A. Savage [EMAIL PROTECTED] wrote: What exactly does this have to do with bugtraq? I mean, I know there He's looking for a security contact for the people who make the HR Block tax software...hence its related. are bugs in the tax system... LOL, but some detail would be

Re: Folder Guard password protection bypass

On 13 Feb 2006 07:28:00 -, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: tested on Folder Guard v4.11 bypassing the Folder Guard password is done by renaming(or moving) the password file. the file is FGuard.FGP, after we rename it the Folder Guard will run and wont ask for a password So

Re: AOL Instant Messenger Version 5.9.3861 Local Buffer Overrun Vulnerability

On the other hand I can't seem to reproduce the below-mentioned bug either on win2k up2date with AIM 5.9.3861. -sb On 3 Feb 2006 02:28:56 -, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: As I submitted to full disclosure: I have discovered that there is a buffer overrun vulnerability in

Re: AOL Instant Messenger Version 5.9.3861 Local Buffer Overrun Vulnerability

So this isn't actually remotely exploitable at all since its within a dialog box that a local user must manually fill in? Best Regards, sb On 3 Feb 2006 02:28:56 -, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: As I submitted to full disclosure: I have discovered that there is a buffer

Re: Digital Armaments Security Advisory 01.16.2006: CMU SNMP utilities snmptrad Format String Vulnerability

On 1/20/06, Florian Weimer [EMAIL PROTECTED] wrote: III. Detection This problem has been detected and tested on latest versions: snmptrapd from cmu-snmp-linux-3.7 package snmptrapd from cmu-snmp-linux-3.6 package This seems to be the following code: int snmp_input(op, session, reqid,

Re: Directory traversal in phpXplorer

Bubrouski On 1/16/06, Stan Bubrouski [EMAIL PROTECTED] wrote: Seeing as phpXplorer allows the upload and editing of live PHP files anyways it seems to me this exploit is completely useless. You can use the script as intended to cat the password file if you want. Right? -sb On 1/16/06, Oriol

Re: Directory traversal in phpXplorer

Seeing as phpXplorer allows the upload and editing of live PHP files anyways it seems to me this exploit is completely useless. You can use the script as intended to cat the password file if you want. Right? -sb On 1/16/06, Oriol Torrent [EMAIL PROTECTED] wrote:

Advisory: XSS in WebCal (v1.11-v3.04)

Author: Stan Bubrouski Date: December 16, 2005 Package: WebCal (by Michael Arndt; http://bulldog.tzo.org/webcal/webcal.html) Versions Affected: 1.11-3.04 (unknown 1.11) Severity: XSS allowing cookie theft, etc.. Description: This particular WebCal (there are in fact over a dozen separate webcal

Advisory: DoS in WebEasyMail +more possible?

Author: Stan Bubrouski Date: August 19, 2002 Product: WebEasyMail Versions Affected: 3.4.2.2 (Latest) + previous Severity: Denial of Service on SMTP and POP3 portions of the software. It has not been investigated but there might be a possibility of exploitation to execute code remotely

Advisory: Bonsai XSS and Physical Path Revealing Vulnerabilities

Author: Stan Bubrouski Date: 19 August 2002 Product: Bonsai Versions Affected: All(Current and CVS all vulnerable) Severity: Cross Site Scripting is possible in several places due to a lack of stripping of tags from input. Some error messages also contain CSS and reveal the physical path

Re: It takes two to tango

in the near future. I lost faith in my government long ago. -Stan Bubrouski (Soon to be ) Middler Computer Science Major at Northeastern University, Boston, MA Chris Paget wrote: snip Ferson also said that HP reserves the right to sue SnoSoft and its members for monies and damages

Re: ICQ and MSIE allow execution of arbitrary code

) this is working on 2000a as well. Jelmer's workaround of changing the SCM extension in folder options does appear to do the job, although I recommend unmapping the extension alltogether... or turning off scripting entirely as this is VERY easy to exploit and extremely serious... -Stan Bubrouski

Advisory: Chili!Soft ASP Multiple Vulnerabilities

Author: Stan Bubrouski ([EMAIL PROTECTED]) Date: February 20, 2001 Package: Chili!Soft ASP Versions affected: 3.5.2 and possibly previous versions. Severity: (1) A remote user could potentially view sensative information and take remote control of the server. (2