There is an interesting vulnerability in the default behavior of Firefox
builtin popup blocker. This vulnerability, coupled with an additional
trick, allows the attacker to read arbitrary user-accessible files on the
system, and thus steal some fairly sensitive information.
This was tested on
On Mon, 5 Feb 2007, pdp (architect) wrote:
You may as well use a QuickTime .mov/.qtl or a PDF document to open a
file:// link . I think it is easier.
Sure. You can probably have a file:// link in Open Office / MS Office
documents as well; but these all rely on external components, and as such,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
The 2005 text does briefly mention Accessing content / web-scanning
(take a look at Notes 1-3).
So the problem is much older.
Well, that's Micro$loth for ya.
Amit Klein wrote:
Michal Zalewski wrote:
On Sat, 3 Feb 2007, Michal Zalewski wrote:
Blue Coat Systems WinProxy CONNECT Method Heap Overflow Vulnerability
iDefense Security Advisory 02.02.07
http://labs.idefense.com/intelligence/vulnerabilities/
Feb 02, 2007
I. BACKGROUND
BlueCoat WinProxy is an Internet sharing proxy server designed for small to
medium businesses. In addition
===
Ubuntu Security Notice USN-417-1 February 05, 2007
postgresql-7.4/-8.0/-8.1 vulnerabilities
CVE-2007-0555, CVE-2007-0556
===
A security issue affects the following Ubuntu
On Monday 05 February 2007 01:20, Q-Ball wrote:
Key-based logon is a bad idea in general because afaik, it's not
possible to implement any type of password policy on those keys.
$ ssh-keygen -h 21 | grep pass
-N phrase Provide new passphrase.
-P phrase Provide old passphrase.
-p
List,
I'm doing a pentest on a website that uses informix web datablade and
found a sql injection point. I have been able to use the webexplode() stored
procedure to execute any SQL commands, and also operating system commands
using SYSTEM. The problem I have is that SYSTEM doesnt return the
On 2/5/07, Joshua Tagnore [EMAIL PROTECTED] wrote:
List,
I'm doing a pentest on a website that uses informix web datablade and
found a sql injection point. I have been able to use the webexplode() stored
procedure to execute any SQL commands, and also operating system commands
using
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2007:034
http://www.mandriva.com/security/
Do you think it will be patched??
On 2/5/07, Michal Zalewski [EMAIL PROTECTED] wrote:
On Mon, 5 Feb 2007, pdp (architect) wrote:
You may as well use a QuickTime .mov/.qtl or a PDF document to open a
file:// link . I think it is easier.
Sure. You can probably have a file:// link in Open
===
Ubuntu Security Notice USN-418-1 February 05, 2007
bind9 vulnerabilities
CVE-2007-0493, CVE-2007-0494
===
A security issue affects the following Ubuntu releases:
Ubuntu
Thats what i was looking for not if you were going to patch it! If they
were!
On 2/5/07, Ben Bucksch [EMAIL PROTECTED] wrote:
No, we never patch bugs. Where would this lead us? Only commies taking
over!
Tracked in bug 369390.
James Matthews wrote:
Do you think it will be patched??
On
Project to find exploits for every MS Security Bulletin gets wiki’ed
Last September (part 1) http://ElseNot.com contributed it’s collocation and
goal (try to find an exploit for every MS Security Bulletin ever released).
Activity stopped when Microsoft published 473 bulletins and 163 Exploits
13 matches
Mail list logo
