]*/../A*/../A*/../A*/../A*/../A*/../A*/../A*/\r\n
GL At least on win2k3. Therefore, the workarounds for kb975191 on
GL microsoft.com are wrong.
GL Guido Landi
GL Vladimir '3APA3A' Dubrovin wrote:
Dear Thierry Zoller,
I think yes, MKDIR is required. It should be variation of
S99-003/MS02-018. fuzzer should
Dear Thierry Zoller,
I think yes, MKDIR is required. It should be variation of
S99-003/MS02-018. fuzzer should be very smart to create directory and
user both oversized buffer and ../ in NLST - it makes path longer than
MAX_PATH with existing directory.
--Monday, August 31,
Thierry,
I think inability of antivirus / intrusion detection to catch something
that is not malware/intrusion or malware in the form unused in-the-wild
is not vulnerability. Antivirus (generally) gives no preventive
protection. They can add signatures for your PoCs to their
Dear Shaked Vax,
Are you sure Radware Team have analysed reflected attack via user's
browser (AppWall administrator visits malcrafted page, page redirects
his request to AppWall) before excluding remote vector?
--Thursday, July 2, 2009, 3:23:16 PM, you wrote to
Dear Tom Neaves,
It still can be exploited from Internet even if remote management is
only accessible from local network. If you can trick user to visit Web
page, you can place a form on this page which targets to router and
request to router is issued from victim's browser.
--Tuesday,
would also rely on the router being setup with all of the default internal
s LAN ip's.
s sr.
s 2009/6/16 Vladimir '3APA3A' Dubrovin 3ap...@security.nnov.ru
Dear Tom Neaves,
It still can be exploited from Internet even if remote management is
only accessible from local network. If you
Dear Jim Parkhurst,
It may depend on video card and video drivers and/or amount of
memory/video memory. 9 years ago there was vulnerability in Internet
explorer with displaying scaled image:
http://securityvulns.com/advisories/ie5freeze.asp
Dear Stefan Kanthak,
As far as I can see, Internet Explorer actually uses flash10b.ocx.
Adobe
Flash Player 10.0 r22
--Monday, April 20, 2009, 8:17:24 PM, you wrote to bugt...@securityfocus.com:
SK Windows Update (as well as Microsoft Update and the Automatic Update)
SK installs an outdated (and
Dear iDefense Labs,
--Thursday, October 30, 2008, 11:24:35 PM, you wrote to [EMAIL PROTECTED]:
iL VII. CVE INFORMATION
iL The Common Vulnerabilities and Exposures (CVE) project has assigned the
iL name CVE-2008-6432 to this issue. This is a candidate for inclusion in
iL the CVE list