SecurityFocus

Re: MSOE Javascript Execution Vulnerability 2004-07-13
Monu (monu rootshell be)

Hello,

Couldn't reproduce this on MSOE v6.0.2800.1123. Win2k SP4.

I get an "opener is null or not an object" javascript error when I
load the link from MSOE.

gr,
David

Paul wrote:
>
> Note: This vulnerability as well as several more can be found at http://www.greyhats.cjb.net
>
> Outlook Expr

[ more ] [ reply ]

utilman.exe exploit 2004-07-17
Iván Rodriguez Almuiña (kralor coromputer net)

Local elevation of priviliges exploit for win2k Utility Manager
based on Cesar Cerrudo code, gets system language and sets windows names
to work on any win2k, feature added by kralor.

--
Iván Rodriguez Almuiña
aka kralor
kralor<at>coromputer.net
http://www.coromputer.net

[ more ] [ reply ]

Re: Moodle XSS Vulnerability 2004-07-17
Martin Dougiamas (martin moodle com)

In-Reply-To: <20040713155408.18582.qmail (at) www.securityfocus (dot) com [email concealed]>

>Martin Dougiamas the lead developer of Moodle fixed the bug in CVS Stable and Development but there is not any new release yet.

There is a new release (Moodle 1.3.3) and a patch file to fix this little problem.

[ more ] [ reply ]

Web_Store.cgi allows Command Execution 2004-07-17
Zero_X www.lobnan.de Team (zero-x linuxmail org)

Web_Store.cgi allows Command Execution:

This application was written by Selena Sol and Gunther Birznieks.

You can execute shellcommands:

http://www.victim.com/cgi-bin/web_store.cgi?page=.html|cat /etc/passwd|

Zero X, member of www.Lobnan.de and www.Lostkey.org

[ more ] [ reply ]

Medal of Honor remote buffer-overflow 2004-07-17
Luigi Auriemma (aluigi autistici org)

#######################################################################

Luigi Auriemma

Application: Medal of Honor
http://mohaa.ea.com
Versions: Allied Assault <= 1.11v9
Breakthrough <= 2.40b
Spearhead <= 2.15
Plat

[ more ] [ reply ]

MSIE Overly Trusted Location Variant Method Cache Vulnerability 2004-07-17
Paul (paul greyhats cjb net)

This vulnerability as well as many more can be found at http://www.greyhats.cjb.net

Overly Trusted Location Variant Method Cache Vulnerability

[Tested]

IEXPLORE.EXE file version 6.0.2800.1106

MSHTML.DLL file version 6.00.2800.1400

Microsoft Windows XP sp1

[Discussion]

Apparently, Inte

[ more ] [ reply ]

[FMADV] Format String Bug in OllyDbg 1.10 2004-07-17
ned (nd felinemenace org)

* [FMADV] - OllyDbg Format String Bug

* Introduction:
There exists a format string bug in the code that handles Debugger
Messages in OllyDbg. This means any traced application can crash OllyDbg
and execute machine code.

* About (From the Webpage):
OllyDbg is a 32-bit assembler level analysing d

[ more ] [ reply ]

[CLA-2004:848] Conectiva Security Announcement - webmin 2004-07-16
Conectiva Updates (secure conectiva com br)

[CLA-2004:847] Conectiva Security Announcement - php4 2004-07-16
Conectiva Updates (secure conectiva com br)

Hotmail Cross Site Scripting Vulnerability 2004-07-15
Paul (paul greyhats cjb net) (1 replies)

Note: This vulnerability as well as several more can be found at http://greyhats.cjb.net

Hotmail Cross Site Scripting Vulnerability

[Tested]

IEXPLORE.EXE file version 6.0.2800.1106

MSHTML.DLL file version 6.00.2800.1400

Hotmail Version [who knows]

[Discussion]

I think it's been a wh

[ more ] [ reply ]

Re: Hotmail Cross Site Scripting Vulnerability 2004-07-17
GreyMagic Security (security greymagic com)

RE: MSIE Download Window Filename + Filetype Spoofing Vulnerability 2004-07-12
Eric McCarty (eric lawmpd com)

The examples do not work on XP Sp2 version of IE. (6.0.2900.2149).

E.

-----Original Message-----
From: Drew Copley [mailto:dcopley (at) eEye (dot) com [email concealed]]
Sent: Monday, July 12, 2004 11:21 AM
To: Paul; bugtraq (at) securityfocus (dot) com [email concealed]
Subject: RE: MSIE Download Window Filename + Filetype Spoofing
Vulnerability

This

[ more ] [ reply ]

[tool] webstretch 0.1.6 http inspection proxy 2004-07-12
Simon Shanks (javawebexam hotmail com)

Project page & download site...

http://sourceforge.net/projects/webstretch

Enables a user to view & alter all aspects of http comunication with a

web site via a personal web proxy. Primarily used for security based penetration testing of web sites, it can also be used for debugging during

[ more ] [ reply ]

[OpenPKG-SA-2004.032] OpenPKG Security Advisory (apache) 2004-07-16
OpenPKG (openpkg openpkg org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

________________________________________________________________________

OpenPKG Security Advisory The OpenPKG Project
http://www.openpkg.org/security.html http://www.openpkg.org
openpkg-security (at) openpkg (dot) org [email concealed]

[ more ] [ reply ]

Re: Can we prevent IE exploits a priori? 2004-07-12
bugtraq223344 mailinator com

> So I wanted to know, has anyone tried these programs successfully?

> Can anyone validate their claims?

> Better yet, does anyone have a link to a "how to" doc, that tells smart

> geeks how to make the registry changes ourselves, so we don't have to rely

> on some program to do it for us?

[ more ] [ reply ]

[ GLSA 200407-12 ] Linux Kernel: Remote DoS vulnerability with IPTables TCP Handling 2004-07-14
Tim Yamin (plasmaroo gentoo org)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200407-12
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -

[ more ] [ reply ]

Re: Re: HijackClick 3 2004-07-13
Paul (paul greyhats cjb net)

In-Reply-To: <200407121905.i6CJ5Z4Q006082 (at) web115.megawebservers (dot) com [email concealed]>

>From: "http-equiv (at) excite (dot) com [email concealed]" <1 (at) malware (dot) com [email concealed]>

>

>Someone was querying the other day whether shell in Internet

>Explorer poses a problem [despite repeated demonstrations].

>Pah ! Probably not.

>

>Quick and Dirty Working De

[ more ] [ reply ]

RE: RE: HijackClick 3 2004-07-15
Thor Larholm (tlarholm pivx com)

> -----Original Message-----
> From: http-equiv (at) excite (dot) com [email concealed] [mailto:1 (at) malware (dot) com [email concealed]]

The codeBase attribute has allowed command execution from the My
Computer zone without interruption since this misfeature was discovered
by Dildog. It was not automatically re-enabled with yesterdays patches
so there

[ more ] [ reply ]

Re: PHP BB bug 2004-07-15
micheal (at) michealcottingham (dot) com [email concealed] (micheal michealcottingham com)

Actually, I found that it doesn't matter if an SQL query is there or not.

Example:

http://www.example.com/viewtopic.php?t=12345&highlight=bug,%20*

Something like:

http://www.example.com/viewtopic.php?t=12345&highlight=bug,*

does not work however. There doesn't _appear_ to be any exploit here,
t

[ more ] [ reply ]

[waraxe-2004-SA#035 - Multiple security holes in PhpNuke - part 2] 2004-07-16
Janek Vind (come2waraxe yahoo com)

{=======================================================================
=========}

{ [waraxe-2004-SA#035] }

{=======================================================================
=========}

{

[ more ] [ reply ]

RE: MSIE Similar Method Name Redirection Cross Site/Zone Scripting Vulnerability 2004-07-15
Thor Larholm (tlarholm pivx com)

Nice find :)

The problem does not rely on similarly named methods, rather it relies
on the trust access checks that IE performs on function calls in
disparate windows.

When you try to alert each of the assign methods in your example their
core toString methods are called which return a static str

[ more ] [ reply ]

RE: [Full-Disclosure] Re: IE Shell URI Download and Execute, POC 2004-07-14
Todd Towles (toddtowles brookshires com)

Once again, they are trying to patch the attack vector used instead of the
core IE problem itself (which is directly related to it being tied into the
OS level). I was once very pro-microsoft SMS Admin for my company but it is
getting out of hand.

If you patch a hole, instead of a vector, then L33

[ more ] [ reply ]