|
|
Colapse all |
Post message
Re: IE ms-its: and mk:@MSITStore: vulnerability 2004-03-30 Lise Moorveld (lise_moorveld hotmail com) clamd - NEVER use "%f" in your "VirusEvent" 2004-03-30 Rene (l0om excluded org) date: 30 March 2004 product: clam antivirus author: l0om - l0om[at]excluded.org - www.excluded.org ##################################################################### clam antivirus is a antivirus program (which works very well). it comes with a lot of features and its easy to handle. [ more ] [ reply ] Exensive cPanel Cross Site Scripting 2004-03-30 sullo cirt net Description: cPanel 9.1.0-R85 is vulnerable to Cross Site Scripting (XSS) in almost every field which is returned to the browser. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the [ more ] [ reply ] security enforcement - new monitor for winnt 2004-03-30 Liu Die Yu (liudieyuinchina yahoo com cn) (1 replies) i want to stop ie: writing EXE/CAB/LNK ... files, calling MSHTA.EXE to parse remote web pages, accessing files outside "favorites" and cache("content.ie5"). i want to stop WSCRIPT.EXE from parsing files inside TEMP and cache. i want to stop the system running executable files located in T [ more ] [ reply ] Re: security enforcement - new monitor for winnt 2004-03-30 Amir Mohammadkhani-Aminabadi (amir mohammadkhani einsurance de) RE: new internet explorer exploit (was new worm) 2004-03-29 Thor Larholm (thor pivx com) Drew Copley already mentioned how this is the CHM exploit that the Ibiza exploit relied on. K-OTiK posted about this in http://www.securityfocus.com/archive/1/354447 and we posted details of the Ibiza CHM exploit a few weeks before then on the Unpatched mailing list ( http://unpatched.pivxlabs.com [ more ] [ reply ] RE: new internet explorer exploit (was new worm) 2004-03-29 Drew Copley (dcopley eeye com) (1 replies) > -----Original Message----- > From: Jelmer [mailto:jkuperus (at) planet (dot) nl [email concealed]] > Sent: Monday, March 29, 2004 6:36 AM > To: full-disclosure (at) lists.netsys (dot) com [email concealed]; bugtraq (at) securityfocus (dot) com [email concealed] > Subject: new internet explorer exploit (was new worm) > > The code used by this worm to exploit it's users at least [ more ] [ reply ] Re: new internet explorer exploit (was new worm) 2004-03-29 Berend-Jan Wever (SkyLined edup tudelft nl) IE ms-its: and mk:@MSITStore: vulnerability 2004-03-28 roozbeh afrasiabi (roozbeh_afrasiabi yahoo com) [ GLSA 200403-09 ] Buffer overflow in Midnight Commander 2004-03-29 Kurt Lieber (klieber gentoo org) new internet explorer exploit (was new worm) 2004-03-29 Jelmer (jkuperus planet nl) (2 replies) The code used by this worm to exploit it's users at least partly is (i think) new , the vulnerability it abused has afaik not been published on eighter bugtraq or full-disclosure. possibly making it (one of?) the first worm to totally catch people offguard. It allows a mallicious person to take an [ more ] [ reply ] [ GLSA 200403-06 ] Multiple remote buffer overflow vulnerabilities in Courier 2004-03-29 Kurt Lieber (klieber gentoo org) [SECURITY] [DSA 469-1] New libpam-pgsql packages fix SQL injection 2004-03-29 joey infodrom org (Martin Schulze) [ GLSA 200403-07 ] Multiple remote overflows and vulnerabilities in Ethereal 2004-03-29 Kurt Lieber (klieber gentoo org) LNSA-#2004-0007: Multiple security problems in Ethereal 2004-03-29 Vincenzo Ciaglia (ciaglia netwosix org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ************************************************************************ ************ Netwosix Linux Security Advisory #2004-0007 <http://www.netwosix.org> - ------------------------------------------------------------------------ ----------- Package nam [ more ] [ reply ] vuln 2004-03-28 "ShelzZ" (shelzz mail ru) ############################# #0x29a team security advisory ############################# #Product: Fresh Guest book #Script: guest.cgi #Company: WebFresh #Vulnerability: XSS ############################# #Overview: HiGuest is a simple perl-guestbook, which include all standart guestbook functions. [ more ] [ reply ] FreeBSD Security Advisory FreeBSD-SA-04:06.ipv6 2004-03-29 FreeBSD Security Advisories (security-advisories freebsd org) WebCT Campus Edition 4.1 - Cross site scripting using CSS @import 2004-03-29 Simon Boulet (simon boulet divahost net) Name: WebCT Campus Edition 4.1 - Cross site scripting using CSS @import Release date: 2004/03/29 Application: WebCT Campus Edition 4.1 (4.1.1.5), possibly others Vendor URL: http://www.webct.com/ (WebCT Inc.) Author: Simon Boulet <simon.boulet (at) divahost (dot) net [email concealed]> Legal Notice: -------------------- This [ more ] [ reply ] A-CART Pro & A-CART 2.0 Input Validation Holes 2004-03-29 Manuel Lopez (mantra gulo org) #Title: A-CART Pro & A-CART 2.0 Input Validation Holes #Software: A-CART Pro & A-CART 2.0 #Vendor: http://www.alanward.net #Underlying OS: Windows. #Description: A-CART is an ASP shopping cart application written in VBScript. The system allows a customer to browse through an inventory of pro [ more ] [ reply ] [RHSA-2004:134-01] Updated squid package fixes security vulnerability 2004-03-29 bugzilla redhat com |
|
Privacy Statement |
Cool advisory about ms-its(its) and mk:@MSITStore:protocol handlers. I like
the amount of detail supplied. Though due to the detail, it is kinda hard to
get the essence of the advisory.
What, exactly, is new about this?
The PoC mentioned in section a) looks very similar to something Jelmer
[ more ] [ reply ]