Title: Multiple Vulnerabilities in PHPX

By: Manuel López ( manegts (at) hotmail (dot) com [email concealed] ) FROM #IST libres.irc-hispano.org,
#IST Efnet.

Url: http://www.phpx.org

Description:
PHPX is a web portal system, blog, Content Management System (CMS),
forums, and more. PHPX is designed to allow everyone to be able

[ more ]  [ reply ]

Here's a summary of the responses I've received.

1) RFC2616 does not define the user:password@host scheme specifically
for HTTP URL's. Though its use has been supported in most if not all
popular browsers until now.
2) Other RFC's do define this scheme in general with the caveat that
using this syn

[ more ]  [ reply ]

Web Crossing 4.x/5.x Denial of Service Vulnerability

###################################################

Credit:
Author : Peter Winter-Smith

Software:
Package : Web Crossing
Versions : 4.x/5.x
Vendor : WebCrossing, Inc.
Vendor Url : http://www.webcrossing.com/

Vulnerability:
Bug Typ

[ more ]  [ reply ]

At 22:54 28/01/2004, McAllister, Andrew wrote:
>I just read that Microsoft will stop allowing IDs and passwords to be
>embedded in URLs used by Internet Explorer. So you will no longer be
>able to use a URL like https://user:password (at) www.somehost (dot) com [email concealed]/
>
>See http://support.microsoft.com/default.aspx

[ more ]  [ reply ]

As a followup to http://www.securityfocus.com/bid/9393/, where we
pointed out vulnerabilities of some antivirus-gateways while
decompressing bzip2-bombs, we were interested in the behaviour of
various applications that process compressed data.

It looks as if not only bzip2 bombs, but also decomp

[ more ]  [ reply ]

This has already been implemented in the out-of-schedule IE patch they
released yesterday, MS04-040. This is also the first time they broke their
promised monthly patch schedule, so far they have released patches in the
second week of the month.

http://www.microsoft.com/technet/security/bulletin/MS

[ more ]  [ reply ]

> -----Original Message-----
> From: Daniele Orlandi [mailto:daniele (at) orlandi (dot) com [email concealed]]

> I use amavisd-new which has support for listing viruses/worms
> that fake
> the sender's email address. Unfortunatelly the list is external to the
> actual virus scanner and has to be updated manually.

Given tha

[ more ]  [ reply ]

- Sandblad advisory #12 -

/--------------------------------------------------------------/
Title: Inject javascript url in history list (revisited)
Date: 2004-02-03
Software: Internet Explorer
Vendor: http://www.microsoft.com/
Status: Patched by MS04-004
Type

[ more ]  [ reply ]

[My apologies if you receive multiple copies of this message]

############################################
# #
# DIMVA SUBMISSION DEADLINE EXTENDED #
# #

[ more ]  [ reply ]

#######################################################################

Luigi Auriemma

Application: Chaser
http://www.chasergame.com
Versions: <= 1.50
Platforms: Windows
Bug: crash (reading of unallocated memory)
Risk: high
Explo

[ more ]  [ reply ]

Informations :

°°°°°°°°°°°°°°

Website : http://www.phpscripts-fr.net

Version : all

Problem : Include file

PHP Code/Location :

°°°°°°°°°°°°°°°°°°°

config/fonctions.lib.php

derniers_commentaires.php

admin.php

------------------------------------------------------------------

[ more ]  [ reply ]

Vinny Abello [mailto:vinny (at) tellurian (dot) com [email concealed]] wrote...
> Interestingly, I've already found that this patch doesn't fix
> this problem when using IE as an object in VB6.

From the KB article:
http://support.microsoft.com/default.aspx?scid=kb;en-us;834489
"After you install the 832894 security update, you

[ more ]  [ reply ]