|
|
Colapse all |
Post message
RE: Internet Explorer URL parsing vulnerability 2003-12-09 http-equiv (at) excite (dot) com [email concealed] (1 malware com) The following works on Outlook Express 6 latest everything. Running on XP. http://cert.uni-stuttgart.de/archive/bugtraq/2003/07/msg00249.html 09% pushes malware.com out of sight in the task bar, and %01 leaves microsoft.com intact in the address bar: <A href="http://www.microsoft.com%01%09%0 [ more ] [ reply ] SGI Advanced Linux Environment security update #6 2003-12-10 SGI Security Coordinator (agent99 sgi com) RE: Internet Explorer URL parsing vulnerability 2003-12-09 http-equiv (at) excite (dot) com [email concealed] (1 malware com) Here's a fully functional self-explanatory demo: http://www.malware.com/hole-e-day.zip functional from these quarters on fully patched IE6 / OE6 No doubt many will receive nice holiday greetings soon enough END CALL The following works on Outlook Express 6 latest everything. Running on XP. [ more ] [ reply ] Visitorbook LE Multiple Vulnerabilities 2003-12-10 Paul Johnston (paul westpoint ltd uk) Westpoint Security Advisory Title: VisitorBook LE Mail Relay and Cross Site Scripting Risk Rating: Moderate Software: FreeScripts VisitorBook LE Platforms: Most Unix Vendor URL: http://www.freescripts.com/ Author: Paul Johnston <paul (at) westpoint.ltd (dot) uk [email concealed]> Date: 10th Decem [ more ] [ reply ] Multiple Vulnerabilities Sybase Anywhere 9 2003-12-10 Next Generation Insight Security Research (NGS Software) (mark ngssoftware com) NGSSoftware Insight Security Research Advisory Name: Multiple Vulnerabilities in Adaptive Server Anywhere Network Server Version 9.0.0 Systems Affected: SQL Anywhere 9 Windows 2000 / XP (Have not been verified on UNIX) Severity: Critical Vendor URL: http://www.sybase.com Authors: Sherief Hammad [ more ] [ reply ] Cisco Security Advisory: Unity Vulnerabilities on IBM-based Servers 2003-12-10 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Unity Vulnerabilities on IBM-based Servers Revision Numeral 1.0 For Public Release 2003 December 10 17:00 UTC (GMT) ======================================================================== Contents ======== Summary Affe [ more ] [ reply ] Cisco Security Advisory: Vulnerability in Authentication Library for ACNS 2003-12-10 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Vulnerability in Authentication Library for ACNS Revision 1.0 For Public Release 2003 December 10 16:00 UTC (GMT) - ------------------------------------------------------------------------ -- Summary ======= By entering an o [ more ] [ reply ] Dell BIOS DoS 2003-12-09 Ross Draper (Ross Draper musicradio com) (2 replies) I agree with your points Jon, but lets be fair here, BIOS passwords do have a use - especially on laptops. Although nobody in there right mind would rely on them as the sole protection for a machine, they are certainly worthwhile both as a deterrant to the casual snooper and as a delaying tactic to [ more ] [ reply ] Re: Internet Explorer URL parsing vulnerability 2003-12-09 Eric \MightyE\ Stevens (trash mightye org) IE 6.0.2800.1106.xpsp2.030422-1633 with all the latest updates (SP1; Q822925; Q330994; Q828750; Q824145) is vulnerable. Works like a charm. -Eric "MightyE" Stevens http://lotgd.net soulshok (at) hippie (dot) dk [email concealed] wrote: >In-Reply-To: <20031209144416.31613.qmail (at) sf-www2-symnsj.securityfocus (dot) com [email concealed]> > > > >># [ more ] [ reply ] Internet Explorer URL parsing vulnerability 2003-12-09 John W. Noerenberg II (jwn2 qualcomm com) (1 replies) This exploit also applies to the Macintosh version of Explorer v5.2.3(5815.1) >From: <bugtraq (at) zapthedingbat (dot) com [email concealed]> >To: bugtraq (at) securityfocus (dot) com [email concealed] >Subject: Internet Explorer URL parsing vulnerability > > > >Internet Explorer URL parsing vulnerability >Vendor Notified 09 December, 2003 > ># Vulnerabil [ more ] [ reply ] RE: Dell BIOS DoS 2003-12-09 David Brodbeck (DavidB mail interclean com) (3 replies) > -----Original Message----- > From: jon schatz [mailto:jon (at) divisionbyzero (dot) com [email concealed]] > seriously, bios passwords are worthless. there are numerous > ways to get > around them. most motherboards have a jumper that you can set > to reset > your cmos / bios (probably misusing one of those terms) to [ more ] [ reply ] Re: Internet Explorer URL parsing vulnerability 2003-12-09 soulshok hippie dk In-Reply-To: <20031209144416.31613.qmail (at) sf-www2-symnsj.securityfocus (dot) com [email concealed]> ># Exploit ########## >By opening a window using the http://user@domain nomenclature an attacker can hide the real location of the page by including a 0x01 character after the "@" character. >Internet Explorer doesn't disp [ more ] [ reply ] [CLA-2003:798] Conectiva Security Announcement - gnupg 2003-12-09 Conectiva Updates (secure conectiva com br) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ -- CONECTIVA LINUX SECURITY ANNOUNCEMENT - ------------------------------------------------------------------------ -- PACKAGE : gnupg SUMMARY : GnuPG's ElGamal signing keys [ more ] [ reply ] |
|
Privacy Statement |
point. After a recent power outage I noticed that the unit reset its
password to the default of '1234'. Obviously this makes it possible for
someone to reconfigured it meet their needs... a significant security risk.
After f
[ more ] [ reply ]