|
|
Prev week |
Colapse all |
Post message
Re: Webmails + Internet Explorer can create unwanted javascript execution 2003-10-03 Jason Munro (jason stdbev com) On October 2, 4:39 pm Jedi/Sector One <j (at) pureftpd (dot) org [email concealed]> wrote: FWIW, Hastymail, (a lesser known webmail IMAP client written in PHP i'm working on) does filter out this nastyness. HTML before: > <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" > "http://www.w3.org/TR/xhtml11/DTD/xht [ more ] [ reply ] Re: Process Killing - Playing with PostThreadMessage 2003-10-03 Maxime Ducharme (maxime pandore-design com) AFAIK, PostThreadMessage only works on local machine. pskill will also ask for a password, Brett's code will bypass security checks (tested on my win2k sp4 systems). Correct me too if I'm wrong :-) Ciao --------------------------------------------------------------- Maxime Ducharme Administ [ more ] [ reply ] RE: Process Killing - Playing with PostThreadMessage 2003-10-03 Vitor Ventura (vventura sia pt) I've done a test with softice to check if the pskill of sysinternals sends any WM_QUIT to the process that you want to kill, the breakpoint didn't break so I guess these are two diferent things, with the same objective. -----Original Message----- From: Thor Larholm [mailto:thor (at) pivx (dot) com [email concealed]] Sent: qui [ more ] [ reply ] New IE crash: CSS + HTML 2003-10-03 arachnid__notdot_net meta net nz While designing a page today, I stumbled across a combination of HTML and CSS that causes IE (6.0.2600.0000 on 2k v5.00.2195 and 6.0.3790 on 2k3 server v5.2.3790 are the only versions tested so far) to crash with a GPF. After a little work, I distilled the required code down to this: -------------- [ more ] [ reply ] OpenServer 5.0.7 : OpenSSH: multiple buffer handling problems 2003-10-02 security sco com To: announce (at) lists.sco (dot) com [email concealed] bugtraq (at) securityfocus (dot) com [email concealed] full-disclosure (at) lists.netsys (dot) com [email concealed] -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ________________________________________________________________________ ______ SCO Security Advisory Subject: OpenServer 5.0.7 : OpenSSH: multiple buffer handl [ more ] [ reply ] PINE-CERT-20030901: Integer Overflow in FreeBSD Kernel [fhold] 2003-10-02 Joost Pol (joost pine nl) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ ------- Pine Digital Security Advisory - ------------------------------------------------------------------------ ------- Advisory ID : PINE-CERT-20030901 Authors : [ more ] [ reply ] [ESA-20031003-028] Potential OpenSSL DoS. 2003-10-03 EnGarde Secure Linux (security guardiandigital com) Free OverflowGuard Personal Edition Released 2003-10-02 Paul Webster (ptwebster datasecuritysoftware com) A free personal edition of OverflowGuard has been released. This program protects Internet Explorer and all Active-X controls it uses from stack buffer overflow exploits. The protection is provided by making the stack non-executable. You can download this free tool from http://www.datasecuritysof [ more ] [ reply ] EartStation 5 P2P application contains malicious code 2003-10-03 random nut (randnut yahoo com) EartStation 5 P2P application contains malicious code ----------------------------------------------------- ES5 info -------- EarthStation 5 (aka ES5, aka ESV) (http://www.earthstation5.com and http://forums2.es5.com/) is a P2P application first released about 6-12 months ago. The people behind ES [ more ] [ reply ] FreeBSD Security Advisory FreeBSD-SA-03:16.filedesc 2003-10-02 FreeBSD Security Advisories (security-advisories freebsd org) UnixWare 7.1.3 Open UNIX 8.0.0 UnixWare 7.1.1 : OpenSSL Multiple Vulnerabilities 2003-10-02 security sco com To: announce (at) lists.sco (dot) com [email concealed] bugtraq (at) securityfocus (dot) com [email concealed] full-disclosure (at) lists.netsys (dot) com [email concealed] -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ________________________________________________________________________ ______ SCO Security Advisory Subject: UnixWare 7.1.3 Open UNIX 8.0.0 UnixWare 7.1.1 : [ more ] [ reply ] Is it safe yet? 2003-10-02 HCTITS Security Division (security humancentrictech com) Hello Bugtraq members. I've been watching with keen interest the recent developments concerning SSL vulnerabilities, most notably involving remote compromises in SSH. When the first note came through about the remote SSH vulnerabilities, I quickly plugged up port 22 in my company's firewall. Unf [ more ] [ reply ] Dictionary attack against Cisco's LEAP, Wireless LANs vulnerable 2003-10-03 Michael Renzmann (security dylanic de) Hi. Cisco released a security notice [1] in August about possible dictionary attacks against their proprietary LEAP (Lightweight Extensible Authentication Protocol, used with 802.1x). But according to Computerworld [2] it seems that this information has not been spread well enough. In addition [ more ] [ reply ] Webmails + Internet Explorer can create unwanted javascript execution 2003-10-02 Jedi/Sector One (j pureftpd org) Summary : Multiple web-based mail systems browsed through Internet Explorer can allow arbitrary javascript execution. Date : 02/10/2003 Author : Frank Denis <j (at) pureftpd (dot) org [email concealed]> ------------------------[ Description ]------------------------ The issue described here doesn't [ more ] [ reply ] exploiting fortigate firewall through webinterface 2003-10-02 Maarten Hartsuijker (secfocus hartsuijker com) Issue: Several vulnerabilities in web interface of Fortigate firewall of which the most serious one will allow a remote attacker to obtain a username and password of the Fortigate. Release: pre 2.50 maintenance release 4 Fixed in: Fortinet OS 2.50 MR4, available from FTP as of 29 Sept. 2003 Date: 14 [ more ] [ reply ] PINE-CERT-20030902: Integer Overflow in FreeBSD Kernel [uio] 2003-10-02 Joost Pol (joost pine nl) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ ------- Pine Digital Security Advisory - ------------------------------------------------------------------------ ------- Advisory ID : PINE-CERT-20030902 Authors : [ more ] [ reply ] Class-action suit points to Microsoft security flaws 2003-10-02 Richard M. Smith (rms computerbytesman com) Class-action suit points to Microsoft security flaws http://news.com.com/2100-1009-5085730.html Microsoft faces a proposed class-action lawsuit in California based on the claim that its software's market dominance and vulnerability to viruses could lead to "massive, cascading failures" in global c [ more ] [ reply ] Re: Process Killing - Playing with PostThreadMessage 2003-10-02 Thor Larholm (thor pivx com) Feel free to correct me if I am wrong, but isn't this also how the PSKill application from SysInternals work? http://www.sysinternals.com/ntw2k/freeware/pskill.shtml Regards Thor Larholm PivX Solutions, LLC - Senior Security Researcher ----- Original Message ----- From: "Brett Moore" <brett.m [ more ] [ reply ] Cafelog WordPress / b2 SQL injection vulnerabilities discovered and fixed in CVS 2003-10-03 Seth Woolley (seth tautology org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Vendor: Cafelog Product: WordPress (formerly b2) http://www.wordpress.org/ Vulnerable Versions: * CVS versions before October 1, 2003 * Vulnerability affects code inherited from b2, so all versions of wordpress released before CVS fix are affected a [ more ] [ reply ] Minihttpserver File-Sharing for NET Directory Traversal Vulnerability 2003-10-03 Bahaa Naamneh (b_naamneh hotmail com) FreeBSD Security Advisory FreeBSD-SA-03:17.procfs 2003-10-03 FreeBSD Security Advisories (security-advisories freebsd org) New Tool: MetaCoretex (DB Security Scanner) 2003-10-02 visigoth (visigoth securitycentric com) Greetings all! I am pleased to announce the initial public release of a toy I have been working on for a little while now... MetaCoretex is an OpenSource, JAVA based, database capable security scanner with a kewl set of features. We have a bunch of spiffy probes already which are capable of do [ more ] [ reply ] New OpenSSL remote vulnerability (issue date 2003/10/02) 2003-10-02 Patrik Hornik (patrik hornik ebitech sk) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ====================================================================== Security advisory 20031002 - ---------------------------------------------------------------------- Product: openssl Issue date: 2003/10/02 Last updated: 2003/10/02 ========== [ more ] [ reply ] Process Killing - Playing with PostThreadMessage 2003-10-02 Brett Moore (brett moore security-assessment com) ======================================================================== = = Process Killing - Playing with PostThreadMessage = = brett.moore (at) security-assessment (dot) com [email concealed] = http://www.security-assessment.com = = Originally posted: October 02, 2003 ========================================================== [ more ] [ reply ] |
|
Privacy Statement |
when the page was loaded into the preview.
Outlook version: version: 10.3513.3501 SP1
My IE Version also crashed version: 6.0.2800.1106.xpsp2.030422-1633
---------------------------------
Thank You
Brian Paulson
Sr. Web De
[ more ] [ reply ]