|
|
Colapse all |
Post message
Re: Internet explorer 6 on windows XP allows exection of arbitrary code (Demonstration Exploit Warning) 2003-09-13 S G Masood (sgmasood yahoo com) Hi, Jelmer probably forgot to mention this about the demonstration exploit[1] in his advisory[2]: Back up "C:\Program Files\Windows Media Player\wmplayer.exe" before using the exploit as the exploit replaces the original wmplayer.exe(main WMP executable) with the dropped file(also named wmplayer.ex [ more ] [ reply ] Eudora 6.0 attachment spoof, exploit 2003-09-13 psz maths usyd edu au (Paul Szabo) Eudora 6.0 was released recently; I tested the Windows version only. It still contains several vulnerabilities, the most serious being an execute-any-code bug. It is distressing that the "spoof and steal" bug was pointed out years ago; the execute-any-code bug in 5.2.1 was sent to Qualcomm on 29 May [ more ] [ reply ] [SECURITY] [DSA-381-1] New mysql packages fix buffer overflow 2003-09-14 Matt Zimmerman (mdz debian org) Results of the vote query 2003-09-13 Alfred Huger (ah securityfocus com) Hello, Myself and David Ahmad (depending on the list you are on) recently sent out mail querying all of you about instituting community voting on issues for both the SecurityFocus website and its mailing lists. The feedback was overwhelmingly in favor of doing so with several common caveats: 1. [ more ] [ reply ] Re: Wired misquote [Symantec want's to criminalize full-disclosure] 2003-09-12 Alfred Huger (alfred_huger symantec com) I am posting this In reference to the recent Wired article which Richard Smith posted to this list. Symantec fully supports information sharing on threats and vulnerabilities and believes it is an important tool for consumers and IT professionals to gain a measure of early warning of [ more ] [ reply ] [SECURITY] [DSA-380-1] New xfree86 packages fix multiple vulnerabilities 2003-09-12 Matt Zimmerman (mdz debian org) [CLA-2003:737] Conectiva Security Announcement - gtkhtml 2003-09-12 Conectiva Updates (secure conectiva com br) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ -- CONECTIVA LINUX SECURITY ANNOUNCEMENT - ------------------------------------------------------------------------ -- PACKAGE : gtkhtml SUMMARY : Buffer overflow vulnerabili [ more ] [ reply ] DCOM Paper Part I 2003-09-12 dave immunitysec com A paper I wrote last night on the new DCOM bug, containing lots of Ollydbg hints and tricks. Most likely useful to people who already are trying to exploit it, and probably not a paper for management to read. Read it now before Symantec, Microsoft, and the rest of oisaftey get this kind of informa [ more ] [ reply ] Update to the Oracle EXTPROC advisory 2003-09-12 NGSSoftware Insight Security Research (nisr nextgenss com) Hello, Please note that Oracle has updated the extproc buffer overrun advisory. There was some confusion caused because the intial Oracle advisory stated that a username and password were required to exploit the overflow which was contrary to the results of our research; we concluded that no user ID [ more ] [ reply ] [CLA-2003:738] Conectiva Security Announcement - pine 2003-09-12 Conectiva Updates (secure conectiva com br) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ -- CONECTIVA LINUX SECURITY ANNOUNCEMENT - ------------------------------------------------------------------------ -- PACKAGE : pine SUMMARY : Remote vulnerabilities DATE [ more ] [ reply ] RE: Computer Sabotage by Microsoft 2003-09-12 Russ (Russ Cooper rc on ca) I can't believe it, I was sitting there and you know what happened? I went to view the Program Guide on my PVR dish and it said it had to retrieve an update. It said I could cancel, so I did, who do they think they are! So I went back to view the guide again and the damn thing said it had to retriev [ more ] [ reply ] PTms03039.zip 2003-09-11 info_sl (info securitylab ru) Hi! PTms03039.zip is an utility for checking Windows machine, which is vulnerable to the RPC DCOM #2 (MS03-039). Tool can be downloaded here http://www.securitylab.ru/?ID=40170 (in Russian!) or http://www.securitylab.ru/_tools/PTms03039.zip. --------------------------- Positive Technologies (http: [ more ] [ reply ] 4D WebSTAR FTP Buffer Overflow. 2003-09-11 B-r00t (br00t blueyonder co uk) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Remote Vulnerability in 4D WebSTAR Server Suite. ================================================ Date: 11.09.2003 Author: B-r00t. 2003. Email: B-r00t <br00t (at) blueyonder.co (dot) uk [email concealed]> Vendor: 4D. Reference: http://www.4d.com/prod [ more ] [ reply ] Internet explorer 6 on windows XP allows exection of arbitrary code 2003-09-11 jelmer (jkuperus planet nl) (1 replies) Internet explorer 6 on windows XP allows exection of arbitrary code DESCRIPTION : Yesterday Liu Die Yu released a number series of advisories concerning internet explorer by combining on of these issues with an earlier issue I myself reported a while back You can construct a specially crafted webp [ more ] [ reply ] Re: [Full-Disclosure] Internet explorer 6 on windows XP allows exection of arbitrary code 2003-09-11 Thor Larholm (thor pivx com) (1 replies) Re: [Full-Disclosure] Internet explorer 6 on windows XP allows exection of arbitrary code 2003-09-12 jelmer (jkuperus planet nl) RE: Computer Sabotage by Microsoft 2003-09-11 Thor Larholm (thor pivx com) (1 replies) Automatic system updates are nothing new, we see it all the time with antivirus software. Given that the enduser has agreed for his AV to be updated automatically, none of us see any moral, ethical or legal implications with that scenario. The legality of this in regards to your XBox all boils down [ more ] [ reply ] MDKSA-2003:089 - Updated XFree86 packages fix multiple vulnerabilities 2003-09-12 Mandrake Linux Security Team (security linux-mandrake com) |
|
Privacy Statement |
English version :
I found a CSS in Admin smiley panel that can be used like that :
When you're logged as admin if you put a smiley code like that :)<script>alert('Css work')</script> and then any smiley picture and description, the Admin smiley panel will show the smiley with the
[ more ] [ reply ]