|
|
Colapse all |
Post message
MSIE->BodyRefreshLoadsJPU:refresh is a new navigation method 2003-09-10 Liu Die Yu (liudieyuinchina yahoo com cn) Multiple* bug's associated with Win xp default zip Manager... 2003-09-10 hUNTER 007 (door_hunt3r blackcodemail com) 1). ---DESCRIPTION--- Win xp default zip manager prompt's for a password, [even* when there is no password] if the zipped file has folder/s with more than 121 sub directories in it, but this situation does vary with some condition as specified below... ---Bug Demonstration--- -------- [ more ] [ reply ] CacheFlow Proxy Abuse (revisited) 2003-09-10 Tim Kennedy (tim timkennedy net) Actually, this seems like it may be related to a known issue. Or at least related to known issues. See [incidents] message at: http://www.securityfocus.com/archive/75/295545/2003-09-07/2003-09-13/2 Cacheflow published information relating to a vulnerability in the CONNECT method of the CacheOS. [ more ] [ reply ] Why does a home computer user need DCOM? 2003-09-10 Richard M. Smith (rms computerbytesman com) Hello, Yet another buffer overflow error has been found in DCOM and Microsoft has released a new patch for it today according to a security bulletin on their Web site. If I am running a Windows PC at home, why would I want DCOM turned on in the first place? What purpose does it serve? Has Microso [ more ] [ reply ] Winrar doesn't determine the actual size of compressed files+possibility of DoS attack on server! 2003-09-10 hUNTER 007 (door_hunt3r blackcodemail com) Permitting recursion can allow spammers to steal name server resources 2003-09-10 Chris Brenton (cbrenton chrisbrenton org) (1 replies) Hi Dave, Sorry this post is so long but I wanted to make sure testing and how to fix the problem was spelled out exactly so people are more likely to fix their servers. Credits Many thanks to William Stearns and Tanya Baccam for helping to pull together this information. _Executive Summary_ T [ more ] [ reply ] Re: Permitting recursion can allow spammers to steal name server resources 2003-09-10 Mark Johnston (mjohnston skyweb ca) Microsoft security update broken? 2003-09-09 Guy Barnum (GuyBarnum Armscole com) -----Original Message----- From: Thor Larholm [mailto:thor (at) pivx (dot) com [email concealed]] Sent: Monday, September 08, 2003 6:15 PM To: Guy Barnum; BugTraq Subject: RE: Microsoft security update broken? Windows 98 no longer receive any security updates, so the behavior of using WindowsUpdate under Windows 98 is undefined [ more ] [ reply ] Re: XSS vulnerability in phpBB (an other ;-) 2003-09-09 Steven M. Christey (coley mitre org) keupon_ps2 (at) yahoo (dot) fr [email concealed] said: >but this will work (on phbb 2.0.6): >[url=http://www.google.fr" onclick="alert('Hello')]text[/url] > >I don't remeber who has said that it will work on every version of phpBB >but i've tested it on phpBB 2.0.4 and it doesn't work. >An other person has said that it only w [ more ] [ reply ] Attemps with Ikonboard 3.1.2a 2003-09-09 Shan Whitman (xzziroz rootshell be) Vender: Jarvis Entertainment Product: Ikonboard Version: 3.1.2a and Below (All current versions). On the topic of the recent post about Ikonboard and it's command execution vulnerabilities In FUNC.pm: # Make sure the cookie data is legal if ($iB::COOKIES->{$iB::INFO->{'COOKIE_ID'}.'lang'}) { [ more ] [ reply ] MSIE->LinkillerSaveRef:another caller-based authorization 2003-09-10 Liu Die Yu (liudieyuinchina yahoo com cn) LinkillerSaveRef:another caller-based authorization(is broken). ("that's all" is end of file if you are in a hurry) [tested] Browser Ver { MS Internet Explorer: 6.0.2600.0000.xpclnt_qfe.021108-2107; Encryption: 128-bit; Patch:; Q810847; } (So, it's far from fully patched. It also wor [ more ] [ reply ] MSIE->LinkillerJPU:another caller-based authorization(is broken). 2003-09-10 Liu Die Yu (liudieyuinchina yahoo com cn) |
|
Privacy Statement |
BodyRefreshLoadsJPU:refresh is a new navigation method
[tested]
Browser Ver
{
MS Internet Explorer: 6.0.2600.0000.xpclnt_qfe.021108-2107;
Encryption: 128-bit;
Patch:; Q810847;
}
(So, it's far from fully patched. It also works after
applying the patch for method caching attack.)
OS V
[ more ] [ reply ]