Re: lynx 2.8.x - 'special URLs' anti-spoofing protection is weak

Another detail on LYNXOPTIONS:// and bypassing evil configuration options to victim's browser - attack scheme could be even easier and can be done remotely. First of all, ask user to check his/her configuration, as stated in previous post (let's call this webpage A.html). Then, supply link to anot

SuSE Security Announcement - syslogd (a1)

-BEGIN PGP SIGNED MESSAGE- _ SuSE Security Announcement - syslogd (a1) Package: syslogd-1.3.33 (a1) Date: Thu Nov 18 14:00:29 CET 1999 Affected SuSE versions

WordPad/riched20.dll buffer overflow

Just if someone needs to know... Win98/NT4 Riched20.dll (which WordPad uses) has a classic buffer overflow problem with ".rtf"-files. Crashme.rtf : {\rtf\} A malicious document may probably abuse this to execute arbitary code. WordPad crashes with

Re: Remote D.o.S Attack in G6 FTP Server v2.0 (beta 4/5) Vulnerability

I just got done talking to the USSR Labs guys... I've talk to them in the past about their advisories to try to help them out to make them a little more "clean" etc... | > Vendor Status: | > Not Contacted English is basically not their first language and they ment to say "Not Contacted" as in t

Jet Vulnerability affect Office 95 users (fwd)

-- Forwarded message -- Date: Tue, 16 Nov 1999 17:17:59 EST From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Jet Vulnerability affect Office 95 users The vulnerability in the Jet database used by all versions of Office and that has been discussed previously in this forum in

Re: Oracle 8 root exploit

If you check the readme from Oracle it says you should use the 8.0.5 version of the patch with 8.1.5 until 8.1.6 comes out. On Tue, 16 Nov 1999, Chris Calabrese wrote: > However, Intelligent Agent 8.1.5 (the version Brock > reported on) does not have a patch available for it. > This is pretty st

Re: hard-coded windows exploits

On Tue, 16 Nov 1999, Jeremy Kothe wrote: > Just a general note concerning Windows overflows - most (if not all) of the > publicly available exploits I have seen floating around are still using > hard-coded addresses for system calls. > > I thought people might want to know that it is possible (an

Pine: expanding env vars in URLs (seems to be fixed as of 4.21)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I reported the vulnerability below to the Pine team on Oct 21, when 4.20 was current. 4.21 (which I just noticed on freshmeat) seems to fix the problem even though it's not mentioned in the release notes. Since it's not, I thought some disclosure was

Re: hardcoded windows exploits

SysCalls via int's are only applicable to NT, not 9x >I don't think that this is the only way to do it, what about using >direct >system calls? you don't need addresses for that, just call INT 2e/2c/2b >with the correct registers... _

Re: Microsoft Security Bulletin (MS99-043)

> Patch Available for "Javascript Redirect" Vulnerability > Originally Posted: October 18, 1999 > Re-released: November 17, 1999 > > Summary > === > On October 18, 1999, Microsoft released the original version of this > bulletin, in order to advise customers of a workaround for a vulnerabilit

Re: Tektronix PhaserLink Webserver Reveals Admin Password

Here are a couple more problems with the Tektronix webserver services: (We run the Tektronix 740 Extended) When the people at Tektronix designed the web services, security was in mind. For example, some URLs that require password authentication do generate a key to pass along instead of the plai

Re: hard-coded windows exploits

> > Just a general note concerning Windows overflows - most (if not all) of the > > publicly available exploits I have seen floating around are still using > > hard-coded addresses for system calls. > > > > Is this the only way to do this? Note that this method has been around for a > > while, but