Another detail on LYNXOPTIONS:// and bypassing evil configuration options
to victim's browser - attack scheme could be even easier and can be done
remotely. First of all, ask user to check his/her configuration, as stated
in previous post (let's call this webpage A.html). Then, supply link to
anot
-BEGIN PGP SIGNED MESSAGE-
_
SuSE Security Announcement - syslogd (a1)
Package: syslogd-1.3.33 (a1)
Date: Thu Nov 18 14:00:29 CET 1999
Affected SuSE versions
Just if someone needs to know...
Win98/NT4 Riched20.dll (which WordPad uses) has a classic buffer
overflow problem with ".rtf"-files.
Crashme.rtf :
{\rtf\}
A malicious document may probably abuse this to execute arbitary
code. WordPad crashes with
I just got done talking to the USSR Labs guys...
I've talk to them in the past about their advisories to try to help them out
to make them a little more "clean" etc...
| > Vendor Status:
| > Not Contacted
English is basically not their first language and they ment to say "Not
Contacted" as in t
-- Forwarded message --
Date: Tue, 16 Nov 1999 17:17:59 EST
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Jet Vulnerability affect Office 95 users
The vulnerability in the Jet database used by all versions of Office and that has been
discussed previously in this forum in
If you check the readme from Oracle it says you should use the 8.0.5
version of the patch with 8.1.5 until 8.1.6 comes out.
On Tue, 16 Nov 1999, Chris Calabrese wrote:
> However, Intelligent Agent 8.1.5 (the version Brock
> reported on) does not have a patch available for it.
> This is pretty st
On Tue, 16 Nov 1999, Jeremy Kothe wrote:
> Just a general note concerning Windows overflows - most (if not all) of the
> publicly available exploits I have seen floating around are still using
> hard-coded addresses for system calls.
>
> I thought people might want to know that it is possible (an
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I reported the vulnerability below to the Pine team on Oct 21, when 4.20
was current. 4.21 (which I just noticed on freshmeat) seems to fix the
problem even though it's not mentioned in the release notes. Since it's
not, I thought some disclosure was
SysCalls via int's are only applicable to NT, not 9x
>I don't think that this is the only way to do it, what about using
>direct
>system calls? you don't need addresses for that, just call INT 2e/2c/2b
>with the
correct registers...
_
> Patch Available for "Javascript Redirect" Vulnerability
> Originally Posted: October 18, 1999
> Re-released: November 17, 1999
>
> Summary
> ===
> On October 18, 1999, Microsoft released the original version of this
> bulletin, in order to advise customers of a workaround for a vulnerabilit
Here are a couple more problems with the Tektronix webserver services:
(We run the Tektronix 740 Extended)
When the people at Tektronix designed the web services, security was in
mind. For example, some URLs that require password authentication do
generate a key to pass along instead of the plai
> > Just a general note concerning Windows overflows - most (if not all) of the
> > publicly available exploits I have seen floating around are still using
> > hard-coded addresses for system calls.
> >
> > Is this the only way to do this? Note that this method has been around for a
> > while, but
12 matches
Mail list logo