From: Floydman [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, March 28, 2001 5:31 PM
This was possible because the .SHS
extension is hidden by Windows, even if it is configured to display all
files, all extensions (even for known file types).
This behavior is activated by a registry value
Does anyone know which MIME types will be executed automatically?
Microsoft is conspicuously silent on this, perhaps in an attempt
to discourage exploits. But failure to disclose the MIME types
affected also prevents administrators from filtering e-mail
attachments of those types -- which I'd
On Sat, 24 Mar 2001, Matthias Andree wrote:
BEROLIST 2.5.9 IS A MAJOR RELIABILITY DISASTER.
I agree - the initial version was both the first piece of Linux (and
general Unix) code and the first piece of C code I wrote after converting
from the Atari ST + Pascal + GFA-Basic world.
I was a
On Fri, 30 Mar 2001, Juan Carlos Garcia Cuartango wrote:
Hi, Microsoft has released a security bulletin
http://www.microsoft.com/technet/security/bulletin/ms01-020.asp
entitled "Incorrect MIME Header Can Cause IE to Execute E-mail
Attachment". EML files are MIME multipart files that IE 5
On Wed, 28 Mar 2001 18:31:20 -0500, Floydman [EMAIL PROTECTED] wrote:
Once these extensions were generated, I examined all 169 455 combinations
through Windows Explorer, in order to determine the system behavior towards
these files. The biggest majority of these files turned out to be generic
Georgi Guninski security advisory #41, 2001
Security bug in Internet Explorer - MSScriptControl.ScriptControl
Systems affected:
IE 5.5 Win2K (probably others versions/platforms, have not tested)
Risk: High
Date: 31 March 2001
Legal Notice:
This Advisory is Copyright (c) 2001 Georgi Guninski.
rotaiv [EMAIL PROTECTED] writes:
At 03/28/2001 06:31 PM, Floydman wrote:
A little while ago, I was having a conversation with some of my colleagues
about computer viruses. The "Life Stages" virus was mentionned during the
conversation. This virus disguises itself via a file with extension
This morning a message was posted on bugtraq by Blazde/Roland about the
recent Argus hacking contest at CeBit in Germany and an exploit he
discovered on one of the systems being protected by one of the products
in the Argus PitBull product line. I wanted to give an unofficial
response to a few
==
STAT Security Advisory
http://www.statonline.com/
Software Vendor:Trend Micro (www.antivirus.com)
Software Package: ScanMail for Exchange
Dear, Bugtraq
"Just little bits of history repeating"
I have discovered a buffer overflow in CrazyWWWBoard Full Edition
CrazyWWWBoard Limited Edition.
This is NOT that same overflow as discovered by Jin Ho You, 01.30.2001
(http://www.securityfocus.com/archive/1/159387)
This overflow will
If Guninski is right, and there is a bug involving the Microsoft OLE
DB Provider for Internet Publishing that allows malicious websites
to execute queries into sites local to the vulnerable user under that
user's context then it's more than likely that some of those local
sites in deed don't
Topic:Tomcat 4.0-b1 for winnt/2000 show ".jsp"
source Vulnerability.
vulnerable:
winnt/2000
+ Tomcat 4.0-b1
discussion:
A security vulnerability has been found in Windows
NT/2000 systems that have Tomcat 4.0-b1 installed.
The
vulnerability allows remote attackers to get ".jsp"
source.
This Perl script can be used to exploit the
vulnerability on webspirs.cgi, installed on any machine. The vulnerability allow
to view any file on the machine, breaking the webroot.
#!/usr/bin/perl# Remote Script to exploit
bug in webspirs.cgi# Affected systems: any where webspirs.cgi are
Hi "Jon S. Stevens",
Thanks your reply
Today,I download "jakarta-tomcat-4.0-b1.zip" from
http://jakarta.apache.org/.but I can build a special
URL get "jsp" source of Tomcat4.0-b1.
for example:
http://localhost:8080/examples/jsp/snp/snoop%2ejsp
Thanks again.
lovehacker
Copyright 2000-2001
Topic:
Tomcat 3.2.1 for win2000 Directory traversal
Vulnerability
vulnerable:
Tomcat 3.2.1 for win2000
maybe for other operating system also.
discussion:
A security vulnerability has been found in Windows
NT/2000 systems that have Tomcat 3.2.1
installed.The
vulnerability allows remote
Attonbitus Deus [EMAIL PROTECTED] writes:
Considering how frequently most people tend to reuse passwords, this is
a pretty strong statement. Since Microsoft states that the folder
password is "not related in any way to the user's network logon
password" with such confidence, that would
Actually, scrap objects are useful to WRITERS -- not of code but of
documents -- who are using Office.
Create a Word document, select all or part of the document, and drag the
selection onto the desktop or to a window. You will have a new file
called "Document scrap 'something or other'". This
Wojciech Purczynski wrote:
Hi,
Here is exploit for ptrace/execve race condition bug in Linux kernels up
to 2.2.18.
As far as I understand it, the race condition exists between preparing the bprm
structure inside the
kernel (which will carry the suid/sgid credentials) and setting the
18 matches
Mail list logo