Wednesday, 28 March, 2001
The BAT! ~..~ is a feisty multi-tasking email client that is rapidly gaining
popularity and for good reason. Cursory examination of it reveals solid
effective security measures on all fronts, including non-browser dependent
html viewing (with on/off switch), random named
Hi,
Playing with Cuartango´s recently exploit
(http://www.kriptopolis.com/cua/eml.html) I've found that it´s possible to trick
an user to execute one file making he/she think it's a data file of any kind
(pdf, mpeg,...).
This works on both NT and 2000 using IE 5.1 (other platforms/IE versions no
Josh Merchant([EMAIL PROTECTED])@Sun, Apr 01, 2001 at 12:39:55PM -0500:
> > Hi all,
> >
> > I have written a full disclosure buffer overflow
> > exploit for the winamp 2.63 buffer overflow found in
> > the M3U file parser...
>
> [Snip]
>
> Correct me if I'm wrong, but wasn't this issue already dis
Microsoft Product Security <[EMAIL PROTECTED]> writes:
> Title: Incorrect MIME Header Can Cause IE to Execute E-mail
> Attachment
I think the title of the advisory is not appropriate, although it's
correct, technically speaking. It's certainly confusing many people
who're assum
==
Defcom Labs Advisory def-2001-16
Internet & Acceleration Server Event DoS
Authors: Peter Gründl <[EMAIL PROTECTED]>
Andreas Sandor <[EMAIL PROTECTED]>
Release Date: 2001-04-02
===
Hi all.
It is possible not only to get the listing
but also the files.
If you use replace the last / with %5c it will
give you the file.
example:
> http://target:8080/%2e%2e/%2e%2e%5cyourfilehere%00.jsp
-Njack