Repost: Buffer overflow in Microsoft DirectX Files Viewer xweb.ocx (<2,0,16,15) ActiveX sample

Hi BugTraq reader, I would like to inform you about security issue in DirectX Files Viewer control was available on ActiveX gallery page http://activex.microsoft.com/activex site but fixed not so long time ago. = Overview: Risk: High Distri

RE: PHP-Nuke v5.6 - Users can compromise admin accts.

I think his point is this: simply invoking strip_tags doesn't prevent scripts or other harmfuls from getting through on the tags that you do allow. The PHP manual, under the function for entry for strip_tags() even notes a warning: --- Warning This function does not modify any attributes on the

Re: PHP-Nuke v5.6 - Users can compromise admin accts.

On Thu, 2002-08-15 at 21:16, <-delusion-> wrote: > Jelmer's accusation that my proposed fix is flawed is wrong. He demonstrates > a code that uses the tag, if you look at my solution: > > $message = strip_tags($message, ''); > > > The tag is not allowed. Only the tags are allowed. I did > ta

Subtle insinuations may be more than idle threats I'm afraid.

[EMAIL PROTECTED] wrote: http://lists.netsys.com/pipermail/full-disclosure/2002-August/001073.html "#old solaris bug die hard.something similar, but not quite. Have you audited your Solstice #products recently? lit_tty was nothing. M^ got lost again ( agent.lspitzner.added.to.meme1

Re: [SNS Advisory No.55] Eudora 5.x for Windows Buffer OverflowVulnerability

On Mon, 5 Aug 2002, Hack Hawk wrote: > As I use Eudora, I'm currently developing a work around to protect > myself from this vulnerability. Basically just a filter program > on the Linux server. Have you seen http://www.impsec.org/email-tools/procmail-security.html yet? This exploit's been san

Re: PHP-Nuke v5.6 - Users can compromise admin accts.

Jelmer's accusation that my proposed fix is flawed is wrong. He demonstrates a code that uses the tag, if you look at my solution: $message = strip_tags($message, ''); The tag is not allowed. Only the tags are allowed. I did talk to Jelmer and told him my solution successfully stripped the t

Re: Delete arbitrary files using Help and Support Center [MSRC 1198dg]

Shane Hird wrote: > > Temporary solutions may be; > > + delete/move the uplddrvinfo.htm file > + edit the script of uplddrvinfo.htm to remove the offending code > + unregister the hcp protocol handler FYI. If a user runs across an exploit of this, a window titled "Help and Support Center" will

RE: IE [with Google Toolbar installed] crash

It also affects IE 6.0 (fully patched)/Google Toolbar 1.1.60-deleon/en Mark -Original Message- From: Bill Fryberger [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 15, 2002 6:32 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: IE [with Google Toolbar installed] crash > You ma

Re: IE SSL Vulnerability

In-Reply-To: <[EMAIL PROTECTED]> Given my background in cryptographic programming, it is difficult for me to imagine how the cause of this alleged vulnerability could be explained as programmer error or oversight. Yet I cannot fathom why MS would purposely skip such a basic step. I am wait

Re: IE [with Google Toolbar installed] crash

This didn't affect me, running Win2k pro SP3, IE 6.0 with google toolbar 1.1.60-big/en Chuck On Thursday, August 15, 2002 1:31 PM, Bill Fryberger <[EMAIL PROTECTED]> scribbled: > >> You may test it by visiting the following page >> http://www.sztolnia.pl/hack/googIE/googIE.html >> It should cr

Re: "August 2002 Cumulative Update For Internet Explorer (Q323759)" & IE6 SP1

In message <[EMAIL PROTECTED]>, Carl R Diliberto <[EMAIL PROTECTED]> writes >Did anyone else see "August 2002 Cumulative Update For Internet Explorer >(Q323759)" appear on the MS Website at >http://www.microsoft.com/windows/ie/downloads/critical/default.asp and then >disappear too? Nice one! G

MODERATOR WAIT ! Re: SILLY BEHAVIOR : Internet Explorer 5.5 - 6.0

Jelmer <[EMAIL PROTECTED]> said: > This allows for execution of arbitrary code see my winamp and ICQ exploits > > http://kuperus.xs4all.nl/winamp.htm > > www.xs4all.nl/~jkuperus/icq/icq.htm > > I posted a message explaining how it works (and proofing winamp 3 is > vulnerable aswell) but the f

Sun RPC xdr_array vulnerability on IRIX

-BEGIN PGP SIGNED MESSAGE- __ SGI Security Advisory Title: Sun RPC xdr_array vulnerability Number: 20020801-01-P Date: August 16, 2002 Reference: CER

Re: PHP-Nuke v5.6 - Users can compromise admin accts.

IMHO this whole email is just stating the obvious. On top of that the proposed fix is flawed. The PHP strip_tags function does not strip attributes so this is possible in your proposed fix : http://kuperus.xs4all.nl' : 0 ); word-wrap : expression(this.done=true);"> test its a bit messy but gets

Re: Apache 2.0.39 directory traversal and path disclosure bug

At 12:01 PM 8/16/2002, Auriemma Luigi wrote: >B) CAN-2002-0661 > > >The problem is in the management of the bad chars that can be used to >launch some attacks, such as the directory traversal. In fact the >backslash char ('\' == %5c) is not checked as a bad char, so it can be >used

Apache 2.0.39 directory traversal and path disclosure bug

## Auriemma Luigi, PivX security advisory AL#001 Application: Apache WebServer (http://httpd.apache.org) Version: 2.0.39 and previous 2.0.x, ONLY on systems that supports backslash path delimiters (Win/Netware/O

NTFS Hard Links Subvert Auditing (A081602-1)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 @stake Inc. www.atstake.com Security Advisory Advisory Name: NTFS Hard Links Subvert Auditing (A081602-1) Release Date: 08/16/2002 Application:

Microsoft SQL Server Agent Jobs Vulnerabilities (#NISR15002002B)

NGSSoftware Insight Security Research Advisory Name: SQL Agent Jobs Systems: Microsoft SQL Server 2000 and 7 Severity: High Risk Category: Privilege Escalation Vendor URL: http://www.microsoft.com/ Author: David Litchfield ([EMAIL PROTECTED]) Advisory URL: http://www.ngssoftware.com/advisories/ms