From the How Lame Can It Get or Intellectual Levels
of the Net are dropping each year Dept.
The example MD5/SHA1 perl script HP/Compaq recommends
on the page referenced in the below excerpt, is broken
because they didn't escape the greater than/less than
symbols. When the page is rendered by
I have installed the latest HP/Compaq Tru64 patches
T64V51B19-C0136901-15143-ES-20020817.tar
Beware of the /sbin/mount in patch OSFPATC0136901510 within: using
'mount -a' kills any local mountd with log message:
Sep 3 06:19:01 rome mountd[228]: aborting: received a User defined signal 1
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 160-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
September 3rd, 2002
There's more to it than just Outlook.
Baltimore's MailSecure, an Outlook plugin which (among other things)
verifies S/MIME certs, is also vulnerable to this problem.
Certificates issued by middle men appear in MailSecure's certificate
information as having inherited trust.
However, MailSecure
In-Reply-To: 200207250749.33496@Message-id-is-important
---
Blue Coat Systems (formerly CacheFlow) Cross Site Scripting Vulnerability
---
Blue Coat Systems thanks T. Suzuki of
In-Reply-To: [EMAIL PROTECTED]
Alex -
You've come up with a very clever application of field codes - one that I
had never considered. I'm working with Word 2000 SR-1a and Word 2002 SP-
2. I've had a chance to converse with Dr. Vesselin Bontchev, who's using
Word 97. So far, here's what
SecuRemote usernames can be guessed or sniffed using IKE exchange
Introduction:
-
While performing a VPN security analysis for one of our customers, I discovered
a potential issue with Firewall-1 SecuRemote IKE which can allow usernames
to be guessed.
I also observed the related
it's about cross-site scripting at MSIEv6 client side using % encoding,
but not the same as the one by PeaceFire.org which doesn't work on my PC.
[tested]MSIEv6(CN version)
{IEXPLORE.EXE file version: 6.0.2600.}
{MSHTML.DLL file version: 6.00.2600.}
[demo]
at
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Cisco Security Advisory: Cisco VPN 3000 Concentrator Multiple Vulnerabilities
Revision 1.0
For Public Release 2002 September 03 at 1500 UTC
--
Contents
Summary
# Port 445 - This is a highly debated area by Microsoft themselves and many
others
# It's uses are discussed here: http://ntsecurity.nu/papers/port445/
#
# Method 1: Steps in Windows 2000 Professional, SP2: (Please read others
below before proceeding as this one may prevent
#
# DHCP from
a few comments:
1) this is a known issue
2) Revelation, snitch, openPass, etc won't work
in msie
3) If the password is 'remembered' by the server
(ie, not cached, but sent as part of the html),
you could just view source.
4) Not as relevent, but you could do some simple
XSS to alert the password
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
SECURITY BULLETIN
SSRT2310a - HP Tru64 UNIX HP OpenVMS Potential
== OpenSSL Security Vulnerability
The HP Security Bulletin has been posted to the support
website -
http://thenew.hp.com/country/us/eng/support.html
Use
[EMAIL PROTECTED] (Paul Szabo) writes:
I have reported this to Compaq (but expect no speedy resolution). I am
puzzled: why patch /sbin/mount or /usr/bin/csh if they are not setuid?
Paul confirmed in private email that /sbin/mount is statically linked.
I guess that it contains a copy of the
Since the failure of checking certificate chain correctly seems to be
buried deeper in windows (maybe in some DLL? some info from microsoft
would be greatly appreciated, but their security offensive seems to be
hot air anyway), i could imagine more possibilities to exploit it:
* certificates
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- --
PACKAGE : mailman
SUMMARY : Cross site scripting
Aestiva HTML/OS is a high-performance database engine and development suite for
building advanced web sites and web-based software products.
SUMMARY:
The Aestiva HTML/OS CGIs appear vulnerable to XSS due to poor error
reporting (no metacharacter filtering).
Anything you want can be appended
16 matches
Mail list logo
