Hello,
Test page for Konqueror is at:
http://pp.siedziba.pl/2f/
I have also tested it with Mozilla 1.0 (Gecko/20020829) and Galeon 1.2.5
(Gecko/20020606) and found not vulnerable - the script throws Permission
denied to get property HTMLDocument.body exception.
--
Piotr Pawow
Foundstone Labs Advisory - 090502-PCRO
Advisory Name: Remotely Exploitable Buffer Overflow in PGP
Release Date: September 5, 2002
Application: PGP Corporate Desktop 7.1.1
Platforms: Windows 2000/XP
Severity: Remote code execution and plaintext passphrase
disclosure
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Rapid 7, Inc. Security Advisory
Visit http://www.rapid7.com/ to download NeXpose(tm), our
advanced vulnerability scanner. Linux and Windows
On Tue Sep 03 2002, Blue Boar wrote:
This is one of my favorite vulnerabilities:
http://online.securityfocus.com/bid/1503
It's an overflow in the JPEG handler in Netscape.
I don't know of one for GIFs off the top of my head, but the same
principle applies. If there's a viewer with a bug,
Veritas Backup Exec opens networks for NetBIOS based attacks?
By: Geoff Craig, Adrian Romo
Company: Quilogy http://www.quilogy.com
Currently, we are working with a customer that has moved to Active
Directory and is using Backup Exec 8.5 to backup all servers and domain
controllers from a
In-Reply-To: [EMAIL PROTECTED]
Hey, Woody, can this exploit parse environment variables? In WOW #7.42,
you say the mitigating factor is that Alice has to know the precise name
of the file she wants to retrieve, but your example of c:\Documents and
Settings\Woody\Local
Thanks to a few people who have sent later Veritas articles that show
that there is RestrictAnonymous=1 support, but ONLY with version 8.6.
Here are those articles for those who may be interested.
http://seer.support.veritas.com/docs/238618.htm
http://seer.support.veritas.com/docs/239739.htm
Check Document 239739, this was modified in version 8.6
http://seer.support.veritas.com/docs/239739.htm
Snip
Support for the Restrict Anonymous option was added to Backup Exec version
8.6.
NOTE: Versions of Backup Exec prior to 8.6, do not support enabling
Restrict Anonymous
end Snip
Regards,
On Fre, 06 Sep 2002, Piotr Paw?ow wrote:
Test page for Konqueror is at:
http://pp.siedziba.pl/2f/
This is actually not related to the % encoding problem in IE, but a general
regression that was introduced in KDE 3.0.3 release.
Below is the fix which has been tested and committed to CVS
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 162-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
September 6th, 2002
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Mandrake Linux Security Update Advisory
Package name: gaim
Advisory ID:
Thinking about ways to figure out how to get through firewalls,
the following attack occurred to me. The technique is similar
to firewalking (Goldsmith) and to IP ID reverse scanning (Antirez).
I call it next-hop scanning, because it operates by interrogating
a router after the firewall, not the
12 matches
Mail list logo