For existing users of PlanetWeb version 1.14, a one-click downloadable
patch is available from one of the following download sites. This patch
corrects the buffer overflow vulnerability and also includes additional
features including integrated support for virtual domain hosting.
My last patch was _useless_.
Here are lines to add at beginning of /mudoles/webchat/index.php
(you can download patched file from www.phpsecure.org) :
if(is_string($roomid) === TRUE)
$roomid = 1;
Vendor (www.xoopsien.net) has still not answered.
Sorry again
In-Reply-To: [EMAIL PROTECTED]
Status on the below posting regarding:
1. zlib 1.1.3 double free() bug
2. Buffer overflow in SWRemote parameter for flash object.
1. zlib 1.1.4 double free() bug
=
Flash Player 6 was released with the fix for the double free() bug back
When optimizing code for dead store removal the optimizing compiler may
remove code necessary for security.
A programmer could erroneously think that his code is secure, even though
the securing code is removed from the compiled code.
For a full report, including a complete description
Author: LOM lom at lom.spb.ru
Product: Macromedia Flash ActiveX 6.0 (6,0,47,0) for Microsoft Internet
Explorer
Vendor: Macromedia was contacted on 23 Oct 2002.
Risk: High
Remote: Yes
Exploitable: Yes
Into:
Macromedia flash ActiveX plugin displays .swf files under Internet
On Mon, Nov 18, 2002 at 04:36:57PM +, Richard Moore wrote:
Nicholas Weaver wrote:
On Thu, Nov 14, 2002 at 02:44:58AM -0800, Michael Wojcik composed:
The bigger concern is when the memory is paged to disk, and that
record may have a much MUCH longer time window. But scrubbing has no
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 199-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
November 19th, 2002
Dear [EMAIL PROTECTED],
Proof of concept files for Macromedia Flash ActiveX buffer overflow
(no shellcode) attached.
--
/ZARAZA
swfexpl.zip
Description: Zip compressed data
Joseph Wagner [EMAIL PROTECTED] writes:
http://gcc.gnu.org/cgi-bin/gnatsweb.pl?cmd=view%20audit-traildatabase=gccpr=8537
As discussed on BUGTRAQ, this is not a bug in GCC, but a programming
error. For a somewhat related discussion, see:
http://gcc.gnu.org/ml/gcc/2002-01/msg00518.html (and
The idea Smartspoof is definitely not new. I don't really need any
software to accomplish this outside of a arp-sk.
1. If I have access to a transport medium with any router that is
multi-access (i.e ethernet) then I can phyiscally assign the IP address
of the client I want to spoof regardless
So. Yet another way to execute script code in the My Computer
Zone.
According to Microsoft (based on the response described in the Andreas
Sandblad advisory [1]), the Sandblad method of executing commands with
parameters employed in the format C: attack is not a vulnerability.
Technically, they
IFRAME in a page opened by openModalDialog has dialogArguments of its
parent.
[tested]MSIEv6(CN version)
{IEXPLORE.EXE file version: 6.0.2600.}
{MSHTML.DLL file version: 6.00.2600.}
[demo]
at
http://www16.brinkster.com/liudieyu/BadParent/BadParent-MyPage.htm
or
12 matches
Mail list logo