ical 3.7 remote dos

2003-01-03 Thread securma massine
hi iCal (http://www.brownbearsw.com)is a web-based calendar that can be used to show meetings, events, or other schedules. calendars can be viewed, edited, and administered totally through the web. iCal is build for thin-clients, so access calendar without any plug-ins or java interpreters. I

Re: JS Bug makes it possible to deliberately crash Pocket PC IE (fwd)

2003-01-03 Thread angus
Can you be specific about what version of PIE you tested this vulnerability on? If you look at the following web pages you will see that PIE only supports a few HTML tags. http://support.microsoft.com/default.aspx?scid=kb;en-us;Q161319

JS Bug makes it possible to deliberately crash Pocket PC IE

2003-01-03 Thread Christopher Sogge Røtnes
PROBLEM DESCRIPTION: Calling a javascript from an object written to same page with the object.innerHTML function causes Pocket Internet Explorer (PIE from now on) to crash. SOFTWARE AFFECTED: Only PIE is affected, regular IE will show the pages as intented. EXAMPLE: html head titleCrash

[SECURITY] [DSA 221-1] New mhonarc packages fix cross site scripting

2003-01-03 Thread Martin Schulze
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 221-1 [EMAIL PROTECTED] http://www.debian.org/security/ Martin Schulze January 3rd, 2003

Solaris 2.x /usr/sbin/wall Advisory

2003-01-03 Thread Brant Roman
Affected Operating System(s): Solaris 2.x-9 Possibly others derived from ATT source code. Affected Program: /usr/sbin/wall Synopsis: Wall is a setgid tty program that broadcasts a message to every user currently logged into the system. It can also receive messages from remote hosts, via

fam Vulnerability Update

2003-01-03 Thread SGI Security Coordinator
-BEGIN PGP SIGNED MESSAGE- __ SGI Security Advisory Title: fam Vulnerability Update Number : 2301-03-I Date : January 3, 2002 Reference: SGI Security Advisory 2301-02-I

Pedestal Software Security Notice

2003-01-03 Thread Keith Woodard
Product: Integrity Protection Driver (IPD) Version: 1.3 and earlier Subject: New Integrity Protection Driver (IPD) Available Date: January 3, 2003 Solution: Upgrade to version 1.4 SUMMARY The Integrity Protection Driver (IPD) is an open source kernel driver for Windows NT and

Another way to bypass Integrity Protection Driver ('subst' vuln)

2003-01-03 Thread Jan Rutkowski
Another Way To Bypass Pedestal Software Integrity Protection Driver ('subst' vulnerability) Jan K. Rutkowski [EMAIL PROTECTED] About IPD -- IPD is an Open Source program

[RHSA-2002:270-16] Updated pine packages available

2003-01-03 Thread bugzilla
- Red Hat, Inc. Red Hat Security Advisory Synopsis: Updated pine packages available Advisory ID: RHSA-2002:270-16 Issue date:2003-01-03 Updated on:2003-01-02 Product:

Multiple libmcrypt vulnerabilities

2003-01-03 Thread Ilia A.
limbcrypt versions prior to 2.5.5 contain a number of buffer overflow vulnerabilities that stem from imporper or lacking input validation. By passing a longer then expected input to a number of functions (multiple functions are affected) the user can successful make libmcrypt crash. Another