Re: RE: playing for fun with <=IE7

So to root the box just some simple social engineering is needed? I mean technically speaking if someone clicks a link that downloads a rootkit for example, then appends "?explorer.exe" or equivalent wouldn't it be executed as a normal application? And if your rootkit was silent installer they a

HTML Injection Vuln in nssboard

Nssboard, formerly Simple PHP forum, is vulnerable to HTML injection including scripts (possible XSS) in two ways: 1. If BBcode is disabled, HTML tags are no longer stripped, allowing XSS attacks, etc. 2. Profile information (user, email, Real Name) is not filtered. For example a user could u

[ GLSA 200710-15 ] KDM: Local privilege escalation

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200710-15 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

eXtremail(ly easy) remote roots

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 The attached either exploit or demonstrate a rash of remotely exploitable bugs in eXtremail <=2.1.1 which perhaps should be renamed to the more apt name of eXtremely-rootable-mail... of course, in the grand schema, these are more-or-less completely

Xcomputer - Lang Parameter Cross-Site Scripting Vulnerability

# Xcomputer - Lang Parameter Cross-Site Scripting Vulnerability # Download: # http://www.xcomputer.cz/ # Bug found by JosS / Jose Luis Góngora Fernández # Contact: sys-project[at]hotmail.com # Spanish Hackers Team # www.spanish-hackers.com # /server irc.freenode.net /join #fullsecure # d0rk: "powe

[SECURITY] [DSA 1387-1] New librpcsecgss packages fix arbitrary code execution

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1387[EMAIL PROTECTED] http://www.debian.org/security/ Florian Weimer October 15th, 2007

Stringbeans (Portal) - Lang Parameter Cross-Site Scripting Vulnerability

# Stringbeans (Portal) - Lang Parameter Cross-Site Scripting Vulnerability # Download: # http://www.nabh.com/projects/sbportal # Bug found by JosS / Jose Luis Góngora Fernández # Contact: sys-project[at]hotmail.com # Spanish Hackers Team # www.spanish-hackers.com # /server irc.freenode.net /join #

InnovaShop™® (mgs.jps) Cross Siting Script ing

# InnovaShop™® (mgs.jps) Cross Siting Scripting # Download: # http://www.innovaage.com/ # http://www.innovaportal.com/ # Bug found by JosS / Jose Luis Góngora Fernández # Contact: sys-project[at]hotmail.com # Spanish Hackers Team # www.spanish-hackers.com # /server irc.freenode.net /join #fullsecu

SYMSA-2007-010: Microsoft ActiveSync 4.x Weak Password Obfuscation

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Symantec Vulnerability Research http://www.symantec.com/research Security Advisory Advisory ID: SYMSA-2007-010 Advisory Title: Microsoft ActiveSync 4.x Weak Password Obfusc

RE: playing for fun with <=IE7

Maybe this stems from built-in exceptions for CGI combined with unexpected server response. Have you tested with .cgi or .pl or .plx etc instead of .exe? What about different content types declared by the server?

Re: [Full-disclosure] Remote Desktop Command Fixation Attacks

CQ, maybe I am making a huge mistake for responding to your message, but let see. this is what I think about security in depth in a bit more detail. let say that we have a wireless network which is guarded by "security in depth" network administrators. the first thing they will do is to secure t

Third-party patch for CVE-2007-3896 (Internet Explorer 7 invalid URI handling) available

KJK::Hyperion ha scritto: > Since this issue is a great big rats nest, I promise a third-party patch > for it by tomorrow. Deal? And "tomorrow" turned out to be "whenever it's done". Here is it, have a temporary, third-party patch for CVE-2007-3896, by yours truly:

Re: Remote Desktop Command Fixation Attacks

ok, I am not questioning whether it is needed or not... anyway, instead of mailing a huge chunk of text again and clogging everyones email account, I decided to post my thoughts on the blog where they should be anyway, here is the link: http://www.gnucitizen.org/blog/clear On 10/12/07, Thor (Hamm

RE: [Full-disclosure] Remote Desktop Command Fixation Attacks

That may be a possible process/policy in some environments, but probably not most. Take education/academic environments for example. We really have to try to balance competing interests. For example, the very security and accessibility issues you describe on a macro scale. Not to mention other i

[ GLSA 200710-16 ] X.Org X server: Composite local privilege escalation

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200710-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

[SECURITY] [DSA 1386-1] New wesnoth packages fix denial of service

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 1386-1[EMAIL PROTECTED] http://www.debian.org/security/ Martin Schulze October 15th, 2007

[SECURITY] [DSA 1386-2] New wesnoth packages fix denial of service

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 1386-2[EMAIL PROTECTED] http://www.debian.org/security/ Martin Schulze October 15th, 2007

Clients buffer-overflow in Live for Speed 0.5X10

### Luigi Auriemma Application: Live for Speed http://www.lfs.net Versions: <= 0.5X10 Platforms:Windows Bug: client buffer-overflow during skins handling Exploitation:

RE: playing for fun with <=IE7

It is interesting. I've even confirmed the behavior with IE 7 in Vista. Although the real concern is if it could be used in an exploitation? The examples below aren't exploitable...just interesting outcomes. Roger * *Roger A. Grim