Re[4]: DoS vulnerabilities in Firefox, Internet Explorer, Chrome, Opera and other browsers

Dear John Smith, In general case we are discussing, DoS may be caused by e.g. some combination of allowed tags/properties or by malformed image. As it was pointed by author, this attack may be performed with scripting disabled (with [iframe src=]). That's why e-mail vector

Nginx 0.8.35 Space Character Remote Source Disclosure

# # Securitylab.ir # # Application Info: # Name: Nginx # Tested on nginx 0.8.35 # Nginx 0.8.36 and higher is not vulnerable

[security bulletin] HPSBUX02523 SSRT100036 rev.2 - HP-UX Running ONCplus rpc.pcnfsd, Remote Denial of Service (DoS), Increase in Privilege

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02115103 Version: 2 HPSBUX02523 SSRT100036 rev.2 - HP-UX Running ONCplus rpc.pcnfsd, Remote Denial of Service (DoS), Increase in Privilege NOTICE: The information in this Security Bulletin

[Suspected Spam]Vulnerability in ArtDesign CMS

Hello Bugtraq! I want to warn you about security vulnerability in ArtDesign CMS. It's Ukrainian commercial CMS. - Advisory: Vulnerability in ArtDesign CMS - URL: http://websecurity.com.ua/4035/ - Affected

GR Board v1.8.6.1 stab (page.php?theme) Remote File Inclusion Vulnerability

GR Board v1.8.6.1 stab (page.php?theme) Remote File Inclusion Vulnerability 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 _ __

IS-2010-001 - Netgear WG602v4 Saved Pass Stack Overflow

Security Advisory IS-2010-001 - Netgear WG602v4 Saved Pass Stack Overflow Advisory Information Published: 2010-05-30 Updated: 2009-05-30 Manufacturer: Netgear Model: WG602v4 Firmware version: V1.1.0 (Europe) Vulnerability Details - Class: Buffer

Re: Ghostscript 8.64 executes random code at startup

Someone pointed out that even with -P-, gs will read gs_init.ps from current directory: http://bugs.ghostscript.com/show_bug.cgi?id=691350 Still, they do not regard this with any urgency. I also see no -P- and no absolute paths for the ps files mentioned in many gs scripts e.g. /usr/bin/pdf2dsc

DM Database Server Memory Corruption Vulnerability

DM Database Server Memory Corruption Vulnerability Vulnerable: All Version Vendor: www.dameng.com Discovered by: Shennan Wang (HuaweiSymantec SRT) Details: = A vulnerability in DM Database Server all version allows attacker to execute arbitrary code or cause a

Re: Re[4]: DoS vulnerabilities in Firefox, Internet Explorer, Chrome, Opera and other browsers

Hi Vladimir, Thanks for your views. I was carried away because the author used scripts (in a global script tag) in the PoC of the issue in question which made unconditional recursion possible. Without scripts enabled, if iframe's src property is set to itself(?), it is parsed upto 1 level

GR Board v1.8.6. (theme) Local File Inclusion Vulnerability

=== GR Board v1.8.6. (theme) Local File Inclusion Vulnerability === 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 _ __ __

Re: Nginx 0.8.35 Space Character Remote Source Disclosure

what about the stable branch? Versions 0.7.65 and earlier?

Re: DoS vulnerabilities in Firefox, Internet Explorer, Chrome and Opera

Hello Susan and other readers, who replied to my previous advisory. Earlier I've already answered Vladimir, now I'd answer Susan and soon I'd answer John. But now one important note to every reader of the list, including John Smith. Which I already wrote about 1,5 week ago (after posting of a