Tuesday April 2, 2002
Various Vulnerabilities in ZoneAlarm MailSafe
*
Scope
---
Edvice recently tested ZoneLabs ZoneAlarm Pro ability to detect and
quarantine incoming e-mail attachments that may contain malicious code
or viruses. This
Sunday 29 July 2001
Various problems in Ternd Micro AppletTrap Script filtering
===
This is a different advisory than the one we posted on July 9
(http://archives.neohapsis.com/archives/bugtraq/2001-07/0129.html).
Product Background
--
Monday 9 July 2001
eDvice Security Services Advisory - Various problems in Trend Micro
AppletTrap URL filtering
Product Background
--
Trend Micro AppletTrap is a product for blocking malicious Java applets,
malicious JavaScript and unsecured ActiveX controls at the gateway. The
29 May 2001
This is the third of 3 sequential advisories we are issuing regarding
Aladdin eSafe Gateway.
Status
The entire content of this advisory was reviewed and acknowledged by
Aladdin.
Product Background
--
eSafe Gateway is an Internet Content Security prod
ing scripts to penetrate their systems. These
hostile sites can easily bypass eSafe by adding the code to an href tag or
any other tag. Even worse is the false sense of security given by Aladdin's
claim that all scripts are removed from the HTML files.
====
Discovered b
able to this attack, see our following two
advisories for vulnerabilities in version 3.0.
Discovered by:
eDvice Security Services
[EMAIL PROTECTED]
http://www.edvicetech.com
Tel: +972-3-6120133
Fax: +972-3-6954837
ng until vendor releases a fix.
========
Discovered by:
eDvice Security Services
[EMAIL PROTECTED]
http://www.edvicetech.com
Tel: +972-3-6120133
Fax: +972-3-6954837
n the inner " " will be extracted
and we will be left with the following HTML code:
alert("hi");
Solution
--
Do not rely on eSafe Gateway for HTML filtering until Aladdin fixes the
problem.
Discovered by:
eDvice Security Services
[EMAI