[Full-Disclosure] Secunia Research: Yahoo! Messenger File Transfer Filename Spoofing

- Vulnerability discovered. 10/01/2005 - Vendor notified. 19/01/2005 - Vendor confirms the vulnerability. 17/02/2005 - Vendor issued fixed version. 18/02/2005 - Public disclosure. == 6) Credits Discovered by Andreas Sandblad, Secunia

[Full-Disclosure] [VulnWatch] Secunia Research: Yahoo! Messenger File Transfer Filename Spoofing

- Vulnerability discovered. 10/01/2005 - Vendor notified. 19/01/2005 - Vendor confirms the vulnerability. 17/02/2005 - Vendor issued fixed version. 18/02/2005 - Public disclosure. == 6) Credits Discovered by Andreas Sandblad, Secunia

[Full-Disclosure] Secunia Research: Microsoft Internet Explorer createControlRange() Memory Corruption

by Andreas Sandblad, Secunia Research. == 7) References The Common Vulnerabilities and Exposures (CVE) project has assigned candidate number CAN-2005-0055 for the vulnerability. MS05-014 (KB867282): http://www.microsoft.com

[Full-Disclosure] Secunia Research: Microsoft Internet Explorer Multiple Vulnerabilities

. == 6) Credits Discovered by Andreas Sandblad, Secunia Research. == 7) References The Common Vulnerabilities and Exposures (CVE) project has assigned candidate number CAN-2005

[Full-Disclosure] [sb] [VulnWatch] Secunia Research: Microsoft Internet ExplorercreateControlRange() Memory Corruption

by Andreas Sandblad, Secunia Research. == 7) References The Common Vulnerabilities and Exposures (CVE) project has assigned candidate number CAN-2005-0055 for the vulnerability. MS05-014 (KB867282): http://www.microsoft.com

[Full-Disclosure] [sb] [VulnWatch] Secunia Research: Microsoft Internet Explorer MultipleVulnerabilities

. == 6) Credits Discovered by Andreas Sandblad, Secunia Research. == 7) References The Common Vulnerabilities and Exposures (CVE) project has assigned candidate number CAN-2005

[Full-Disclosure] [VulnWatch] Secunia Research: Microsoft Internet Explorer MultipleVulnerabilities

. == 6) Credits Discovered by Andreas Sandblad, Secunia Research. == 7) References The Common Vulnerabilities and Exposures (CVE) project has assigned candidate number CAN-2005

[Full-Disclosure] [sb] [VulnWatch] Secunia Research: Microsoft Internet Explorer MultipleVulnerabilities

. == 6) Credits Discovered by Andreas Sandblad, Secunia Research. == 7) References The Common Vulnerabilities and Exposures (CVE) project has assigned candidate number CAN-2005

Re: [Full-Disclosure] shell:windows command question

: issue should have been reported to the Mozilla security team before publiced to the masses. /Andreas Sandblad On Wed, 7 Jul 2004, Barry Fitzgerald wrote: I just verified this in Mozilla 1.7 on Windows XP pro. (I know -- no reason why it shouldn't work on 1.7 if it worked on firefox) In any

Re: [Full-Disclosure] shell:windows command question

Sandblad On Thu, 8 Jul 2004, Andreas Sandblad wrote: It doesn't seem to affect Windows 2000, only Windows XP. This is a fault in Mozilla. Why? Because it allows access to a dangerous protocol from within a non local resource. The Mozilla project should fix this before anyone creates an exploit

Re: [Full-Disclosure] shell:windows command question

). Tested environment: Windows XP pro + FireFox 0.9.1 /Andreas Sandblad On Wed, 7 Jul 2004, Perrymon, Josh L. wrote: -snip-- centerbrbrimg src=nocigar.gif/center center a href=shell:windows\snakeoil.txtwho goes there/a/center iframe src=http://windowsupdate.microsoft.com%2F.http