hotmail.passwd.trap.txt

Date: Fri, 23 Apr 1999 13:55:24 -0500 From: David L. Nicol To: [email protected] Subject: javascript hotmail password trap Hello, I was informed this morning that a free form data mailer I maintain http://www.tipjar.com/generic.html was being involved in a javascript-based hotmail password...

msie4.x-readfile.txt

Guninski's IE 4 file reading bug. http://www.geocities.com/ResearchTriangle/1711/read3.html There is a bug in Internet Explorer 4.x patched which allows reading local files and sending them to an arbitrary server. The problem is: if you add '%01someURL' after the URL, IE thinks that the document ...

netscape4.5-read-dir.txt

---------------------------------------------------------------- Date: Mon, 23 Nov 1998 10:36:40 PST From: Georgi Guninski To: [email protected] Subject: Netscape Communicator 4.5 can read local files There is a bug in Netscape Communicator 4.5 for Windows 95 and 4.05 for WinNT 4.0 probably...

msie4.01-window-spoof.txt

Guninski's IE 4 window spoofing. http://www.geocities.com/ResearchTriangle/1711/read4.html There is a bug in Internet Explorer 4.01 patched which allows "window spoofing". The problem is: if you add '%01someURL' after the URL, IE thinks that the document is loaded from the domain of 'someURL'. Th...

browser.forkbomb.txt

Jim Paris http://home.jtan.com/jim/bugs/both/fork.html Repeated Browser Spawning New browser windows can be opened automatically with Javascript's window.open command. This page simply spawns a neverending supply of windows. This is similar to the Unix "while1fork;" attack. Any browser that...

hotmail-javascript-8-98.txt

Date: Mon, 24 Aug 1998 14:21:56 -0600 From: Tom Cervenka Subject: Serious Security Hole in Hotmail We have just found a serious security hole in Microsoft's Hotmail service http://www.hotmail.com which allows malicious users to easily steal the passwords of Hotmail users. The exploit involves...