Different IE browser windows have different sessions and different session timeout timing

One of our user reported the following: ---- I discovered the reason why JIRA sometimes closes my IE session, it depends on the way you login: 1 When you login via navigation to your home page http://support/jira/secure/Dashboard.jspa all is ok, multiple JIRA sessions never expire. 2 When you log...

Different IE browser windows have different sessions and different session timeout timing

One of our user reported the following: ---- I discovered the reason why JIRA sometimes closes my IE session, it depends on the way you login: 1 When you login via navigation to your home page http://support/jira/secure/Dashboard.jspa all is ok, multiple JIRA sessions never expire. 2 When you log...

APC Management Vulnerability

We have found a security exploit in the latest APC firmware versions for there switched rack PDU products. We have only tested this against the version listed below on a AP7932 0u 30amp PDU. Name: rpdu Version: v3.5.5 Date: 07/18/2007 Time: 11:38:29 Name: aos Version: v3.5.6 Date: 07/18/2007 Time...

helios-xss.txt

Hi PacketStormSecurity.org; I'm reporting a vulnerability of type XSS in Helios Calendar, thank you for all. +==============================================================================+ + Helios Calendar =1.2.1 Beta XSS Multiple Remote Vulnerabilities +...

CVE-2002-2308

Netscape Communicator 6.2.1 allows remote attackers to cause a denial of service in client browsers via a webpage containing a recursive META refresh tag where the content tag is blank and the URL tag references itself...

CVE-2002-2313

The vulnerability CVE-2002-2313 affects Eudora email client 5.1.1 when the “use Microsoft viewer” option is enabled. An HTML email containing a META refresh tag that references an embedded .mhtml file with ActiveX controls can trigger execution of a second embedded program processed by Internet E...

Code injection

Google Desktop allows user-assisted remote attackers to execute arbitrary programs via a man-in-the-middle attack that injects JavaScript, a www.google.com search IFRAME, and a META HTTP-EQUIV="refresh" that targets a www.google.com search for a local .exe file, which is displayed in the "results...

CentOS 3 : XFree86 (CESA-2005:501)

Updated XFree86 packages that fix several integer overflows, various bugs, and add ATI RN50/ES1000 support are now available for Red Hat Enterprise Linux 3. This update has been rated as having important security impact by the Red Hat Security Response Team. XFree86 is an implementation of the X...

RHEL 3 : XFree86 (RHSA-2005:501)

Updated XFree86 packages that fix several integer overflows, various bugs, and add ATI RN50/ES1000 support are now available for Red Hat Enterprise Linux 3. This update has been rated as having important security impact by the Red Hat Security Response Team. XFree86 is an implementation of the X...

XFree86 security update

CentOS Errata and Security Advisory CESA-2005:501 Updated XFree86 packages that fix several integer overflows, various bugs, and add ATI RN50/ES1000 support are now available for Red Hat Enterprise Linux 3. This update has been rated as having important security impact by the Red Hat Security...

Important: Red Hat Security Advisory: XFree86 security update

Updated XFree86 packages that fix several integer overflows, various bugs, and add ATI RN50/ES1000 support are now available for Red Hat Enterprise Linux 3. This update has been rated as having important security impact by the Red Hat Security Response Team. XFree86 is an implementation of the X...

CVE-2005-0791

Cross-site scripting XSS vulnerability in adframe.php in phpAdsNew 2.0.4-pr1, when registerglobals is enabled, allows remote attackers to inject arbitrary web script or HTML via the refresh parameter...

CVE-2005-0791

Cross-site scripting XSS vulnerability in adframe.php in phpAdsNew 2.0.4-pr1, when registerglobals is enabled, allows remote attackers to inject arbitrary web script or HTML via the refresh parameter...

CVE-2003-0814

Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and execute Javascript by setting the window's "href" to the malicious Javascript, then calling execCommand"Refresh" to refresh the page, aka BodyRefreshLoadsJPU or the "ExecCommand Cross Domain" vulnerability...

CVE-2002-2308

Netscape Communicator 6.2.1 allows remote attackers to cause a denial of service in client browsers via a webpage containing a recursive META refresh tag where the content tag is blank and the URL tag references itself...

Code execution via Eudora

Using META REFRESH it's possible to launch mhtml file...

REFRESH: EUDORA MAIL 5.1.1

Tuesday, July 23, 2002 Trivial silent delivery and installation of an executable on a target computer. This can be accomplished with the default installation of the mail client Eudora 5.1.1: 'allow executables in HTML content' DISABLED 'use Microsoft viewer' ENABLED The manufacturer...

Выполнение приложений через Microsoft Internet Explorer для Macintosh (code execution)

Можно выполнить служебный системный скрипт через META REFRESH. Или через файл с образом диска...

CVE-1999-0993

The CVE-1999-0993 entry concerns Microsoft Exchange 5.5 where changes to ACLs do not take effect until the directory store cache is refreshed. Connected PT-1999-1512 confirms affected software: Microsoft Exchange 5.5, with the behavior that ACL modifications only apply after refreshing the direct...

PT-1999-1512 · Microsoft · Exchange Server

Name of the Vulnerable Software and Affected Versions: Microsoft Exchange version 5.5 Description: The issue concerns modifications to ACLs Access Control Lists in Microsoft Exchange. These modifications do not take effect until the directory store cache is refreshed. Recommendations: For Microso...