9795 matches found
CVE-1999-0537
Technical details are not publicly available in the provided documents. Monitor for updates.
outlook5.vuln.txt
Georgi Guninski security advisory 6, 2000 Outlook Express 5 vulnerability - Active Scripting may read email messages Disclaimer: The opinions expressed in this advisory and program are my own and not of any company. The usual standard disclaimer applies, especially the fact that Georgi Guninski i...
Microsoft Outlook Express 5 - JavaScript Email Access
Microsoft Outlook Express 5 - JavaScript Email Access source: https://www.securityfocus.com/bid/962/info Microsoft Outlook Express 5, and possibly other email clients that parse HTML messages, can be made to run Active Scripting that will read any new messages that arrive after the hostile code h...
Microsoft Outlook Express 5 - JavaScript Email Access
source: https://www.securityfocus.com/bid/962/info Microsoft Outlook Express 5, and possibly other email clients that parse HTML messages, can be made to run Active Scripting that will read any new messages that arrive after the hostile code has been run. Example code: a=window.open"about:Click...
javascript.hotmail.txt
Georgi Guninski security advisory 3, 2000 Yet another Hotmail security hole - injecting JavaScript in IE using "@import urljavascript:..." Disclaimer: The opinions expressed in this advisory and program are my own and not of any company. The usual standard disclaimer applies, especially the fact...
netscape.msredir.txt
The first version of this document was created by Georgi Guninski, i would like to report that this bug also works on netscape Tested 4.7. I added the document with needed changes for netscape. Disclaimer: The opinions expressed in this advisory and program are my own and not of any company. The...
CVE-2000-0329
A Microsoft ActiveX control allows a remote attacker to execute a malicious cabinet file via an attachment and an embedded script in an HTML mail, aka the "Active Setup Control" vulnerability...
Microsoft Internet Explorer 4.x5 Outlook 2000 098 0Express 4.x - ActiveX .CAB File Execution
Microsoft Internet Explorer 4.x5 Outlook 2000 098 0Express 4.x - ActiveX .CAB File Execution Microsoft Internet Explorer 4.0 for Windows 95/Windows NT 4,Internet Explorer 4.1 for Windows 95/Windows 98/Windows NT 4,Internet Explorer 5.0 for Windows 2000/Windows 95/Windows 98/Windows NT 4,Internet...
ie5.javascript.redirect.txt
IE 5.0 allows reading local and from any domain files and window spoofing using HTTP redirection to "javascript:" Disclaimer: The opinions expressed in this advisory and program are my own and not of any company. The usual standard disclaimer applies, especially the fact that Georgi Guninski is n...
tcp.md5.router.dos.txt
Date: Mon, 14 Jun 1999 14:29:54 -0400 From: Craig Metz To: [email protected] Subject: TCP MD5 option problem I was implementing the RFC 2385 "Protection of BGP Sessions via the TCP MD5 Signature Option" option in the OpenBSD stack. For those who don't know the significance of this option, it i...
msie.5.dhtml.cuartango.txt
Date: Wed, 24 Mar 1999 12:11:09 +0100 From: Juan Carlos Garcia Cuartango To: [email protected] Subject: IE 5 security vulnerabilities Greetings, Microsoft delivers with IE 5 an Active X control called "DHTML Edit control Safe for Scripting for IE 5". In my opinion this control IS N...
activeX.file.system.object.txt
Date: Thu, 11 Feb 1999 17:37:18 -0500 From: Gary Geisbert To: [email protected] Subject: Using FSO in ASP to view just about anything This active server page opens the FileSystemObject and streams the contents of the file specified in the "file" parameter. The problem with FSO is...
Multiple Unix Netstat Service Remote Information Disclosure
The remote host is running a 'netstat' service on this port. The 'netstat' service provides useful information to an attacker, since it gives away the state of the active connections. It is recommended that you disable this service if you do not use it. C Tenable Network Security, Inc. include...
Microsoft IIS 4.0 / Microsoft JET 3.5/3.5.1 Database Engine - VBA
source: https://www.securityfocus.com/bid/286/info Microsoft's JET database engine feature allows the embedding of Visual Basic for Application in SQL string expressions and the lack of metacharacter filtering by many web applications may allow remote users to execute commands on the system...
Microsoft IIS 4.0 Microsoft Site Server 3.0 - Showcode ASP
Microsoft IIS 4.0 Microsoft Site Server 3.0 - Showcode ASP source: https://www.securityfocus.com/bid/167/info A sample Active Server Page ASP script installed by default on Microsoft's Internet Information Server IIS 4.0 gives remote users access to view any file on the same volume as the web...
Microsoft IIS 4.0 / Microsoft Site Server 3.0 - Showcode ASP
source: https://www.securityfocus.com/bid/167/info A sample Active Server Page ASP script installed by default on Microsoft's Internet Information Server IIS 4.0 gives remote users access to view any file on the same volume as the web server that is readable by the web server. IIS 4.0 installs a...
CVE-1999-1375
FileSystemObject FSO in the showfile.asp Active Server Page ASP allows remote attackers to read arbitrary files by specifying the name in the file parameter...
Microsoft IIS 3.04.0 - Using ASP and FSO To Read Server Files
Microsoft IIS 3.04.0 - Using ASP and FSO To Read Server Files source: https://www.securityfocus.com/bid/230/info The File System Object FSO may be called from an Active Server Page ASP to display files that exist outside of the web server's root directory. FSO allows calls to be made utilizing...
Microsoft IIS 3.0/4.0 - Using ASP and FSO To Read Server Files
source: https://www.securityfocus.com/bid/230/info The File System Object FSO may be called from an Active Server Page ASP to display files that exist outside of the web server's root directory. FSO allows calls to be made utilizing "../" to exit the local directory path. An example of this synta...
PT-1999-1234 · Unknown · Ident/Identd
Name of the Vulnerable Software and Affected Versions: ident/identd affected versions not specified Description: The issue concerns the ident/identd service being active. There is no information provided about the estimated number of potentially affected devices or real-world incidents where this...