MSIEv6 % encoding causes a problem again

it's about cross-site scripting at MSIEv6 client side using encoding, but not the same as the one by PeaceFire.org which doesn't work on my PC. testedMSIEv6CN version IEXPLORE.EXE file version: 6.0.2600.0000 MSHTML.DLL file version: 6.00.2600.0000 demo at...

CVE-2002-0452

Foundry Networks ServerIron switches do not decode URIs when applying "url-map" rules, which could make it easier for attackers to cause the switch to forward traffic to a different server than intended and exploit vulnerabilities that would otherwise be inaccessible...

Buffer overflow in PGP Outlook Encryption Plug-in

heap overflow on message decoding...

CVE-2002-0452

CVE-2002-0452 concerns Foundry Networks ServerIron switches where URIs are not decoded when applying a url-map rule. The root cause is improper URI decoding, which could allow an attacker to alter traffic routing so that requests are forwarded to a different server than intended. The documented i...

IBM Informix Web DataBlade: Auto-decoding HTML entities

IBM Informix Web DataBlade: Auto-decoding HTML entities By Simon Lodal, Denmark Vendor status: Notified months ago, said they would be working on updates, never heard anything. Software: Web DataBlade 4.12, IDS 9.20/9.21, Linux 2.2/2.4, SunOS 5.7 OS, IDS and WDB versions seem to be irrelevant...

Обход защиты URL в ServerIron (protection bypass)

При разборе URI не происходит декодирования, что может привести к неправильному определению типа файла...

CVE-2001-0720

Internet Explorer 5.1 for Macintosh on Mac OS X allows remote attackers to execute arbitrary commands by causing a BinHex or MacBinary file type to be downloaded, which causes the files to be executed if automatic decoding is enabled...

CVE-2001-0720

CVE-2001-0720 affects Internet Explorer 5.1 for Macintosh on Mac OS X. The issue allows remote execution of arbitrary commands by triggering the download of a BinHex or MacBinary file type that is executed if automatic decoding is enabled. The vulnerability arises in how the browser handles certa...

CVE-2001-1035

Binary decoding feature of slrn 0.9 and earlier allows remote attackers to execute commands via shell scripts that are inserted into a news post...

Oracle9i Application Server Apache PL/SQL module does not properly decode URL

Overview A vulnerability exists in the Apache Procedural Language/Structured Query Language PL/SQL module used by Oracle9i Application Server iAS in which the module does not properly decode double URL encoded strings. This vulnerability could allow an intruder to read files outside the web...

Переполнение буфера в thttpd (buffer overflow)

Переполнение буфера при base64-декодировании заголовка HTTP-авторизации...

CVE-2001-1035

Binary decoding feature of slrn 0.9 and earlier allows remote attackers to execute commands via shell scripts that are inserted into a news post...

Roxen security alert: URL decoding vulnerable

Roxen Webserver 2.0 up to version 2.0.92 and 2.1 up to version 2.1.264 has a vulnerability that allows any user to retrieve any file from the host with the privileges of the web server. Having the CGI-module enabled escalates the problem by making it possible to run any executable. Description In...

CVE-2001-1118

A module in Roxen 2.0 before 2.0.92, and 2.1 before 2.1.264, does not properly decode UTF-8, Mac and ISO-2202 encoded URLs, which could allow a remote attacker to execute arbitrary commands or view arbitrary files via an encoded URL...

Sambar Server all versions password decoding

Topic: Sambar Server all versions password decoding Author: 3APA3A SECURITY.NNOV advisories: http://www.security.nnov.ru/advisories Vulnerable: All Sambar versions up to 5.0 beta Impact: passwords can be decoded back to cleartext Vendor URL: http://www.sambar.com Released: 24 July 2001 Credits:...

Декодирование паролей в Sambar (password decoding)

пароли хранятся в обратимом виде и могут быть декодированы...

SECURITY.NNOV: Sambar Server all versions password decoding

Hello, Topic: Sambar Server all versions password decoding Author: 3APA3A [email protected] SECURITY.NNOV advisories: http://www.security.nnov.ru/advisories Vulnerable: All Sambar versions up to 5.0 beta Impact: passwords can be decoded back to cleartext Vendor URL: http://www.sambar.com...

Слабый алгоритм шифрования в Crypt-PW (weak encryption)

Шифрованный парль легко декодируется...

sa2001_02.txt

NSFOCUS Security Advisory SA2001-02 - The nsfocus team has found a vulnerability in filename processing of CGI program in MS IIS4.0/5.0, as discussed in ms01-026. CGI filename is decoded twice by error. Exploitation of this vulnerability leads to intruders being able to run arbitrary system...

Дырка в IIS (double decoding directory traversal)

Путь к CGI-программе декодируется дважды, что позволяет обойти проверку на обратный путь в директориях...