4938 matches found
ieBypass.txt
Hi LIST. Windows XP SP2 forces the titlebar to be present in script-initiated Internet Explorer windows. In the titlebar, domain name is listed before the page title. Using magic DNS,this domain name can be exploited by malicious people to trick users into visiting a malicious popup window. The...
CVE-2004-1381
Firefox before 1.0 and Mozilla before 1.7.5 allow inactive background tabs to focus on input being entered in the active tab, as originally reported using form fields, which allows remote attackers to steal sensitive data that is intended for other sites, which could facilitate phishing attacks...
OutlookMuteX.txt
' Recent versions of Outlook, as well as a released patch, ' make Outlook prompt the user whenever a remote appliction ' tries to access specific contact information in the Outlook ' Contact database. The user can then decide to allow or not ' allow the application to get that access. ' ' Microso...
CVE-2004-2655
rdesktop 1.3.1 with xscreensaver 4.14, and possibly other versions, when running on Fedora and possibly other platforms, does not release the keyboard focus when xscreensaver starts, which causes the password to be entered into the active window when the user unlocks the screen...
CVE-2004-2655
rdesktop 1.3.1 with xscreensaver 4.14, and possibly other versions, when running on Fedora and possibly other platforms, does not release the keyboard focus when xscreensaver starts, which causes the password to be entered into the active window when the user unlocks the screen...
CVE-2004-2655
rdesktop 1.3.1 with xscreensaver 4.14, and possibly other versions, when running on Fedora and possibly other platforms, does not release the keyboard focus when xscreensaver starts, which causes the password to be entered into the active window when the user unlocks the screen...
CVE-2004-1381
Firefox before 1.0 and Mozilla before 1.7.5 allow inactive background tabs to focus on input being entered in the active tab, as originally reported using form fields, which allows remote attackers to steal sensitive data that is intended for other sites, which could facilitate phishing attacks...
[slackware-security] Mozilla
New Mozilla 1.7.3 packages are available for Slackware 10.0 and -current to fix security issues. Here are the details from the Slackware 10.0 ChangeLog: patches/packages/mozilla-1.7.3-i486-1.tgz: Upgraded to mozilla-1.7.3. The Mozilla page says this fixes some "minor security holes". It also brea...
PISG 0.54 - IRC Nick HTML Injection
source: https://www.securityfocus.com/bid/10195/info pisg has been reported prone to an input validation vulnerability. The issue will only present itself when pisg is used to monitor an IRC server that does not place limitations on IRC Nick values that can be used. If an attacker specifies HTML...
MNOGoSearch 3.1.20 - 'search.cgi?UL' Remote Buffer Overflow (2)
source: https://www.securityfocus.com/bid/7865/info mnoGoSearch 'search.cgi' has been reported prone to a buffer overflow vulnerability. The issue is a result of a lack of sufficient bounds checking performed on user-supplied URI parameters that are passed to the 'search.cgi' application. It may ...
HTML.cobble
Sunday, April 1, 2001 Default installation of Internet Explorer 5.5 with all of its so-called patches, service "packs" etc, still allows us to execute files on default installations of the target computer: Once Again: We cobble together new and old Components as follows : - 1. Courtesy of Georgi...
Micro Focus Cobol 4.1 - Arbitrary Command Execution
Micro Focus Cobol 4.1 - Arbitrary Command Execution source: https://www.securityfocus.com/bid/2359/info Micro Focus Cobol is a development suite for unix platforms offered by Merant. It is typically licensed on a per-user basis. If Micro Focus Cobol is installed with the 'Apptrack' feature enable...
Micro Focus Cobol 4.1 - Arbitrary Command Execution
source: https://www.securityfocus.com/bid/2359/info Micro Focus Cobol is a development suite for unix platforms offered by Merant. It is typically licensed on a per-user basis. If Micro Focus Cobol is installed with the 'Apptrack' feature enabled, local users may be able to elevate privileges. A...
Exploit Code for File Input field advisory.
I have coded an exploit example for the "File Upload via Form" vulnerability recently mentioned by Microsoft Security. Here's the source for it well, most of the source. If you would like the whole source, email me. I'll send it as an attachment. --------------snip------------------ !script...
Check Point Software Firewall-1 3.0/1 4.0/1 4.1 - Session Agent Dictionary Attack (1)
source: https://www.securityfocus.com/bid/1662/info A vulnerability exists in all versions of the Check Point Session Agent, part of Firewall-1. Session Agent works in such a way that the firewall will establish a connection back to the client machine. Upon doing so, it will prompt for a username...
Immunity Canvas: WUFTPD_SEXEC
Name| wuftpdsexec ---|--- CVE| CVE-2000-0573 Exploit Pack| CANVAS Description| WuFTPD SITE EXEC Formatstring Bug Notes| References: http://www.securityfocus.com/bid/1387 CVE Name: CVE-2000-0573 VENDOR: wuftpd.org Repeatability: Multiple tries Date public: 22-06-2000 CERT Advisory:...
Очередной обзор Security Focus
No description provided...
Вышел очередной обзор Security Focus
No description provided...