JVN#26408023: Internet Explorer vulnerable to cross-site scripting

Internet Explorer contains a cross-site scripting vulnerability due to the processing of malformed file names. Impact An arbitrary script may be executed on the user's web browser when the setting for "Use folder view for FTP sites" is turned off. Note that this setting is turned on by default...

FreeBSD -- Cross-site request forgery in ftpd(8)

Problem Description: The ftpd8 server splits long commands into several requests. This may result in the server executing a command which is hidden inside another very long command. Impact: This could, with a specifically crafted command, be used in a cross-site request forgery attack. FreeBSD...

[slackware-security] mozilla-firefox

New mozilla-firefox packages are available for Slackware 10.2, 11.0, 12.0, and 12.1 to fix security issues. More details about the issues may be found on the Mozilla site: http://www.mozilla.org/security/known-vulnerabilities/firefox20.html Here are the details from the Slackware 12.1 ChangeLog:...

[slackware-security] mysql

New mysql packages are available for Slackware 9.1, 10.0, 10.1, 10.2 and -current to fix security issues. The MySQL packages shipped with Slackware 9.1, 10.0, and 10.1 may possibly leak sensitive information found in uninitialized memory to authenticated users. This is fixed in the new packages,...

DeluxeFTP FTP client weak permissions

FTP sites accounts are stored in world readable file...

CVE-2003-0041

Kerberos FTP client allows remote FTP sites to execute arbitrary code via a pipe | character in a filename that is retrieved by the client...

Microsoft Internet Explorer 'Folder View for FTP sites' Script Execution vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 + Title: Microsoft Internet Explorer 'Folder View for FTP sites' Script Execution vulnerability + Date: 7 June 2002 + Author: Eiji James Yoshida [email protected] + Risk: Medium + Vulnerable: Windows2000 SP2 IE5.5SP1 Windows2000 SP2 IE5.5SP2...