52 matches found
Mozilla Firefox SSL Certificate Spoofing Vulnerability - Windows
Mozilla Firefox is prone to SSL certificate spoofing vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Silently Pwning Protected-Mode IE9 and Innocent Windows Applications
Our advanced binary planting research goes on... and it's time to reveal some interesting hacks, for instance how to exploit binary planting or DLL hijacking, if you prefer the less suitable term to execute remote malicious code through Internet Explorer 9 in protected mode on Windows 7 - without...
The Problem of Issuing Certs For Unqualified Names
The recent attack on Comodo and several of its associated registration authorities has spurred quite a bit of re-examination of the way that the Web’s certificate authority infrastructure works–or doesn’t. One interesting result of this work is that the folks at the Electronic Frontier Foundation...
Non-secure content warning in IE8 on the Dashboards screen caused by the wiki renderer
Wiki renderer-generated contents e.g. in the activity stream include references to icons with http prefix that cause IE8 to generate security warnings for JIRA instances accessible via HTTPS. To reproduce it, have contents in the activity stream gadget contain icons included by the wiki renderer,...
Firefox Gets Browser Boost From IE Attacks
Mozilla yesterday reported a “huge increase” in downloads of Firefox in Germany after that country’s computer security agency urged users of Microsoft’s Internet Explorer to dump the browser and run a rival instead. Read the full article. Computerworld...
[Full-disclosure] Invision Power Board 2.1.7 debug mode vulnerability
Debug mode is a feature in IPB 2.0.0-2.1.7 that shows all database queries for each forum page requested. If Debug mode is turned on, it is possible for anyone to request a forgotten password for an account, and capture the validation key that is sent to the account's email address. This allows a...
CVE-2006-0765
GUI display truncation vulnerability in ICQ Inc. formerly Mirabilis ICQ 2003a, 2003b, Lite 4.0, Lite 4.1, and possibly other Windows versions allows user-assisted remote attackers to hide malicious file extensions, bypass Windows security warnings via a filename that is all uppercase and of a...
CVE-2006-0765
GUI display truncation vulnerability in ICQ Inc. formerly Mirabilis ICQ 2003a, 2003b, Lite 4.0, Lite 4.1, and possibly other Windows versions allows user-assisted remote attackers to hide malicious file extensions, bypass Windows security warnings via a filename that is all uppercase and of a...
MS Internet Explorer 6.0 SP2 File Download Security Warning Bypass
Exploit for unknown platform in category remote exploits ================================================================== MS Internet Explorer 6.0 SP2 File Download Security Warning Bypass ================================================================== Orginal Advisory and exploit by...
Microsoft Internet Explorer 6.0 SP2 - File Download Security Warning Bypass
Microsoft Internet Explorer 6.0 SP2 - File Download Security Warning Bypass Orginal Advisory and exploit by cyberflash Vengy Circumvent Windows XP SP2 security features using execCommand 'SaveAs' function! Demonstration: Notice that you don't receive any warning messages such as: "File Download -...
CVE-2002-2351
Eudora 5.1 allows remote attackers to bypass security warnings and possibly execute arbitrary code via attachments with names containing a trailing "." dot...
microsoft.virus.txt
Date: Sun, 25 Apr 1999 13:13:34 +0100 From: T Bruce Tober Subject: You'd think they'd know better... ...or maybe not. I mean, it is Microcrap we're talking about here, viz this article from Woody's Woody's Office Watch, and if there's anyone more pro-Microsoft it's only Bill G himself,: Read the...