security-protocols.com

marcelo-ar.blogspot.com

Marcelo-ar: Vulnerablidad no especificada en Internet Explorer podría permitir la ejecución de codigo malicioso

http://marcelo-ar.blogspot.com/2005/08/vulnerablidad-no-especificada-en.html

Blog de Marcelo.ar - Noticias que no le interesan a nadie. ;-). Lunes, agosto 29, 2005. Vulnerablidad no especificada en Internet Explorer podría permitir la ejecución de codigo malicioso. Tom Ferris, de Security-Protocols. Reporta una vulnerabilidad en "Internet Explorer 6 - Windows XP SP2" con todos los parches al día. De momento, Tom Ferris aún se encuentra investigando esta vulnerabilidad, y no ha provisto detalles de la misma, solo provee una captura de pantalla con el IE fallando. Links to this post.

eyeonsecurity.org

Eye on Security - When your server ends up a Warez site

http://eyeonsecurity.org//papers/ftpscanning.html

Yabb and UBB CSS. When your server ends up a Warez site. Introduction to the Warez scene. How pub scanners (Warez dealers who search. For open FTP sites) do it. Tools of the trade. Methods used by pub scanners to provide. Anonimity and maintain a stronghold on the ftp site. An administrator's view of the FTP scanning activities. How administrators should secure their FTP server. Download Paper (need pdf view eg. acrobat reader).

eyeonsecurity.org

Eye on Security - Advisories

http://eyeonsecurity.org//advisories

Incredimail allows automatic over writing of files on your hard disk. This exploit lets malicious users to over write files, possibly leading to Denial of Service (cannot boot OS style :). Extent RBS directory Transversal. Allows you to retrieve files on the hard disk, such as RBS database, which has user passwords in clear text. CSS vulnerabilities in YaBB and UBB allow account hijack [Multiple Vendor]. Web Browsers vulnerable to the Extended HTML Form Attack. A buffer overflow, remote file deletion, de...

eyeonsecurity.org

Eye on Security - papers

http://eyeonsecurity.org/papers

Bypassing JavaScript Filters – the Flash! A previously unpublished way to inject CSS (Cross site scripting) attack on Web Applications which allow Flash content. Many sites may currently be vulnerable to this kind of attack. Extended HTML Form Attack. A new Cross Site Scripting attack which effects (at least) major browsers Internet Explorer and Opera. This one makes use of forms targeted at non-HTTP services. Microsoft Passport Account Hijack Attack. When your server ends up a Warez site.

eyeonsecurity.org

Eye on Security - papers

http://eyeonsecurity.org//papers/index.html

Bypassing JavaScript Filters – the Flash! A previously unpublished way to inject CSS (Cross site scripting) attack on Web Applications which allow Flash content. Many sites may currently be vulnerable to this kind of attack. Extended HTML Form Attack. A new Cross Site Scripting attack which effects (at least) major browsers Internet Explorer and Opera. This one makes use of forms targeted at non-HTTP services. Microsoft Passport Account Hijack Attack. When your server ends up a Warez site.

eyeonsecurity.org

Eye on Security - papers

http://eyeonsecurity.org//papers

Bypassing JavaScript Filters – the Flash! A previously unpublished way to inject CSS (Cross site scripting) attack on Web Applications which allow Flash content. Many sites may currently be vulnerable to this kind of attack. Extended HTML Form Attack. A new Cross Site Scripting attack which effects (at least) major browsers Internet Explorer and Opera. This one makes use of forms targeted at non-HTTP services. Microsoft Passport Account Hijack Attack. When your server ends up a Warez site.

eyeonsecurity.org

Eye on Security - Advisories

http://eyeonsecurity.org/advisories

Incredimail allows automatic over writing of files on your hard disk. This exploit lets malicious users to over write files, possibly leading to Denial of Service (cannot boot OS style :). Extent RBS directory Transversal. Allows you to retrieve files on the hard disk, such as RBS database, which has user passwords in clear text. CSS vulnerabilities in YaBB and UBB allow account hijack [Multiple Vendor]. Web Browsers vulnerable to the Extended HTML Form Attack. A buffer overflow, remote file deletion, de...

eyeonsecurity.org

Eye on Security - news

http://eyeonsecurity.org//advisories/msngroups/index.html

MSN Groups makes cross site scripting easy. MSN Groups makes cross site scripting easy. Original Post to the security mailing lists. Microsoft's response (for your enjoyment). You need to sign in 1st). Coverage on Flash sites. The guy commenting doesn't seem to get XSS. Quite some discussion. some of the posts are funny others veru helpfull. They had to issue a fix but we have no further information about this.

eyeonsecurity.org

Eye on Security - Articles

http://eyeonsecurity.org/articles

About Sniffers - Their (ab)use in Networks. A short introduction to Sniffers, various products described and their use by the administrator and the intruder. Security Trends - What they forget to secure. Describes various unprotected holes through which a hacker may get inside the corporate network from an untrusted network such as the Internet. Browsing Websites at your own risk. An article about security issues in Internet Explorer and Netscape, hilighting the danger of unpatched web browsers.

eyeonsecurity.org

Eye on Security - links

http://eyeonsecurity.org/links

Great Site with a huge up-to-date tutorial section and a nice forum. The best allround security site. Very organised. I'm always connected to this site :). I like this one as well. Buy your geeky shirts and stuff from here. A friend of mine's site . this guy released some interesting advisories. A huge security archive and news site. A hacker's group website - they released some of the best pen-testing tools around including THC-Scan. The legendary ezine. Been on since the 80's . and still alive.