Still Vulnerable in MSIE
Grok Headline matches for Still Vulnerable in MSIE
RE: Still Vulnerable in MSIE
RE: Still Vulnerable in MSIE
05/15/2004 12:53 PMThor Larholm (May 14 2004)
When is MSIE not MSIE?
When is MSIE not MSIE?
03/13/2003 10:22 AMI have referenced my Norwegian weblog a couple of times already. I am
using this site as a testing ground....
Another Serious MSIE Hole
Another Serious MSIE Hole
01/29/2004 05:53 AMXPath over HTML for MSIE
XPath over HTML for MSIE
06/03/2004 09:57 PMFirst release of html-xpath
How to remove MSIE from Windows
How to remove MSIE from Windows
07/29/2004 05:05 AMXeno sez:
When CERT and other security agencies said to stop using IE, I wasn't
too concerned as I use Firefox. However, it was quickly brought to my
attention that due to shell calls and all Microsoft products being
able to ignore your default browser, this still made your system
vulnerable through IE. So I took the long painful journey of finding a
simple way to remove IE.
Now, I'm getting emails from tons of satisfied people who have
followed my instructions and have even their default Microsoft aps
(including Windows update) using whatever browser they told it to.
Even Microsoft has called me to see how I did it. Unfortunately, they
blatantly told me that they won't be including it in their knowledge
base 'for obvious reasons'.
Link
(
Thanks, Xeno!)
MSIE 7 May Beat Longhorn Out The Gate
MSIE 7 May Beat Longhorn Out The Gate
08/08/2004 07:17 PMNullyFake - Site Spoofing in MSIE
NullyFake - Site Spoofing in MSIE
08/16/2004 02:20 PMLiu Die Yu (Aug 15 2004)
MSIE Download Window Filename + Filetype
Spoofing Vulnerability
MSIE Download Window Filename + Filetype
Spoofing Vulnerability
07/12/2004 02:15 PMPaul (Jul 11 2004)
RE: MSIE Download Window Filename +
Filetype Spoofing Vulnerability
RE: MSIE Download Window Filename +
Filetype Spoofing Vulnerability
07/12/2004 03:58 PMDrew Copley (Jul 12 2004)
MSIE clientCaps "isComponentInstalled"
and "getComponentVersion" registry
information leakage
MSIE clientCaps "isComponentInstalled"
and "getComponentVersion" registry
information leakage
11/05/2003 12:11 PMSam Schinke (Nov 04 2003)
Details and PoC for MS05-020 MSIE DHTML
Object handling vulnerabilities
Details and PoC for MS05-020 MSIE DHTML
Object handling vulnerabilities
04/13/2005 05:15 PMPosted by Berend-Jan Wever, Apr 12 2005
MSIE Overly Trusted Location Variant
Method Cache Vulnerability
MSIE Overly Trusted Location Variant
Method Cache Vulnerability
07/17/2004 01:07 PMPaul (Jul 16 2004)
RE: MSIE Similar Method Name Redirection
Cross Site/Zone Scripting
Vulnerability
RE: MSIE Similar Method Name Redirection
Cross Site/Zone Scripting
Vulnerability
07/16/2004 10:15 PMThor Larholm (Jul 15 2004)
MSIE Similar Method Name Redirection
Cross Site/Zone Scripting Vulnerability
MSIE Similar Method Name Redirection
Cross Site/Zone Scripting Vulnerability
07/12/2004 05:56 PMPaul (Jul 11 2004)
Re: MSIE Similar Method Name
Redirection Cross Site/Zone Scripting
Vulnerability
Re: MSIE Similar Method Name
Redirection Cross Site/Zone Scripting
Vulnerability
07/13/2004 05:21 PMhttp-equiv_at_excite.com (Jul 13 2004)
YAK! 2.1.0 still vulnerable
YAK! 2.1.0 still vulnerable
11/19/2003 05:46 PMbil (Nov 19 2003)
Mac OS X vulnerable
Mac OS X vulnerable
05/19/2004 01:40 PMOS X still vulnerable after Patch
OS X still vulnerable after Patch
05/26/2004 04:15 AMMAC OS X users continue to be unprotected by latest fix. Their
isn't much a uproar as their would be if Microsoft didn't fully fix a
security issue.
[Silicon Valley]
Re: Wordpress 1.2.2 is still vulnerable
Re: Wordpress 1.2.2 is still vulnerable
12/22/2004 01:09 AMThomas Waldegger (Dec 21 2004)
Mac As Vulnerable As Windows?
Mac As Vulnerable As Windows?
12/11/2003 03:40 PMHow vulnerable is the 'Net?
How vulnerable is the 'Net?
04/18/2005 04:03 AMSecurity upgrades ongoing, but some argue more needs to be done.
Comersus 5.098 XSS Vulnerable
Comersus 5.098 XSS Vulnerable
08/02/2004 03:25 PMAbdul Azis (Aug 02 2004)
Linux Vulnerable to Infiltration
Linux Vulnerable to Infiltration
04/29/2004 05:08 AMMac OS X vulnerable to one-two combo
attack
Mac OS X vulnerable to one-two combo
attack
05/18/2004 09:03 PMTwo flaws, when used together, could let attackers who concoct a
special Web site place a file on a Mac and then run the file through a
simple browser command.
Cellphones vulnerable to SMS-bomb
Cellphones vulnerable to SMS-bomb
03/19/2003 10:45 PMA certain make of Siemens cellular handset, popular in Europe, can be
shut down by sending an SMS-encoded message to it. Hilarity ensues.
The e-mails contain a single word, taken from the phone's language
menu, surrounded by quote marks and preceded by an asterisk, such as
"*English" or "*Deutsch," Siemens said.
Opening the short-text message on a Siemens 35 series cell completely
disables it, Rice said. Siemens 45 series phones are less affected and
can be resuscitated after about two minutes of work, Rice said. Both
phones are sold only in Europe.
Link
Discuss
(
via Smart Mobs)
How Much Time Are You Vulnerable While
You Browse?'
How Much Time Are You Vulnerable While
You Browse?'
03/26/2005 01:00 PMTechnocrat.net Mar 26 2005 5:26PM GMT
Voice Over IP Can Be Vulnerable To
Hackers, Too
Voice Over IP Can Be Vulnerable To
Hackers, Too
05/14/2004 12:02 PMInternet Explorer Still Vulnerable
Internet Explorer Still Vulnerable
07/07/2004 04:37 PMA self-appointed security sleuth has uncovered a new vulnerability in
Microsoft's Internet Explorer web browser that bears a close
resemblance to the Download.Ject exploit. Although Microsoft patched
Download.Ject last week, Dutch security expert Jelmer Kuperus found
that Microsoft's efforts to fix the problem did not go far enough.
Notes and Tips: Mac OS 9 Vulnerable?
Notes and Tips: Mac OS 9 Vulnerable?
05/26/2004 10:41 AMDoes Mac OS 9 have any vulnerabilities similar to what we're seeing in
Mac OS X now?
WebCT 4.1 vulnerable to XSS attacks
WebCT 4.1 vulnerable to XSS attacks
04/12/2005 11:13 AMPosted by lacertosum_at_yahoo.com, Apr 11 2005
AV alone leaves companies vulnerable
AV alone leaves companies vulnerable
04/17/2004 12:54 AMSunday Times South Africa Apr 17 2004 5:18AM GMT
U.S. IT Infrastructure Highly Vulnerable
U.S. IT Infrastructure Highly Vulnerable
03/22/2005 04:42 PMSlashdot Mar 20 2005 7:08AM GMT
WinZip Vulnerable To Hacks
WinZip Vulnerable To Hacks
09/04/2004 04:41 AMTechzonez Sep 4 2004 8:42AM GMT
Going Off to War, and Vulnerable to the
Pitches of Salesmen
Going Off to War, and Vulnerable to the
Pitches of Salesmen
07/19/2004 11:49 PMSeveral financial services companies or their agents are using
questionable tactics on military bases to sell insurance and
investments.
Inquiry at school for vulnerable
Inquiry at school for vulnerable
06/18/2004 12:42 PMThree staff are suspended and six others transferred at a school for
vulnerable teenagers following a police inquiry.
Kensington security locks vulnerable?
Kensington security locks vulnerable?
08/09/2004 05:56 AMAccording to
Slashdot and
Security.org, Kensington Locks are extremely
vulnerable to very simple attack. With the most basic of tools costing
less than $1, it's possible to unlock the device that offers
'security' to many thousands, if not millions, of laptop users
worldwide.
Security.org report that using a bic pen and a pair of scissors, the
protection from theft can be over come within 30 seconds. More
worryingly, the procedure does not leave any damage to the cable /
lock. As such, you would not be able to claim the $1500 that
Kensington offer if a product is stolen whilst protected with one of
its locks, due to the specifics of the guarantee.
So far, Kensington have not commented on the issue. One would suggest
that you keep, as ever, a rather good eye on your laptop and any other
products protected by their kit.
Screenshot:
Kensington Lock
View:
More
Info @ Kensington
View:
Security.org PieceRead full story...Oracle Applications vulnerable to web
attack
Oracle Applications vulnerable to web
attack
06/10/2004 08:59 PMZDNet Australia Jun 11 2004 1:13AM GMT
Windows XP SP2 Still Vulnerable To
Memory Attacks
Windows XP SP2 Still Vulnerable To
Memory Attacks
02/01/2005 09:40 PMRussian security outfit, Maxpatrol, have discovered a way to defeat
Microsoft® Windows® XP SP2 Heap protection and Data Execution
Prevention mechanism.
Data execution prevention (DEP) is a set of hardware and software
technologies that perform additional checks on memory to help protect
against malicious code exploits. By default, software-enforced DEP
only protects limited system binaries. Hardware-enforced DEP relies on
processor hardware to mark memory with an attribute that indicates
that code should not be executed from that memory.
Maxpatrol have published a
full article on their discoveries. They claim that
it's possible to implement arbitrary memory region write access
(smaller or equal to 1016 bytes), Arbitrary code execution and DEP
bypass.
The company have also published a solution named PTmsHORP. PTmsHORP
allows restriction of lookaside list creation, governed by a special
global flag. The company reported the problem to Microsoft on the 22nd
December. We've contacted Microsoft about the problem and are awaiting
a response.
View:
Defeating
Microsoft Windows XP SP2 Heap protection and DEP bypass
announcement
View:
Defeating Microsoft Windows XP SP2 Heap protection and
DEP bypass article
Read full story...Linux Vulnerable to Patent Suits?
Linux Vulnerable to Patent Suits?
08/02/2004 09:48 AMThe Open Source Risk Management (OSRM) consulting and insurance firm
has found there are 283 potential (but not yet court-validated)
software patents that could potentially be used in patent suits
against Linux. We're sure that Microsoft, which is planning to file
3,000 new patent applications in fiscal 2005, already is well aware of
where the Linux vulnerabilities are.
Grok Description matches for Still Vulnerable in MSIE
GrokA matches for Still Vulnerable in MSIE
Still Vulnerable in MSIE
