RE: MSIE Download Window Filename + Filetype Spoofing Vulnerability
Grok Headline matches for RE: MSIE Download Window Filename + Filetype Spoofing Vulnerability
MSIE Download Window Filename + Filetype
Spoofing Vulnerability
MSIE Download Window Filename + Filetype
Spoofing Vulnerability
07/12/2004 02:15 PMPaul (Jul 11 2004)
[Opera 7/6] Long Filename Buffer
Overflow Vulnerability in Download
[Opera 7/6] Long Filename Buffer
Overflow Vulnerability in Download
03/13/2003 10:22 AMnesumin (Mar 11 2003)
NullyFake - Site Spoofing in MSIE
NullyFake - Site Spoofing in MSIE
08/16/2004 02:20 PMLiu Die Yu (Aug 15 2004)
Adobe Reader 6.0 Filename Handler Buffer
Overflow Vulnerability
Adobe Reader 6.0 Filename Handler Buffer
Overflow Vulnerability
07/13/2004 10:33 AM“Exploitation of a buffer overflow vulnerability in Adobe Reader
6.0 could allow remote attackers to execute arbitrary
code….Successful exploitation allows an attacker to execute
arbitrary code under the privileges of the local user. Remote
exploitation is possible by sending a specially crafted e-mail and
attaching the malicious PDF document….iDEFENSE has confirmed
that Adobe Acrobat Reader version 6.0.1 is vulnerable. It is suspected
that other versions of Adobe Acrobat Reader are vulnerable as well.
Adobe Acrobat may also be vulnerable.”
MSIE Overly Trusted Location Variant
Method Cache Vulnerability
MSIE Overly Trusted Location Variant
Method Cache Vulnerability
07/17/2004 01:07 PMPaul (Jul 16 2004)
RE: MSIE Similar Method Name Redirection
Cross Site/Zone Scripting
Vulnerability
RE: MSIE Similar Method Name Redirection
Cross Site/Zone Scripting
Vulnerability
07/16/2004 10:15 PMThor Larholm (Jul 15 2004)
MSIE Similar Method Name Redirection
Cross Site/Zone Scripting Vulnerability
MSIE Similar Method Name Redirection
Cross Site/Zone Scripting Vulnerability
07/12/2004 05:56 PMPaul (Jul 11 2004)
Re: MSIE Similar Method Name
Redirection Cross Site/Zone Scripting
Vulnerability
Re: MSIE Similar Method Name
Redirection Cross Site/Zone Scripting
Vulnerability
07/13/2004 05:21 PMhttp-equiv_at_excite.com (Jul 13 2004)
Vulns: Microsoft Windows Program Group
Converter Filename Local Buffer Overrun
Vulnerability
Vulns: Microsoft Windows Program Group
Converter Filename Local Buffer Overrun
Vulnerability
07/10/2004 10:05 PMSecurityFocus Jul 11 2004 2:07AM GMT
Secunia: Beware IE Download Spoofing
Flaw
Secunia: Beware IE Download Spoofing
Flaw
01/28/2004 12:27 PMMalicious Web sites could spoof the file extension of downloadable
files.
New Spoofing Vulnerability in IE
New Spoofing Vulnerability in IE
12/17/2004 06:27 PMMozilla / Firefox Download Dialog Source
Spoofing
Mozilla / Firefox Download Dialog Source
Spoofing
01/04/2005 11:22 AMSecunia Advisory: SA13599 Critical: Less critical Impact: Spoofing
Where: From remote Solution Status: Unpatched Software: Mozilla 1.7.x,
Mozilla Firefox 1.x Secunia Research has discovered a vulnerability in
Mozilla / Mozilla Firefox, which can be exploited by malicious people
to spoof the source displayed in the Download Dialog box. The problem
is that long sub-domains and paths aren’t displayed correctly,
which therefore can be exploited to obfuscate what is being displayed
in the source field of…
Direct and Related Links
for 'Mozilla / Firefox Download Dialog Source Spoofing'
Mozilla UI Spoofing Vulnerability
Mozilla UI Spoofing Vulnerability
07/31/2004 05:32 AMddress Bar Spoofing Vulnerability
ddress Bar Spoofing Vulnerability
08/19/2004 01:03 PMDirect and Related Links for 'ddress
Bar Spoofing Vulnerability'
“Software: Microsoft Internet Explorer 5.01, Microsoft
Internet Explorer 5.5, Microsoft Internet Explorer 6. Liu Die Yu has
discovered a vulnerability in Internet Explorer, which potentially can
be exploited by malicious people to conduct phishing attacks against a
user…. The vulnerability has been confirmed on a fully patched
system with Internet Explorer 6 running on Microsoft Windows 2000 SP4
/ Microsoft Windows XP SP1. Previous versions of Internet Explorer may
also be affected. Secunia has developed…
Internet Explorer URL Spoofing
Vulnerability
Internet Explorer URL Spoofing
Vulnerability
12/19/2003 11:24 AMThis information has made the rounds already but a few of you have
sent me e-mail asking about the vulnerability...
Netscape Java Tab Spoofing Vulnerability
Netscape Java Tab Spoofing Vulnerability
08/27/2004 05:41 PMDirect and Related Links for
'Netscape Java Tab Spoofing Vulnerability'
“J. Courcoul has discovered a vulnerability in Netscape,
which can be exploited by malicious people to conduct phishing
attacks….
Re: phpBB 2.0.8a and lower - IP spoofing
vulnerability
Re: phpBB 2.0.8a and lower - IP spoofing
vulnerability
04/19/2004 05:57 PMShaun Colley (Apr 19 2004)
phpBB 2.0.8a and lower - IP spoofing
vulnerability
phpBB 2.0.8a and lower - IP spoofing
vulnerability
04/19/2004 03:02 PMReady Response (Apr 18 2004)
Dialog Origin Spoofing Vulnerability
Dialog Origin Spoofing Vulnerability
06/22/2005 02:41 AMSecunia Research has discovered this security vulnerability in
several web browsers, including Safari and Internet Explorer on Mac.
The vulnerability “…can be exploited by malicious web
sites to spoof dialog boxes. The problem is that JavaScript dialog
boxes do not display or include their origin, which allows a new
window to open e.g. a prompt dialog box, which appears to be from a
trusted site. Successful exploitation normally requires that a user is
tricked into…
Direct and Related Links for
'Dialog Origin Spoofing Vulnerability'
SMC7004VWBR / SMC7008ABR "spoofing"
vulnerability.
SMC7004VWBR / SMC7008ABR "spoofing"
vulnerability.
09/15/2004 11:23 AMJimmy Scott (Sep 15 2004)
Notes and Tips: Browser Spoofing
Vulnerability
Notes and Tips: Browser Spoofing
Vulnerability
07/05/2004 11:24 AMSafari is vulnerable but Camino and Mozilla apparently aren't.
Opera Browser Address Bar Spoofing
Vulnerability
Opera Browser Address Bar Spoofing
Vulnerability
07/11/2004 09:20 AM“Description: bitlance winter has discovered a vulnerability in
the Opera browser, which potentially can be exploited by malicious
people to conduct phishing attacks against a user. The problem is
that information in the address bar is changed before properly loading
a page. This can e.g. be exploited via a specially crafted HTML
document…Solution: Disable support for Javascript. Input the
URL to trusted sites directly in the address bar and don’t
follow links from untrusted sources.”
Mozilla User Interface Spoofing
Vulnerability
Mozilla User Interface Spoofing
Vulnerability
07/31/2004 07:22 PMA vulnerability has been reported in Mozilla and Mozilla Firefox,
allowing malicious websites to spoof the user interface. The problem
is that Mozilla and Mozilla Firefox don't restrict websites from
including arbitrary, remote XUL (XML User Interface Language) files.
This can be exploited to "hijack" most of the user interface
(including tool bars, SSL certificate dialogs, address bar and more),
thereby controlling almost anything the user sees.
The Mozilla user interface is built using XUL files. A PoC (Proof of
Concept) exploit for Mozilla Firefox has been published. The PoC
spoofs a SSL secured PayPal website. This has been confirmed using
Mozilla 1.7 for Linux, Mozilla Firefox 0.9.1 for Linux, Mozilla 1.7.1
for Windows and Mozilla Firefox 0.9.2 for Windows. Prior versions may
also be affected.
View:
Mozilla Bug 244965
News source:
SecuniaRead full story...See more info in Safari download window
in 10.3.9
See more info in Safari download window
in 10.3.9
04/18/2005 11:17 AMIn Safari 1.2 (and earlier), in the Downloads window you could see
either the download speed or the time remaining, and you toggled it
with option-clicking the description text, as explained in this hint.
Well, with Safari 1...
OpenLinux: Webmin/Usermin Session ID
Spoofing Vulnerability
OpenLinux: Webmin/Usermin Session ID
Spoofing Vulnerability
11/18/2003 12:47 PMsecurity_at_sco.com (Nov 17 2003)
Download items from Safari's Activity
window
Download items from Safari's Activity
window
04/16/2004 10:24 AMAfter reading FunkDaddy's hint about using Option and Return for
downloading files from the Safari address bar, I thought I'd try it
with the Activity window. When I tried holding Option and double
clicking an item in the Act...
Fix for URL Spoofing Security
Vulnerability Checked in to Mozilla
Trunk and 1.6 Branch
Fix for URL Spoofing Security
Vulnerability Checked in to Mozilla
Trunk and 1.6 Branch
01/07/2004 07:08 PMMicrosoft Multiple E-Mail Client Address
Spoofing Vulnerability
Microsoft Multiple E-Mail Client Address
Spoofing Vulnerability
04/10/2005 09:52 PMAddict3d.org Apr 10 2005 11:45PM GMT
Drag and drop items to Safari 1.2's
Download window
Drag and drop items to Safari 1.2's
Download window
02/13/2004 11:55 AMIt seems as though Apple read my mind and tailor-fitted Safari v125
just for me. The Downloads window has received a huge boost with the
latest Safari release. As mentioned in previous hints, you can now (1)
Control-Click on ...
Vulns: Microsoft Internet Explorer
JavaScript Desktop Spoofing
Vulnerability
Vulns: Microsoft Internet Explorer
JavaScript Desktop Spoofing
Vulnerability
07/15/2004 08:13 PMSecurityFocus Jul 16 2004 0:53AM GMT
RE: iDEFENSE Security Advisory 04.08.05:
Microsoft Multiple E-Mail Client Address
Spoofing Vulnerability
RE: iDEFENSE Security Advisory 04.08.05:
Microsoft Multiple E-Mail Client Address
Spoofing Vulnerability
04/12/2005 11:07 PMPosted by Larry Seltzer, Apr 09 2005
iDEFENSE Security Advisory 04.08.05:
Microsoft Multiple E-Mail Client Address
Spoofing Vulnerability
iDEFENSE Security Advisory 04.08.05:
Microsoft Multiple E-Mail Client Address
Spoofing Vulnerability
04/09/2005 05:51 PMPosted by iDEFENSE Labs, Apr 08 2005
Mozilla / Mozilla Firefox Download
Dialog Source Spoofing
Mozilla / Mozilla Firefox Download
Dialog Source Spoofing
01/04/2005 11:22 AMDescription: Secunia Research has discovered a vulnerability in
Mozilla / Mozilla Firefox, which can be exploited by malicious people
to spoof the source displayed in the Download Dialog box. The problem
is that long sub-domains and paths aren’t displayed correctly,
which therefore can be exploited to obfuscate what is being displayed
in the source field of the Download Dialog box. The vulnerability has
been confirmed in Mozilla 1.7.3 for Linux, Mozilla 1.7.5 for Windows,
and…
Direct and
Related Links for 'Mozilla / Mozilla Firefox Download Dialog Source
Spoofing'
Mozilla / Mozilla Firefox User Interface
Spoofing Vulnerability
Mozilla / Mozilla Firefox User Interface
Spoofing Vulnerability
08/01/2004 10:04 AMDirect and
Related Links for 'Mozilla / Mozilla Firefox User Interface Spoofing
Vulnerability'
“A vulnerability has been reported in Mozilla and Mozilla
Firefox, allowing malicious websites to spoof the user interface. The
problem is that Mozilla and Mozilla Firefox don’t restrict
websites from including arbitrary, remote XUL (XML User Interface
Language) files. This can be exploited to “hijack” most of
the user interface (including tool bars, SSL certificate dialogs,
address bar and more), thereby controlling almost anything the user
sees….A PoC (Proof of Concept) exploit for Mozilla
Firefox…
FileName Pro v1.1.2
FileName Pro v1.1.2
01/23/2004 07:38 PMFileName Pro is a batch file rename utility. It can rename your files
based on any number of file naming schemes you configure, and it can
also move your files to a new folder when complete. [Shareware $15.00
14 Days 2.02 MB]
When is MSIE not MSIE?
When is MSIE not MSIE?
03/13/2003 10:22 AMI have referenced my Norwegian weblog a couple of times already. I am
using this site as a testing ground....
Handling non-UTF-8 filename
Handling non-UTF-8 filename
06/05/2005 11:13 PMG_FILENAME_ENCODING variable and convenient filename functions work.
Still Vulnerable in MSIE
Still Vulnerable in MSIE
05/14/2004 01:30 PMGreg Kujawa (May 14 2004)
Another Serious MSIE Hole
Another Serious MSIE Hole
01/29/2004 05:53 AMGrok Description matches for RE: MSIE Download Window Filename + Filetype Spoofing Vulnerability
GrokA matches for RE: MSIE Download Window Filename + Filetype Spoofing Vulnerability
RE: MSIE Download Window Filename + Filetype Spoofing Vulnerability
