IE Vulnerability Flagged

Grok Headline matches for IE Vulnerability Flagged

Miller Gets Flagged

Miller Gets Flagged 12/30/2004 04:29 PM
Legal wrangling and market-share losses highlight the dangers of negative advertising.

Lucent Flagged for Cingular 3G

Lucent Flagged for Cingular 3G 05/26/2004 03:10 PM
Unstrung.com May 26 2004 6:24PM GMT

Sen. Kennedy Flagged by No-Fly List
(washingtonpost.com)

Sen. Kennedy Flagged by No-Fly List
(washingtonpost.com) 08/20/2004 12:48 PM
washingtonpost.com - U.S. Sen. Edward M. "Ted" Kennedy said yesterday that he was stopped and questioned at airports on the East Coast five times in March because his name appeared on the government's secret "no-fly" list.

Critical Flaws Flagged in Mozilla,
Thunderbird

Critical Flaws Flagged in Mozilla,
Thunderbird 09/15/2004 01:54 PM
The open-source project plugs vulnerabilities in its Web browser and e-mail client.

Firefox JavaScript Engine Flaw Flagged

Firefox JavaScript Engine Flaw Flagged 04/04/2005 11:57 PM
The vulnerability carries a "moderately critical" rating and could lead to the disclosure of sensitive information.

A script to only show unread/flagged
messages in Mail.app

A script to only show unread/flagged
messages in Mail.app 01/16/2004 10:59 AM
mahakali: "Here are two scripts to filter your mailbox. Save these scripts inside Users -> your_username -> Library -> Scripts -> Mail Scripts -> anySubFolder. They'll appear under the script icon on Mail menubar."

SI.com - NFL - Horn flagged for
cell-phone celebration - Monday December
15, 2003 1:32AM

SI.com - NFL - Horn flagged for
cell-phone celebration - Monday December
15, 2003 1:32AM 12/16/2003 07:41 PM
Football Player Phones Home after Touchdown .. en medio de un partido de futbol americano .. Can you hear me now? .. under the goalpost .. Joe Horn's

sportsillustrated.cnn.com/2003/football/nfl/12/14/horn.cellph one.ap
track this site | 4 links

CyberWeekend: First Bust Under Tougher
U.S. E-Stalk Law; Another IE Security
Flaw Flagged; Realtor Sued For Do

CyberWeekend: First Bust Under Tougher
U.S. E-Stalk Law; Another IE Security
Flaw Flagged; Realtor Sued For Do 04/10/2004 10:55 PM
AVN Online Apr 11 2004 2:05AM GMT

NISCC Vulnerability Advisory 236929:
Vulnerability Issues in TCP

NISCC Vulnerability Advisory 236929:
Vulnerability Issues in TCP 04/20/2004 02:16 PM
David Ahmad (Apr 20 2004)

Re: NISCC Vulnerability Advisory 236929:
Vulnerability Issues in TCP

Re: NISCC Vulnerability Advisory 236929:
Vulnerability Issues in TCP 05/11/2004 06:04 PM
Florian Weimer (May 11 2004)

Open source outfit releases
vulnerability for IE vulnerability

Open source outfit releases
vulnerability for IE vulnerability 12/19/2003 01:10 PM
The Register Dec 19 2003 11:57AM ET

Vulnerability with XP SP2

Vulnerability with XP SP2 08/18/2004 06:29 AM
Just to bare in mind, Microsoft are dealing with this and are holding off SP2s release on Automatic Update because of it. There's a bug in the implementation of a new security feature; it'd be hard to criticize Microsoft too hard for this problem.

"With Service Pack 2, Microsoft introduces a new security feature which warns users before executing files that originate from an untrusted location (zone) such as the Internet. There are two flaws in the implementation of this feature: a cmd issue and the caching of ZoneIDs in Windows Explorer. The Windows command shell cmd ignores zone information and starts executables without warnings. Virus authors could use this to spread viruses despite the new security features of SP2.

Windows Explorer does not update zone information properly when files are overwritten. So it can be tricked to execute files from the internet without warning."

Heise do concede that it would take a fair amount of user interaction for a virus writer to use this vulnerability. However, as they point out, the powers of social engineering and playing on less IT adept people do mean that it's not that in-conceivable it could happen. With Service Pack 2, Microsoft had clearly been hoping for less vulnerabilities, and will no doubt be disappointed with this news.

View: More info @ Heise.de

Read full story...

802.11 Has DoS Vulnerability

802.11 Has DoS Vulnerability 05/13/2004 08:11 PM
Internet News May 13 2004 11:39PM GMT

PHP Vulnerability N. 1

PHP Vulnerability N. 1 09/15/2004 03:20 PM
Stefano Di Paola (Sep 15 2004)

[USN-108-1] GDK vulnerability

[USN-108-1] GDK vulnerability 04/06/2005 05:45 PM
Posted by Martin Pitt, Apr 05 2005

[USN-52-1] vim vulnerability

[USN-52-1] vim vulnerability 12/24/2004 12:36 PM
Martin Pitt (Dec 23 2004)

Vulnerability in man < 1.5l

Vulnerability in man < 1.5l 03/13/2003 10:22 AM
Jack Lloyd (Mar 11 2003)

KDE Vulnerability

KDE Vulnerability 08/12/2004 06:18 AM

Direct and Related Links for 'KDE Vulnerability'

“Two vulnerabilities have been discovered in KDE, which can be exploited by malicious, local users to perform certain actions on a vulnerable system with escalated privileges. 1) Certain directories and files are created insecurely when a user runs a KDE application outside the KDE environment or as another user. This can be exploited via symlink attacks to overwrite or truncate arbitrary files or prevent KDE applications from accessing certain directories. This vulnerability affects KDE 3.2.3…

PHP CGI Vulnerability

PHP CGI Vulnerability 02/20/2003 10:46 AM
PHP CGI Vulnerability I don't know how many folks are actually doing php as a CGI but if so ... [17-Feb-2003] The PHP Group today announced the details of a serious CGI vulnerability in PHP version 4.3.0. A security update, PHP 4.3.1, fixes the issue. Everyone running affected version of PHP (as CGI) are encouraged to upgrade immediately. The new 4.3.1 release does not include any other changes, so upgrading from 4.3.0 is safe and painless. [_Go_] I have to commend the php team for NOT including any other changes thereby making it much more likely that affected systems get patched. Good going!

Php Vulnerability N. 2

Php Vulnerability N. 2 09/16/2004 01:29 PM
Stefano Di Paola (Sep 15 2004)

Vulnerability in 2.6 and 2.61

Vulnerability in 2.6 and 2.61 03/13/2003 10:15 AM
If you upgraded to 2.6 or 2.61, you need to upgrade immediately to 2.62. There is a security vulnerability in...

IE6 + XP SP2 Vulnerability

IE6 + XP SP2 Vulnerability 09/17/2004 12:37 AM
cns (Sep 15 2004)

Re: [USN-52-1] vim vulnerability

Re: [USN-52-1] vim vulnerability 12/25/2004 05:09 PM
Liu Die Yu (Dec 23 2004)

Re: Moodle XSS Vulnerability

Re: Moodle XSS Vulnerability 07/17/2004 01:07 PM
Martin Dougiamas (Jul 17 2004)

IMWheel Vulnerability

IMWheel Vulnerability 08/27/2004 09:14 PM

Direct and Related Links for 'IMWheel Vulnerability'

“I)ruid has reported a vulnerability in IMWheel, which can be exploited by malicious, local users to perform certain actions on a vulnerable system with escalated privileges or cause a DoS (Denial of Service)….

TCP Vulnerability Published

TCP Vulnerability Published 04/20/2004 03:23 PM

Vulnerability Issues in TCP

Vulnerability Issues in TCP 04/20/2004 01:57 PM

[USN-75-1] cpio vulnerability

[USN-75-1] cpio vulnerability 02/05/2005 09:38 PM
Martin Pitt (Feb 04 2005)

OS X security vulnerability

OS X security vulnerability 12/16/2003 06:33 PM
A new Mac OS X security vulnerability has been discovered. Apparantly this vulnerability can allow execution of arbitrary code with "root" priviledges. The issue is considered a "Less Critical" vulnerability, and affects Mac OS X 10.3.1 and possibly other versions of the operating system.

[USN-107-1] racoon vulnerability

[USN-107-1] racoon vulnerability 04/05/2005 05:38 PM
Martin Pitt

The vulnerability of Macs

The vulnerability of Macs 12/11/2003 10:49 AM
Discussing what it calls a "significant hole," ABCnews asserts that a security issue affecting both Jaguar and Panther versions of OS X announced last month means that the "Mac OS is just as vulnerable as Microsoft Windows." While no operating system can claim to be perfectly secure, OS X and Unix variants in general are more secure than Windows by design, because Unix was created for a networked, multiple user environment, and Windows was created to operate on...

LDU (land down under) xss vulnerability

LDU (land down under) xss vulnerability 05/29/2004 03:25 PM
tim de gier (May 29 2004)

XSS vulnerability in XOOPS 2.0.5.1

XSS vulnerability in XOOPS 2.0.5.1 12/22/2003 05:21 PM
Chintan Trivedi (Dec 21 2003)

New Spoofing Vulnerability in IE

New Spoofing Vulnerability in IE 12/17/2004 06:27 PM

[USN-49-1] debmake vulnerability

[USN-49-1] debmake vulnerability 12/24/2004 12:36 PM
Martin Pitt (Dec 23 2004)

[USN-74-1] Postfix vulnerability

[USN-74-1] Postfix vulnerability 02/05/2005 09:38 PM
Martin Pitt (Feb 04 2005)

Defending against the OS X help:
vulnerability

Defending against the OS X help:
vulnerability 05/18/2004 03:05 PM

There's a nasty OS X vulnerability under discussion at the moment which lets a web page run a program on your drive by taking advantage of a flaw in the "help:" protocol. There's a non-malicious demonstration of the exploit on this page, and Jay Allen is hosting a discussion on the exploit and ways to avoid it.

To save you from digging through the discussion, the quickest way to defend yourself is to install the More Internet preference pane (mount the DMG, then copy the More Internet.prefPane file to your /Library/PreferencePanes folder or run the "install prefpane" script). Then go to system preferences, launch the "More Internet" panel, select the "help" protocol and use the Change button to assign it to some non-harmful application such as Chess (simply deleting the protocols will not solve the problem). While you're there it's a good idea to add a new protocol called "disk" and assign it to a non-harmful application as well - this prevents malicious sites from being able to auto-mount networked disk images on your system, something which while not exploitable on its own can be used in conjunction with other exploits (like the help: one) to execute arbitrary code.

For those who are interested, it seems the exploit itself is as simple as this:

<a href="help:runscript=MacHelp.help/Contents/Resources/English.lproj/shr d/OpnApp.scpt string=usr:bin:top">click to run 'top'</a>

WebArtFactory CMS Vulnerability

WebArtFactory CMS Vulnerability 12/17/2003 02:31 PM
Noticias (Dec 16 2003)

[USN-97-1] libxpm vulnerability

[USN-97-1] libxpm vulnerability 03/17/2005 03:53 AM
Martin Pitt (Mar 16 2005)
Grok Description matches for IE Vulnerability Flagged
GrokA matches for IE Vulnerability Flagged

Safari JavaScript Overflow

Safari JavaScript Overflow 03/08/2004 11:23 PM

Safari 1.3 has a JavaScript Console

Safari 1.3 has a JavaScript Console 04/16/2005 02:12 PM

My single biggest complaint about Safari in the past has been its terrible support for JavaScript debugging. Safari 1.3 has just been released, and tucked away in the Debug menu is a brand new JavaScript console option. It's not as good as the Firefox equivalent (it throws up far too many "Undefined value, line: 0" errors for my liking) but it's a big step in the right direction.

Apple: Safari, AppleScript and
JavaScript

Apple: Safari, AppleScript and
JavaScript 10/29/2003 02:19 AM
As noted yesterday, the latest version of Safari includes the 'do JavaScript' command in its AppleScript dictionary. By using the command, users can create AppleScript scripts that interact with the Safari JavaScript DOM (Document Object Model). Apple provides sample scripts along with links to Safari Developer FAQ, Safari JavaScript DOM Part 1 and Safari JavaScript DOM Part 2.

Other News: Safari JavaScript
Vulnerability

Other News: Safari JavaScript
Vulnerability 03/08/2004 11:09 PM
Insecure.ws reports a security vulnerability in Safari's JavaScript.

Safari javascript array overflow

Safari javascript array overflow 03/08/2004 11:20 PM
kang (Mar 06 2004)

An AppleScript to toggle JavaScript in
Safari

An AppleScript to toggle JavaScript in
Safari 05/20/2004 11:45 AM
Being a satisfied Safari user, I've never seen the need to disable JavaScript in my regular browsing; but this morning I came across a need to test several sites with JavaScript both enabled and disabled. Imagine my surprise ...

Ask MacSlash: Debugging JavaScript In
Safari/WebCore

Ask MacSlash: Debugging JavaScript In
Safari/WebCore 04/15/2004 02:25 PM

Professional JavaScript for Web
Developers: JavaScript in the Browser,
Pt. 1

Professional JavaScript for Web
Developers: JavaScript in the Browser,
Pt. 1 06/22/2005 02:51 AM
Web browsers have come a long way over the years and can now handle a variety of file formats, not just conventional HTML. Here, you'll learn how JavaScript fits into HTML, other languages, and some basic concepts of the Browser Object Model (BOM). By WROX Press. 0620

Javascript-MD5-1.04

Javascript-MD5-1.04 07/29/2004 06:40 AM

Javascript-MD5-1.00

Javascript-MD5-1.00 03/06/2004 02:03 AM

JavaScript, son of JavaScript

JavaScript, son of JavaScript 03/17/2005 04:00 AM
From SxSW, Molly writes about The Return of JavaScript: …one conversation that keeps coming up among many of my colleagues is the question as to whether the timing is right to re-examine the importance of the DOM and scripting, and...

JavaScript-RPC-0.03

JavaScript-RPC-0.03 01/25/2004 05:46 AM

Javascript-MD5-1.03

Javascript-MD5-1.03 04/28/2004 05:53 AM

XML-RSS-JavaScript-0.3

XML-RSS-JavaScript-0.3 10/29/2003 11:31 PM

Going JavaScript-less?

Going JavaScript-less? 02/18/2004 02:19 AM

How many people actually shut off JavaScript in their browsers? In the Web development world, you're constantly advised not to depend on JavaScript because "[insert double-digit percentage here] of Web surfers shut off JavaScript."

I have never known someone who shut off JavaScript. I have used a lot of computers in my life — many not my own — and never in one case have I noticed that JavaScript was intentionally disabled. I have never had anyone I know tell me that they shut off JavaScript to solve a problem. I have never even been remotely tempted to do this myself.

Is there anyone out there who has actually shut off JavaScript in their browser? Can you tell us why?

Click here to comment on this entry

Javascript-MD5-1.02

Javascript-MD5-1.02 04/13/2004 06:05 AM

JavaScript-RPC-0.05

JavaScript-RPC-0.05 08/12/2004 12:44 AM

Javascript Windows 0.3

Javascript Windows 0.3 01/05/2004 04:51 AM
A virtual Javascript window environment simulator.

Javascript contract -NYC, NY

Javascript contract -NYC, NY 03/14/2005 06:09 PM
6 month contract, junior developer with strong javascripting skills. Midtown Manhattan

JavaScript-SpiderMonkey-0.11

JavaScript-SpiderMonkey-0.11 08/23/2004 06:57 AM

JavaScript and Accessibility. Pt. 1.

JavaScript and Accessibility. Pt. 1. 03/14/2005 05:04 PM
In this first article of a three part series, the author introduces us to an increased awareness of web standards, W3C compliance, responsible scripting (which includes a checklist), and fixes for several classical JavaScript design methods that don't work. By Jonathan Fenocchi. 0214

JavaScript and Accessibility. Pt. 2.

JavaScript and Accessibility. Pt. 2. 03/14/2005 05:04 PM
Last week we began this series with a discussion about new practical and standards-compliant use of JavaScript. We also covered some classical techniques and how to fix them. We continue that process this week, where we look at form validation and rollovers. By Jonathan Fenocchi. 0221

Javascript Windows 0.2

Javascript Windows 0.2 12/30/2003 07:22 AM
A virtual Javascript window environment simulator.

JavaScript Triggers

JavaScript Triggers 02/01/2005 09:28 PM
Now that you've separated your website's (XHTML) structure from its (CSS) presentation, wouldn't it be great to similarly abstract the behavioral (JavaScript) layer from the others? ALA prodigal Peter-Paul Koch shows how to use JavaScript Triggers to do just that.

XML and JavaScript in Mozilla

XML and JavaScript in Mozilla 01/08/2004 08:49 PM
WebmasterBase Jan 8 2004 3:31AM ET

JavaScript and Accessibility. Pt. 3.

JavaScript and Accessibility. Pt. 3. 03/14/2005 05:04 PM
This week we'll learn about fixes and creative options for Drop-down Navigation Selections and DHTML Menus. Other topics covered are proprietary alternatives, document.all and innerHTML. By Jonathan Fenocchi. 0228

Javascript-SHA1-1.00

Javascript-SHA1-1.00 04/28/2004 05:53 AM

JavaScript Clocks

JavaScript Clocks 08/15/2004 12:04 PM

Direct and Related Links for 'JavaScript Clocks'

These generally only work in Internet Explorer. This one is really cool, and there are a lot of other ones here….

Javascript Utilities

Javascript Utilities 05/29/2004 11:05 AM
PopCal - The C-o-o-lest Pop Up Calendar has just popped out!

Atom-JavaScript-0.1

Atom-JavaScript-0.1 12/17/2003 11:51 PM

IE Vulnerability Flagged

The following phrases have been identified by the grok system as matching this entry: "safari javascript" regex javascript bug