Vulnerability in Exchange Server Could Allow Arbitrary Code Execution
Grok Headline matches for Vulnerability in Exchange Server Could Allow Arbitrary Code Execution
Microsoft Internet Explorer Unspecified
CHM File Processing Arbitrary Code
Execution Vulnerability (bid 9658)
Microsoft Internet Explorer Unspecified
CHM File Processing Arbitrary Code
Execution Vulnerability (bid 9658)
02/19/2004 12:47 PMK-OTiK Security (Feb 18 2004)
Remote Code Execution Vulnerability in
Microsoft ISA Server 2000
Remote Code Execution Vulnerability in
Microsoft ISA Server 2000
01/22/2004 02:29 AMPHP Arbitrary Code Execution
PHP Arbitrary Code Execution
08/05/2002 10:44 PMZeroboard Arbitrary Code Execution
Zeroboard Arbitrary Code Execution
06/19/2002 08:56 AMYaPiG Arbitrary Command Execution
Vulnerability
YaPiG Arbitrary Command Execution
Vulnerability
08/22/2004 03:30 PMDirect and Related Links
for 'YaPiG Arbitrary Command Execution Vulnerability'
“Critical: Highly critical Impact: System access Where: From
remote Description: aCiDBiTS has reported a vulnerability in YaPiG,
which can be exploited by malicious people to compromise a vulnerable
system…. The vulnerability has been confirmed in version 0.92b.
Other versions may also be affected. Solution: Edit the source to
ensure that user input is sanitised properly.”…
Safari remote arbitrary code execution
Safari remote arbitrary code execution
05/17/2004 01:39 PMkang (May 17 2004)
[SECURITY] [DSA 624-1] New zip packages
fix arbitrary code execution
[SECURITY] [DSA 624-1] New zip packages
fix arbitrary code execution
01/05/2005 11:55 AMMartin Schulze (Jan 05 2005)
Re: Safari remote arbitrary code
execution
Re: Safari remote arbitrary code
execution
05/17/2004 05:58 PMAdam Shostack (May 17 2004)
SSH URI handler remote arbitrary code
execution
SSH URI handler remote arbitrary code
execution
05/25/2004 04:26 PMkang (May 24 2004)
[SECURITY] [DSA 706-1] New axel packages
fix arbitrary code execution
[SECURITY] [DSA 706-1] New axel packages
fix arbitrary code execution
04/13/2005 07:34 PMPosted by Martin Schulze, Apr 13 2005
[SECURITY] [DSA 406-1] New lftp packages
fix arbitrary code execution
[SECURITY] [DSA 406-1] New lftp packages
fix arbitrary code execution
01/05/2004 02:51 PMMartin Schulze (Jan 04 2004)
CVStrac Remote Arbitrary Code Execution
exploit
CVStrac Remote Arbitrary Code Execution
exploit
08/05/2004 04:08 PMRichard Ngo (Aug 05 2004)
[SECURITY] [DSA 493-1] New xchat
packages fix arbitrary code execution
[SECURITY] [DSA 493-1] New xchat
packages fix arbitrary code execution
04/21/2004 04:56 PMMartin Schulze (Apr 21 2004)
[SECURITY] [DSA 621-1] New CUPS packages
fix arbitrary code execution
[SECURITY] [DSA 621-1] New CUPS packages
fix arbitrary code execution
12/31/2004 04:35 PMMartin Schulze (Dec 31 2004)
[SECURITY] [DSA 490-1] New Zope packages
fix arbitrary code execution
[SECURITY] [DSA 490-1] New Zope packages
fix arbitrary code execution
04/17/2004 03:16 PMMartin Schulze (Apr 17 2004)
[SECURITY] [DSA 623-1] New nasm packages
fix arbitrary code execution
[SECURITY] [DSA 623-1] New nasm packages
fix arbitrary code execution
01/04/2005 05:26 PMMartin Schulze (Jan 04 2005)
[SECURITY] [DSA 709-1] New libexif
packages fix arbitrary code execution
[SECURITY] [DSA 709-1] New libexif
packages fix arbitrary code execution
04/15/2005 12:59 PMPosted by Martin Schulze, Apr 15 2005
[ GLSA 200504-10 ] Gld: Remote execution
of arbitrary code
[ GLSA 200504-10 ] Gld: Remote execution
of arbitrary code
04/13/2005 07:34 PMPosted by Sune Kloppenborg Jeppesen, Apr 13 2005
[SECURITY] [DSA 551-1] New lukemftpd
packages fix arbitrary code execution
[SECURITY] [DSA 551-1] New lukemftpd
packages fix arbitrary code execution
09/21/2004 07:03 PMMartin Schulze (Sep 21 2004)
[SECURITY] [DSA 703-1] New krb5 packages
fix arbitrary code execution
[SECURITY] [DSA 703-1] New krb5 packages
fix arbitrary code execution
04/01/2005 02:14 PMMartin Schulze (Apr 01 2005)
[SECURITY] [DSA 619-1] New xpdf packages
fix arbitrary code execution
[SECURITY] [DSA 619-1] New xpdf packages
fix arbitrary code execution
12/30/2004 09:51 PMMartin Schulze (Dec 30 2004)
[SECURITY] [DSA 548-1] New imlib
packages fix arbitrary code execution
[SECURITY] [DSA 548-1] New imlib
packages fix arbitrary code execution
09/16/2004 05:27 PMMartin Schulze (Sep 16 2004)
[SECURITY] [DSA 625-1] New pcal packages
fix arbitrary code execution
[SECURITY] [DSA 625-1] New pcal packages
fix arbitrary code execution
01/05/2005 01:38 PMMartin Schulze (Jan 05 2005)
[SECURITY] [DSA 618-1] New imlib
packages fix arbitrary code execution
[SECURITY] [DSA 618-1] New imlib
packages fix arbitrary code execution
12/25/2004 05:09 PMMartin Schulze (Dec 24 2004)
[SECURITY] [DSA 617-1] New libtiff
packages fix arbitrary code execution
[SECURITY] [DSA 617-1] New libtiff
packages fix arbitrary code execution
12/25/2004 05:09 PMMartin Schulze (Dec 24 2004)
[SECURITY] [DSA 701-1] New samba
packages fix arbitrary code execution
[SECURITY] [DSA 701-1] New samba
packages fix arbitrary code execution
03/31/2005 03:23 PMMartin Schulze (Mar 31 2005)
[SECURITY] [DSA 663-1] New prozilla
packages fix arbitrary code execution
[SECURITY] [DSA 663-1] New prozilla
packages fix arbitrary code execution
02/01/2005 09:28 PMMartin Schulze (Feb 01 2005)
[SECURITY] [DSA 628-1] New imlib2
packages fix arbitrary code execution
[SECURITY] [DSA 628-1] New imlib2
packages fix arbitrary code execution
01/06/2005 05:16 PMMartin Schulze (Jan 06 2005)
Re: CVStrac Remote Arbitrary Code
Execution exploit
Re: CVStrac Remote Arbitrary Code
Execution exploit
08/06/2004 04:35 PMRichard Hipp (Aug 06 2004)
Microsoft Windows "desktop.ini"
Arbitrary File Execution Vulnerability
Microsoft Windows "desktop.ini"
Arbitrary File Execution Vulnerability
05/18/2004 01:31 PMRoozbeh Afrasiabi has reported a vulnerability in Microsoft Windows,
which can be exploited by malicious, local users to gain escalated
privileges. The problem is that "desktop.ini" files may contain CLSID
references to arbitrary executables in the "[.ShellClassInfo]"
section. This can be exploited to execute arbitrary files with another
user's privileges when the user browses a folder containing a
malicious "desktop.ini" file.
[SECURITY] [DSA 699-1] New
netkit-telnet-ssl packages fix arbitrary
code execution
[SECURITY] [DSA 699-1] New
netkit-telnet-ssl packages fix arbitrary
code execution
03/29/2005 06:00 PMMartin Schulze (Mar 29 2005)
[SECURITY] [DSA 697-1] New netkit-telnet
packages fix arbitrary code execution
[SECURITY] [DSA 697-1] New netkit-telnet
packages fix arbitrary code execution
03/29/2005 06:00 PMMartin Schulze (Mar 29 2005)
[ GLSA 200406-06 ] CVS: additional DoS
and arbitrary code execution
vulnerabilities
[ GLSA 200406-06 ] CVS: additional DoS
and arbitrary code execution
vulnerabilities
06/10/2004 05:48 PMKurt Lieber (Jun 10 2004)
[ GLSA 200408-04 ] PuTTY:
Pre-authentication arbitrary code
execution
[ GLSA 200408-04 ] PuTTY:
Pre-authentication arbitrary code
execution
08/05/2004 12:34 PMSune Kloppenborg Jeppesen (Aug 05 2004)
[SECURITY] [DSA 542-1] New Qt packages
fix arbitrary code execution and denial
of service
[SECURITY] [DSA 542-1] New Qt packages
fix arbitrary code execution and denial
of service
08/31/2004 04:41 AMMartin Schulze (Aug 30 2004)
[SECURITY] [DSA 552-1] New imlib2
packages fix potential arbitrary code
execution
[SECURITY] [DSA 552-1] New imlib2
packages fix potential arbitrary code
execution
09/22/2004 02:20 PMMartin Schulze (Sep 22 2004)
[SNS Advisory No.77] Usermin Remote
Arbitrary Shell Command Execution
Vulnerability
[SNS Advisory No.77] Usermin Remote
Arbitrary Shell Command Execution
Vulnerability
09/07/2004 06:23 PMsnsadv (Sep 07 2004)
[SECURITY] [DSA 396-1] New thttpd
packages fix information leak, DoS and
arbitrary code execution
[SECURITY] [DSA 396-1] New thttpd
packages fix information leak, DoS and
arbitrary code execution
10/29/2003 01:36 PMMartin Schulze (Oct 29 2003)
Comcast(tm) Email Manager allows
arbitrary java and activex code
execution
Comcast(tm) Email Manager allows
arbitrary java and activex code
execution
07/22/2004 01:32 PMMichael Scheidell (Jul 22 2004)
Grok Description matches for Vulnerability in Exchange Server Could Allow Arbitrary Code Execution
GrokA matches for Vulnerability in Exchange Server Could Allow Arbitrary Code Execution
Update Rollup for Exchange 5.5
(KB841765)
Update Rollup for Exchange 5.5
(KB841765)
05/25/2004 11:30 PMThis Update Rollup resolves problems that were found in the Exchange
5.5 since Exchange 5.5 SP4 was released.
Fix an iSync / Exchange connection error
Fix an iSync / Exchange connection error
09/10/2004 09:11 AMI made a work-around for the nasty "iSync couldn't connect to
Exchange" popup that appears when you use iSync to sync your Address
Book with Microsoft Exchange. Read the full instructions on my blog.
Deployment Server 5.6: Deploying
Scripted install returns Error 3010
Deployment Server 5.6: Deploying
Scripted install returns Error 3010
07/30/2004 08:31 AMHotFix Watch: Stop error message when
you install Virtual PC Additions and SMS
client components on a Windows NT
4.0-based virtual machine
HotFix Watch: Stop error message when
you install Virtual PC Additions and SMS
client components on a Windows NT
4.0-based virtual machine
09/08/2004 07:55 PMHotFix Watch: Win32 Error = 1072 error
appears after you change the SMS 2.0
Service account of a secondary site
HotFix Watch: Win32 Error = 1072 error
appears after you change the SMS 2.0
Service account of a secondary site
12/28/2004 07:03 PMMicrosoft Exchange Community Selects
IdentaPop Pro as the Best Exchange
Connectivity Product.
Microsoft Exchange Community Selects
IdentaPop Pro as the Best Exchange
Connectivity Product.
05/31/2004 02:14 PMThe Microsoft Exchange users community has voted IdentaFone Software’s
IdentaPop Pro the MSD2D.com 2004 People’s Choice Award for Best
Exchange Connectivity Product. The award was announced at Microsoft’s
Tech-Ed 2004 conference in San Diego, CA. [PRWEB May 26, 2004]
Cliex32.dll Error 126 Error in
Wnmanual.log
Cliex32.dll Error 126 Error in
Wnmanual.log
06/18/2004 08:16 AMWindows XP SP2: To Install or Not to
Install. Is that the Question?
Windows XP SP2: To Install or Not to
Install. Is that the Question?
08/19/2004 10:46 PMAdvanced Error Handling: Writing an
Error Handling Class
Advanced Error Handling: Writing an
Error Handling Class
11/10/2003 11:25 PMIf you're tired of the default error handler and want to have complete
control over default error messages, you should write your own error
handling class. Writing your own handler will enable you to change the
way php handles your error messages, and allows you to create your own
error types. With this class you will be able to send error messages
to a log file, or send error reports via email.
Essential Guide for Microsoft Exchange
Server Preventative Maintenance::
Optimizing Your Microsoft Exchange D
Essential Guide for Microsoft Exchange
Server Preventative Maintenance::
Optimizing Your Microsoft Exchange D
04/10/2005 03:29 AMFrontline Apr 10 2005 7:11AM GMT
404 error
404 error
01/14/2003 02:28 PMI found this funny 404 error message on SDForum's Web
site:
Either BOF or EOF is True, or the current record has been deleted.
Requested operation requires a current record.
Error
Error
08/10/2004 02:34 PMlivejournal.com/tools/memadd.bml?journal=jmhm&itemid=959603
track this
site | 2 links
PXE-E51 Error
PXE-E51 Error
08/14/2004 05:23 PMOn "Feedbag Error 17"...
On "Feedbag Error 17"...
10/29/2003 12:10 AMA couple of days ago I noticed that I couldn't add Azeem Azhar to my iChat AV
contacts list. I kept getting returned "Feedbag Error 17" which seemed
entirely unexpected and unpleasantly phrased. Was I a feedbag? Had
iChat eaten Azeem? The mind boggled.
After several hours of consideration, another option occurred to
me. Perhaps iChat was trying to protect me from excessive contact with
Azeem! Maybe my beautiful new Pantherised beast was being defensive!
"No, Tom!" It was going, "He's bad news! He'll tell you that you work
in Marketing again and you'll get all cross and defensive and make
that ludicrous speech about being an artisan! Please! Please! Let me
protect you from the embarrassment!" At which point, I assumed,
feedbag laptop decided to chow-down on poor Mr Azhar's AIM name with
fierce hungry vengeance. I touted this theory around a few of my
friends. General consensus, "It's not a bug, it's a feature!"
Well now I know that I'm not alone and that it's nothing
personal, Mr Azhar! My Powerbook loves you and iChat loves you and all
I had to do was throw away a couple of my childhood friends who -
frankly - are never online anyway and kind of sucked at web stuff. In
the end the problem was all caused by having too many friends -
apparently AIM can only handle 150 contacts - at least that is
according to Mssrs. Unsanity, Rael and Webb.
But it occurs to me that there's something slightly suspicious
about all of this. A couple of days ago I tried searching for
information about this error message, but it was nowhere. There was
literally no information. Today, there's a search result
returned, and posts about the subject on three separate weblogs. So
what's happened? Is it a new error message or is it just we've all hit
the limit at the same time? Or has the number of buddies available
changed? I smell a mystery!
Read the comments
Error-Wait-0.02
Error-Wait-0.02
11/16/2003 04:50 AMMore on XML Error Handling
More on XML Error Handling
01/22/2004 02:56 AMI thought I'd respond to a few of the comments I received:
Many people suggested that there be a built-in validator in the
browser that could show the errors to the developer. The validators
basically break down into two types: obtrusive validators and
unobtrusive validators.
If the validator is unobtrusive, then I would argue that it won't
receive sufficient usage to make a difference. If the browser doesn't
impose a penalty of some kind, then there will be no incentive for the
author to correct mistakes.
I can see the value of an obtrusive validator, as long as the
obtrusive part was only checking well-formedness (i.e., really basic
mistakes).
(2) Some people pointed out that my own blog was not valid. I have
two responses to that:
(a) I am not arguing for perfectly valid XML documents. I am
arguing for well-formed XML documents. There is a difference.
I think asking that the page be well-formed is setting the bar fairly
low. For example, one of the current errors on this blog is that I
have two elements with the same id. While this makes the blog
invalid, it does not have any effect on the blog being well-formed.
At least I don't think it does. :)
(b) I'm illustrating a point, namely that I have no reason to make
the blog valid, given that browsers will display the blog anyway.
(3) People complained that I wasn't serving up XHTML. I can't
actually serve up XHTML if I want the blog to be displayable in all
browsers, including Safari, which still has sufficient issues with
XHTML that I can't make that switch yet.
(4) My comments on HTML error handling were largely
misinterpreted.
Some people thought I was attacking WinIE for its permissive
handling of HTML. I was not, and I'm glad others appreciated
that fact. Back in the 90s WinIE had to emulate the permissive
error handling of the then-dominant browser Netscape. They had no
choice if they wanted Web sites to be viewable as the designer
intended. They were in the same position then that Safari is in
now.
Nor am I suggesting that WinIE should become less tolerant of
malformed HTML, or that they are at fault for not doing so. That is
simply not a logical conclusion to have drawn from my previous
comments. You can't take a Web site (even a malformed one) that works
a certain way and suddenly refuse to render it or even render it
radically differently than before.
For HTML, this issue was resolved long ago in favor of permissive
error handling and recovery, and no modern browser is to blame for
that situation.
Others said a browser that handles malformed HTML is better than
one that does not, and if Safari doesn't handle all this malformed
HTML, then it's simply not as capable a browser.
What amused me about this comment is that there is no definition of
what it means to handle malformed HTML. As long as a browser shows
you something and doesn't crash, it has handled the malformed HTML.
What people don't understand is that you don't simply have to handle
the malformed HTML. You have to handle it in exactly the same way as
the Web browser that the site author designed for.
If you do not, you'll end up with different renderings of the same
page, which as I said before, constitute the largest set of rendering
differences between Web browsers. Perfect emulation is what makes
error recovery so difficult. If you allow grossly malformed pages,
then most XML on the Web will end up being grossly malformed (as is
the case with HTML today).
Once you have a Web full of grossly malformed XML, there will be
one dominant browser that designers will check to see if the site
looks ok. They will then make assumptions that other browsers will
recover from the malformation errors in precisely the same way and
will simply assume that it is the fault of the other browsers if they
don't.
Right now it is the responsibility of alternate browsers to emulate
the dominant browser's error recovery strategies, but there's simply
no reason to do that for XML as well.
XML Error Reporting II
XML Error Reporting II
01/22/2004 03:30 PMResponding to comments in the previous blog entry:
(1) Some people thought this was a hacked expat. Darin actually
switched Safari over to libxml2, so the error messages you're seeing
(as well as the ability to continue parsing) are all built in to
libxml2.
(2) Do you think it's better to show the page only up to the first
error or to try to display the entire page (with the understanding
that what follows the first error could be very badly mangled)?
(3) Often there are a lot of meaningless errors after the first. I
could put a cap on the number of displayed errors to deal with this
problem or just not worry about it. What do people think?
(4) Those of you who suggested drawers for errors, remember a
drawer is a UI element in Safari and not WebKit. This feature should
just work out of the box for WebKit clients, so I'm inclined not to
use drawers or sheets, but to just display the errors at the top of
the page.
Error-Wait-0.03
Error-Wait-0.03
11/16/2003 04:50 AMError In Downloading
Error In Downloading
11/14/2003 09:47 PMRecord, tech industries battle to make music pay off. By Russ Britt
and Steve Gelsi (CBS MarketWatch via MyAppleMenu)
Blue Or Red? Error Or Not?
Blue Or Red? Error Or Not?
04/05/2005 04:18 AMMore variation mongers, but this time it's legit - though a little
bass ackwards, or is it?
XML Error Reporting III
XML Error Reporting III
01/24/2004 02:50 PMThanks to those of you who answered my question regarding how much
of an invalid page should be rendered. It turns out that the XML spec
is clear on this issue, and that I must stop building up the page DOM
after the first fatal error is encountered.
With that in mind I now tell libxml to continue the processing, but
I start ignoring all of the callbacks. That way I get a list of all
the errors, but properly stop the DOM tree buildup after the first
error.
For those of you who suggested that WebKit needs some sort of error
reporting API, I agree, and if it had one, these errors would
obviously be reported to it. However, these errors still have to be
reported aggressively so that WebKit clients can't mask these
mistakes.
I don't believe in showing a sheet or a dialog as an intermediate
step prior to displaying a rendering of the page. The reason I
dislike this idea is that this error reporting is primarily a Web
developer feature, and they're just going to want to load the page,
see the errors, maybe correct some CSS at the same time, and then
reload with changes until the error report has been eliminated.
The end user isn't ever going to see this report, since anyone who
makes an invalid XML file right now ends up with something that won't
display in any browser. Thus it seems to me that the report should be
easy to access (in terms of # of clicks), always visible, and included
with the page rendering.
I have polished the look of the report a bit based off suggestions.
Here's another screenshot.
Read error
Read error
11/02/2003 05:25 PMCNET Asia Nov 2 2003 4:29PM ET
Error-Wait-0.01
Error-Wait-0.01
11/03/2003 05:54 PMError Handler
Error Handler
04/16/2005 11:27 PMSupport now available
Margins of Error
Margins of Error
07/20/2004 09:16 AMWider margins should be greeted with wider smiles.
Error in SMS RTM Documentation
Error in SMS RTM Documentation
05/28/2004 05:06 AMVBScript Error with FTM
VBScript Error with FTM
09/02/2004 02:43 AMAccess Error
Access Error
05/24/2004 04:33 AMGeneral Says Sanchez Rejected Her Offer to Give Address to Iraqis
About Abuses
c.moreover.com/click/here.pl?r157808591
track this
site | 3 links
404 ERROR - Ultrashock.com
404 ERROR - Ultrashock.com
12/14/2003 06:49 AMusable 404 page
ultrashock.com/404
track this
site | 4 links
Spot the Error
Spot the Error
02/10/2004 02:45 AMCleaned up eh? (hint: line 28)...
Vulnerability in Exchange Server Could Allow Arbitrary Code Execution
