Cgisecurity Advisory #9: Novell Websearch, and Microsoft IIS XSS Issues

From: zeno (zenoat_private)
Date: Wed Apr 10 2002 - 07:08:04 PDT

Next message: Marc Maiffret: "Windows 2000 and NT4 IIS .ASP Remote Buffer Overflow"

Previous message: advisoriesat_private: "@stake advisory: .htr heap overflow in IIS 4.0 and 5.0"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Just two XSS holes. I only bothered releasing them because both microsoft
and novell seemed to suffer a similar problem. I like to know about a hole
no matter how small it is, if its in a product I use. 

Advisory
www.cgisecurity.com/advisory/9.txt

- zenoat_private

NOTE: Novell issued a patch within a month of my findings. Patching information
within advisory.

Next message: Marc Maiffret: "Windows 2000 and NT4 IIS .ASP Remote Buffer Overflow"
Previous message: advisoriesat_private: "@stake advisory: .htr heap overflow in IIS 4.0 and 5.0"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Apr 10 2002 - 13:08:23 PDT