[VulnWatch] Cgisecurity Advisory #9: Novell Websearch, and Microsoft IIS XSS Issues

From: zeno (zeno@cgisecurity.net)
Date: Wed Apr 10 2002 - 10:08:04 EDT

• Next message: Marc Maiffret: "[VulnWatch] Windows 2000 and NT4 IIS .ASP Remote Buffer Overflow"
• Previous message: Peter Gründl: "[VulnWatch] KPMG-2002008: Watchguard SOHO IP Restrictions Flaw"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Just two XSS holes. I only bothered releasing them because both microsoft
and novell seemed to suffer a similar problem. I like to know about a hole
no matter how small it is, if its in a product I use.

Advisory
www.cgisecurity.com/advisory/9.txt

- zeno@cgisecurity.com

NOTE: Novell issued a patch within a month of my findings. Patching information
within advisory.

• Next message: Marc Maiffret: "[VulnWatch] Windows 2000 and NT4 IIS .ASP Remote Buffer Overflow"
• Previous message: Peter Gründl: "[VulnWatch] KPMG-2002008: Watchguard SOHO IP Restrictions Flaw"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 22:21:35 EDT