Security Net
line
Home
Usluge
Laboratorija
Dokumenti
  Advisory
line
  Papers
line
Reference
Kontakt
Linkovi
line

line
BLOGschneier / google / hacking / cn

  
line

line Ivan Markovic, Zastita
Dejan Levaja



The Web
Security Net

line

dff scanner

web mail auth tool
  

|| Security Net Advisory #D.3.12.08.a

Title : SquirrelMail Malformed HTML Mail Message Script Insertion
Impact : Cross Site Scripting
Type : Remote
Vendor :
- Url : http://www.squirrelmail.org/

|| Vulnerability

Input passed as HTML parts of e-mail messages is not properly sanitised for malformed HTML before being viewed. This can be exploited to inject arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when a malicious e-mail message is opened.

|| Solution:

Do not open untrusted e-mail messages.

|| Contact

Author : Ivan Markovic
Site : www.security-net.biz



   line
Zastita::Feed

Re: virus blokira update od MS-a

W32/Autorun-AZM

Oracle has an unscheduled security alert and patch for CVE-2010-0073. The issue affects WebLogic Server and is remotely exploitable. Details and patch are here http://www.oracle.co (Tue,

Dradis v2.5.0 released

WAP Map 1.0

A Lazy Pen Tester’s Guide to Testing Flash Applications

Mycity::Zastita

Veliki "patch tuesday" kuca na vrata

Nova IE slaba tačka

Povučeni maliciozni Firefox dodaci


line



© Copyright 2006 - 2009 Security Net | Powered by NETSECTOR WSW::CMS