what you don't know can hurt you

Register | Login

FilesNewsUsersAuthors

Home Files News &[SERVICES_TAB]About Contact Add New

Showing 1 - 2 of 2

Files from D. Fabian

SEC-20061220-0.txt

Posted Dec 22, 2006

Authored by D. Fabian, J. Greil | Site sec-consult.com

SEC-CONSULT Security Advisory - Typo3 CMS versions 4.0.0 through 4.0.3 (along with other variants) suffer from a remote command execution flaw. Proof of concept included.

tags | exploit, remote, proof of concept

SHA-256 | 855559bf26aa89e08a42b32a4a13e9d2151e9b5cca1e5cb32c2673a8d897c507

Download | Favorite | View

SEC-20060613-0.txt

Posted Jun 15, 2006

Authored by D. Fabian, T. Kerbl | Site sec-consult.com

SEC-CONSULT Security Advisory 20060613-0 - Microsoft Outlook Web Access is vulnerable to an HTML code injection/cross site scripting attack. A malicious user could craft a mail containing HTML and Javascript code. Such code could be used to steal session information from the victims cookies, and thus enable the attacker to get access to the victim's emails. Vulnerable versions are Exchange 2000 (SP3), 2003 (SP1), 2003 (SP2).

tags | advisory, web, javascript, xss

SHA-256 | 660a8881d54862ec36db23fe8a4c02478e27719f256152894a6da754d91c8977

Download | Favorite | View