Security News -  Security Reviews -   Exploits -  Tools -  UNIX Focus -  Windows Focus
Ask the Team  Mailing Lists  Advertising Info  Advisories  About SecuriTeam  Blogs Brought to you by: Suppliers of: Website Testing Tools Network Testing Tools Software Testing Tools SecuriTeam in Your Inbox New vulnerability? New tool? Tell us (Our PGP key).	Poisonous Style for Dialog Window Bypasses Zone Security 4 Dec. 2002    Summary By appointing the style of the text in a window (a "ModalDialog" window) a remote attacker is able to execute arbitrary JavaScript and HTML code regardless of zone difference (i.e. he is able to steal the cookies used in any domain).   Credit: The information has been provided by Liu Die Yu. Website Security Scan Code Vulnerability Test Network Assessment Tool Detect hidden vulnerabilities Exhaustive automated testing Real-time, continuous security Get guidance from professionals of internal or 3rd party code. scanning for your entire network    Details Protect your website! Use an External Vulnerability Scanner! Nothing to install. First report in 1 hour! www.beyondsecurity.com/vulnerability-scanner Vulnerable systems:  * Internet Explorer version 6.0.2600.0000  * Internet Explorer version 5.50.4807.2300 Demonstration: (Outside the SecurITeam website) http://www16.brinkster.com/liudieyu/PoisonousSTYLEforDialog/PoisonousSTYLEforDialog-MyPage.htm Or http://clik.to/liudieyu and select: PoisonousSTYLEforDialog-MyPage section. Example: One style type that can cause execution of script: <IMG width="0" height="0" style="width: expression(alert());">  Comments:  Add new comment:  Subject:  Name/Nick/Email:          Chars Left:	All Sections Security News Unix focus Exploits Tools Windows focus Security Reviews  Related Articles VMware Tools for Windows Local Binary Planting Vulnerability VMware Tools for Windows Remote Binary Planting Vulnerability Ipswitch Imail Server Queuemgr Format String Code Execution Vulnerability Ipswitch Imail Server List Mailer Reply-To Address Code Execution Vulnerability HP OpenView Network Node Manager Execution of Arbitrary Code Vulnerability HP OpenView NNM webappmon.exe execvp_nc Code Execution Vulnerability HP Virtual Connect Enterprise Manager for Windows XSS vulnerability CA XOsoft Control Service entry_point.aspx Remote Code Execution Vulnerability Microsoft Office Access AccWizObjects ActiveX Control Uninitialized Imports Code Execution Vulnerability CA XOsoft xosoapapi.asmx Multiple Code Execution Vulnerabilities Winamp Player FLV Data Processing Integer Overflow Vulnerabilities HP Insight Software Installer for Windows Multiple Vulnerabilities IBM SolidDB solid.exe Handshake Request Username Field Code Execution Vulnerability HP Insight Software Installer for Windows Multiple Vulnerabilities HP Insight Control Power Management for Windows Multiple Vulnerabilities  Featured Articles MyBB Password Reset Weak Random Numbers Vulnerability Mozilla Firefox nsTreeSelection Dangling Pointer Code Execution Vulnerability Mozilla Firefox DOM Attribute Cloning Remote Code Execution Oracle Secure Backup Administration $ther Variable Command Injection Code Execution Vulnerability Novell Teaming ajaxUploadImageFile Code Execution Vulnerability Oracle Secure Backup Administration selector Command Injection Code Execution Vulnerability WebLogic Plugin HTTP Injection via Encoded URLs vulnerability
	Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus - Blogs - CVEs

Copyright © 1998-2010 Beyond Security® All rights reserved.
Terms of Use Site Privacy Statement.
SecuriTeam™ is a trademark of Beyond Security®