look and feel
---------------------------------------------------------------------------
1. OVERVIEW
The recent release of Firefox 3.6 introduces support for browser "Personas"
-- lightweight image-based themes which alter the look and feel of the
browser chrome.
A malicious website can set a user's Persona to an arbitrary theme, disable
Undo functionality in the browser's information bar, and obfuscate the Persona
entry in the Themes pane of the Tools | Add-ons pane to make the detection and
Cygwin is a Linux-like environment for Windows. It consists of two parts:
1. A DLL (cygwin1.dll) which acts as a Linux API emulation layer providing
substantial Linux API functionality.
2. A collection of tools which provide Linux look and feel.
SUMMARY
Cygwin is a Linux-like environment for Microsoft Windows copyrighted by
Red Hat, Inc. Tarball software packages are installed and updated via
http://www.debian.org/security/ Moritz Muehlenhoff
March 18, 2011 http://www.debian.org/security/faq
- -------------------------------------------------------------------------
The security update DSA-2186 issued for Iceweasel caused a regression in
Vimperator, an Iceweasel extension to make it have vim look and feel.
vimperator in stable has been updated to 2.3.1-0+squeeze1 to restore
compatibility.
We recommend that you upgrade your vimperator packages.
"Feature complete yet easy to use, WebMail Server Pro provides feature
rich Web 2.0 web-based access to email, calendars, contacts, files and
shared data from any computer with browser and internet connection,
without the usual configuration hassle. Thanks to advanced technologies
and application-like look and feel, Pro suggests it was born to become
the ultimate replacement of Outlook and similar desktop mail clients."
(from the vendor's homepage)
?>
------------------------------------------------------------------------
Directory traversal
------------------------------------------------------------------------
FWS uses a template mechanism for its look and feel and also supports
multiple languages. FWS ships with Dutch and English language files. The
file main.txt for each language is actually a PHP script that is
included within the web pages. If the user chooses a different language,
a cookie containing this language is send to the users browser. This
cookie is later used to find the correct language files. No validation
> clicking on a "validate this widget" button within the widget.
> However, the widget proves itself by simply POSTing an (apparently)
> fixed (per ShopAd id) string to a fixed URL, which is trivially
> vulnerable to replay attacks. For example, see the (clearly bogus)
> widget at [3]. Of course, a more serious attacker would spend more
> time reproducing the look-and-feel of the adgregate widget.
>
> Here's the relevant HTML that fakes the validation functionality:
>
> <form method="POST" action="https://secure.adgregate.com/AuthenticWidget.aspx">
> <input type="hidden" name="widgetvalid" value="1w23e4r5-ijhyffrd">
clicking on a "validate this widget" button within the widget.
However, the widget proves itself by simply POSTing an (apparently)
fixed (per ShopAd id) string to a fixed URL, which is trivially
vulnerable to replay attacks. For example, see the (clearly bogus)
widget at [3]. Of course, a more serious attacker would spend more
time reproducing the look-and-feel of the adgregate widget.
Here's the relevant HTML that fakes the validation functionality:
<form method="POST" action="https://secure.adgregate.com/AuthenticWidget.aspx">
<input type="hidden" name="widgetvalid" value="1w23e4r5-ijhyffrd">
"Feature complete yet easy to use, WebMail Server Pro provides feature
rich Web 2.0 web-based access to email, calendars, contacts, files and
shared data from any computer with browser and internet connection,
without the usual configuration hassle. Thanks to advanced technologies
and application-like look and feel, Pro suggests it was born to become the
ultimate replacement of Outlook and similar desktop mail clients."
(from the vendor's homepage)
"Feature complete yet easy to use, WebMail Server Pro provides feature
rich Web 2.0 web-based access to email, calendars, contacts, files and
shared data from any computer with browser and internet connection,
without the usual configuration hassle. Thanks to advanced technologies
and application-like look and feel, Pro suggests it was born to become
the ultimate replacement of Outlook and similar desktop mail clients."
(from the vendor's homepage)
"Feature complete yet easy to use, WebMail Server Pro provides feature
rich Web 2.0 web-based access to email, calendars, contacts, files and
shared data from any computer with browser and internet connection,
without the usual configuration hassle. Thanks to advanced technologies
and application-like look and feel, Pro suggests it was born to become
the ultimate replacement of Outlook and similar desktop mail clients."
(from the vendor's homepage)
II. BACKGROUND
-------------------------
Cygwin is a Linux-like environment for Windows wich consists in a dll
binary (cygwin1.dll) wichs emulates linux api, and a set of tools
which provide Linux look and feel.
Sometimes, the administrators relay in cygwin security in order to
open a daemon to the net (sshd, telnetd, ftpd ...) over cygwin.
III. DESCRIPTION
|
