|
|
Prev week |
Colapse all |
Post message
H2HC 2010 Sao Paulo - Capture the Flag 2010-09-13 Rodrigo Rubira Branco (BSDaemon) (rodrigo kernelhacking com) Wireshark 1.4.0 Malformed SNMP V1 Packet Denial of Service 2010-09-13 yangdn nipc org cn Wireshark 1.4.0 Malformed SNMP V1 Packet Denial of Service ------------------------------------------------------------------ I. Summary A flaw has been identified in Wireshark 1.4.0 concerning the ASN.1/BER dissector that will cause a denial of service (stack overflow and null pointer derefe [ more ] [ reply ] Secunia Research: MailEnable SMTP Service Two Denial of Service Vulnerabilities 2010-09-13 Secunia Research (remove-vuln secunia com) MVSA-10-008 / CVE-2010-0154 - IBM Proventia Mail Security System - Insecure Direct Object Reference vulnerability 2010-09-12 marian ventuneac gmail com Security Advisory: MVSA-10-008 / CVE-2010-0154 Vendor: IBM Products: Proventia Network Mail Security System Vulnerabilities: Insecure Direct Object Reference Risk: Medium Attack Vector: From Remote Authentication: Required Reference: http://www.ventuneac.net/security-advisories/MVS [ more ] [ reply ] MVSA-10-009 / CVE-2010-0155 - IBM Proventia Network Mail Security System - CRLF Injection vulnerability 2010-09-12 marian ventuneac gmail com [SECURITY] [DSA 2097-2] New phpmyadmin packages fix several vulnerabilities 2010-09-11 Thijs Kinkhorst (thijs debian org) MVSA-10-007 / CVE-2010-0152 - IBM Proventia Mail Security System - Multiple persistent and reflected XSS vulnerabilities 2010-09-12 marian ventuneac gmail com MVSA-10-006 / CVE-2010-0153 - IBM Proventia Network Mail Security System - Cross-Site Request Forgery vulnerabilities 2010-09-12 marian ventuneac gmail com Security Advisory: MVSA-10-006 / CVE-2010-0153 Vendor: IBM Products: Proventia Network Mail Security System Vulnerabilities: Cross-Site Request Forgery (XSRF) Risk: High Attack Vector: From Remote Authentication: Required Reference: http://www.ventuneac.net/security-advisories/MVSA- [ more ] [ reply ] International Hacking Conference "POC2001" Call for Paper 2010-09-13 pocadm gmail com The 5th international hacking and security conference "POC2019" by hackers will be held in Seoul, Korea on December 14 ~ 15(because of G20 Summit Meeting, the date was changed.) 'POC' means ?Power of Community?. POC believes that the power of community can make the world safer. POC doesn?t pursue [ more ] [ reply ] [DCA-00015] YOPS Web Server Remote Command Execution 2010-09-10 Rodrigo Escobar (ipax dclabs com br) [DCA-00015] [Software] - YOPS (Your Open Personal [WEB] Server) [Vendor Product Description] - YOPS (Your Own Personal [WEB] Server) is a small SEDA-like HTTP server for Linux OS written in C. There are 7 stages (accept, parse, launch, fetch, error, send and log), and pipes are used as interst [ more ] [ reply ] Internet Download Accelerator 5.8 Remote Buffer Overflow 2010-09-08 g1xsystem windowslive com <!--========================== ================================================== Internet Explorer ver 7.0.5730.13 Tested On Windows SP2 Inj3ct0r team & yogyacarderlink team Bug discovered by eidelweiss Affected Software: idaiehlp.dll BHO: IE 4.x-6.x BHO for Internet Download Accelerator - {2A6466 [ more ] [ reply ] Re: Binary Planting Goes "EXE" 2010-09-09 Christian Sciberras (uuf6429 gmail com) For what it's worth (to your research) there are also hybrids; ie, a normal executable can be executed from a dll perspective, as the other way round; they're the same format. Executables simply have a specific "standard" entry point. Thought I'd remind you that this "vuln" might exist in less know [ more ] [ reply ] Adobe Flash Player IE version 10.1.x Insecure DLL Hijacking Vulnerability (dwmapi.dll) 2010-09-10 YGN Ethical Hacker Group (lists yehg net) ======================================================================== ================= Adobe Flash Player IE version 10.1.x Insecure DLL Hijacking Vulnerability (dwmapi.dll) ======================================================================== ================= 1. OVERVIEW The Flash Player [ more ] [ reply ] Medium security flaw in Apache Traffic Server 2010-09-08 Tim Brown (timb nth-dimension org uk) I was recently taking a look at the Apache Traffic Server project (which I believe was formerly developed by Yahoo Inc) and notice a series of potential problems relating to the way that it handles DNS. This proxy does not rely on the OS supplied resolver library for resolving hostnames but inst [ more ] [ reply ] [SECURITY] [DSA 2106-1] New xulrunner packages fix several vulnerabilities 2010-09-08 Moritz Muehlenhoff (jmm debian org) PGP Desktop version 9.10.x-10.0.0 Insecure DLL Hijacking Vulnerability (tsp.dll, tvttsp.dll) 2010-09-09 YGN Ethical Hacker Group (lists yehg net) ===================================================================== PGP Desktop version 9.10.x-10.0.0 Insecure DLL Hijacking Vulnerability (tsp.dll, tvttsp.dll) ===================================================================== 1. OVERVIEW The PGP Desktop application is vulnerable to Insecu [ more ] [ reply ] Re: Binary Planting Goes "EXE" 2010-09-09 Stefan Kanthak (stefan kanthak nexgo de) "ACROS Security Lists" wrote: > For everyone interested in binary planting vulnerabilities, here's some new > information on the EXE vector from our research. > > http://blog.acrossecurity.com/2010/09/binary-planting-goes-exe.html Tell news! 1) There is an equivalent to "SafeDLLSearchPath" for ex [ more ] [ reply ] Re: etax 2010 failure to validate remote ssl certificate properly 2010-09-09 dave b (db pub mail gmail com) On 8 September 2010 05:17, dave b <db.pub.mail (at) gmail (dot) com [email concealed]> wrote: > On 8 September 2010 05:09, dave b <db.pub.mail (at) gmail (dot) com [email concealed]> wrote: >> etax 2010[0] > > Minor edit :) > "> (note: you need a certificate for _any_ domain signed by a CA" > should be: > "> (note: you need a certificate for a domain that [ more ] [ reply ] [USN-978-1] Thunderbird vulnerabilities 2010-09-08 Jamie Strandboge (jamie canonical com) =========================================================== Ubuntu Security Notice USN-978-1 September 08, 2010 thunderbird vulnerabilities CVE-2010-2760, CVE-2010-2763, CVE-2010-2764, CVE-2010-2765, CVE-2010-2766, CVE-2010-2767, CVE-2010-2768, CVE-2010-2769, CVE-2010-3166, CVE-2010-3167, CV [ more ] [ reply ] [security bulletin] HPSBMA02576 SSRT090231 rev.1 - HP Data Protector Express and HP Data Protector Express Single Server Edition (SSE), Local Denial of Service (DoS), Execution of Arbitrary Code 2010-09-09 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02498535 Version: 1 HPSBMA02576 SSRT090231 rev.1 - HP Data Protector Express and HP Data Protector Express Single Server Edition (SSE), Local Denial of Service (DoS), Execution of Arbitrary Code [ more ] [ reply ] Binary Planting Goes "EXE" 2010-09-09 ACROS Security Lists (lists acros si) For everyone interested in binary planting vulnerabilities, here's some new information on the EXE vector from our research. http://blog.acrossecurity.com/2010/09/binary-planting-goes-exe.html Pleasant reading, Mitja Kolsek CEO&CTO ACROS, d.o.o. Makedonska ulica 113 SI - 2000 Maribor, Slovenia [ more ] [ reply ] ACROS Security: Remote Binary Planting in Apple Safari for Windows (ASPR #2010-09-08-1) 2010-09-08 ACROS Security Lists (lists acros si) =====[BEGIN-ACROS-REPORT]===== PUBLIC ======================================================================== = ACROS Security Problem Report #2010-09-08-1 ------------------------------------------------------------------------ - ASPR #2010-09-08-1: Remote Binary Planting in Apple Safari for Windo [ more ] [ reply ] SQL Injection and XSS vulnerabilities in CubeCart version 4.3.3 2010-09-09 Bogdan Calin (bogdan acunetix com) We are continuing with the list of security vulnerabilities found in a number of web applications while testing our latest version of Acunetix WVS v7 . In this blog post, we will look into the details of a number of security problems discovered by Acunetix WVS in CubeCart. "CubeCart is a fully feat [ more ] [ reply ] |
|
Privacy Statement |
A Captcha is a type of challenge-response test used in computing to
ensure that the response is not generated by a computer. It is a
contrived acronym for "Completely Automated Public Turing test to tell
Computers and Humans Apart."
The process
[ more ] [ reply ]