|
|
Colapse all |
Post message
CORE-2009-0803: Virtual PC Hypervisor Memory Protection Vulnerability 2010-03-16 CORE Security Technologies Advisories (advisories coresecurity com) ZDI-10-030: Apple WebKit CSS run-in Attribute Rendering Remote Code Execution Vulnerability 2010-03-16 ZDI Disclosures (zdi-disclosures tippingpoint com) ZDI-10-030: Apple WebKit CSS run-in Attribute Rendering Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-030 March 16, 2010 -- Affected Vendors: Apple -- Affected Products: Apple WebKit Apple Safari Google Chrome -- TippingPoint(TM) IPS Customer Protec [ more ] [ reply ] Last Call for Papers, CONFidence 2010, 25-26May, Last Call for Papers 2010-03-16 Andrzej Targosz (andrzej targosz proidea org pl) CONFidence 2010 Last Call for Papers #################################### Calling all practitioners in the field of IT security! The 7th edition of CONFidence 2010, is taking place in Krakow on May 25/26, 2010. http://2010.confidence.org.pl We invite all to send the proposed topic and abstracts of [ more ] [ reply ] rPSA-2010-0018-1 bind bind-utils caching-nameserver 2010-03-16 rPath Update Announcements (announce-noreply rpath com) ZDI-10-032: SAP MaxDB Malformed Handshake Request Remote Code Execution Vulnerability 2010-03-16 ZDI Disclosures (zdi-disclosures tippingpoint com) ZDI-10-032: SAP MaxDB Malformed Handshake Request Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-032 March 16, 2010 -- Affected Vendors: SAP -- Affected Products: SAP MaxDB -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been pr [ more ] [ reply ] [USN-913-1] libpng vulnerabilities 2010-03-16 Marc Deslauriers (marc deslauriers canonical com) =========================================================== Ubuntu Security Notice USN-913-1 March 16, 2010 libpng vulnerabilities CVE-2009-2042, CVE-2010-0205 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.0 [ more ] [ reply ] [USN-912-1] Audio File Library vulnerability 2010-03-16 Marc Deslauriers (marc deslauriers canonical com) =========================================================== Ubuntu Security Notice USN-912-1 March 16, 2010 audiofile vulnerability CVE-2008-5824 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8 [ more ] [ reply ] ZDI-10-031: Apple Webkit Blink Event Dangling Pointer Remote Code Execution Vulnerability 2010-03-16 ZDI Disclosures (zdi-disclosures tippingpoint com) ZDI-10-031: Apple Webkit Blink Event Dangling Pointer Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-031 March 16, 2010 -- Affected Vendors: Apple -- Affected Products: Apple WebKit -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers hav [ more ] [ reply ] SugarCRM Stored XSS vulnerability 2010-03-16 Jeromie Jackson (jeromie comsecinc com) Class: Stored Cross Site Scripting (XSS) CVE: CVE-2010-0465 Remote: Yes Local: Yes Published: Jan 1, 2010 12:01AM Timeline: Submission to Mitre: January 29, 2010 Vendor Contact: February 18, 2010 Vendor Response: February 19, 2010 Patch Available: March 10, 2010 Credit: Jeromie Jackson CI [ more ] [ reply ] rPSA-2010-0022-1 sendmail sendmail-cf 2010-03-16 rPath Update Announcements (announce-noreply rpath com) [SECURITY] [DSA 2017-1] New pulseaudio packages fix insecure temporary directory 2010-03-15 Giuseppe Iuculano (iuculano debian org) QuickZip 0day detailed write-up 2010-03-15 Security (security corelan be) In case some of you missed it - I published 2 articles on the Offensive Security Blog (last one was published a few hours ago), explaining the process of building a (not so typical) SEH based exploit for a QuickZip 0day vulnerability. Part 1 : http://www.offensive-security.com/blog/vulndev/quickzip [ more ] [ reply ] ZDI-10-029: Apple WebKit innerHTML element Substitution Remote Code Execution Vulnerability 2010-03-15 ZDI Disclosures (zdi-disclosures tippingpoint com) ZDI-10-029: Apple WebKit innerHTML element Substitution Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-029 March 15, 2010 -- CVE ID: CVE-2010-0050 -- Affected Vendors: Apple -- Affected Products: Google Chrome Apple WebKit Apple Safari -- TippingPoi [ more ] [ reply ] Multiple DOM-Based XSS in Dojo Toolkit SDK 2010-03-15 labs gdssecurity com =========================================================== Multiple DOM-Based XSS in Dojo Toolkit SDK Public Release Date: 3/12/2010 Adam Bixby - Gotham Digital Science (labs (at) gdssecurity (dot) com [email concealed]) Affected Software: Dojo Toolkit SDK <= Build 1.4.1 Browser used for testing: IE8 (8.0.7600.16385) Sever [ more ] [ reply ] New vulnerabilities in Abton 2010-03-12 MustLive (mustlive websecurity com ua) Hello Bugtraq! I want to warn you about new vulnerabilities in Abton. It's commercial Ukrainian CMS. ----------------------------- Advisory: New vulnerabilities in Abton ----------------------------- URL: http://websecurity.com.ua/3618/ ----------------------------- Timeline: 17.02.2009 - found t [ more ] [ reply ] Vulnerability httpdx v1.5.3 2010-03-15 Mehdi Mahdjoub - Sysdream IT Security Services (m mahdjoub sysdream com) #!/usr/bin/perl # # Program : Httpdx v1.5.3 # PoC : Remote Break Services # Homepage : http://sourceforge.net/projects/httpdx/ # Found by : Jonathan Salwan # This Advisory : Jonathan Salwan # Contact : j.salwan (at) sysdream (dot) com [email concealed] # # # //----- Application descrip [ more ] [ reply ] ZoneAlarm 9 (ForceField) Security Disclosure 2010-03-15 Andrew Barkley (barkley usa net) Hi, This disclosure pertains to ZoneAlarm 9 (ForceField). ZoneAlarm have been informed. The following discusses similar issues as was previously disclosed regarding ZoneAlarm 8. ZoneAlarm 9 (ForceField) ZoneAlarm version:9.1.007.002 TrueVector version:9.1.007.002 Driver version:9.1.007.002 Int [ more ] [ reply ] PlumberCon 10 - Call for Papers 2010-03-15 astera (a schneeweisz gmail com) PlumberCon 10 Call For Participation ==================================== The Call For Papers for PlumberCon 10, 2nd edition, taking place in Vienna (Austria) is now open! This year the conference will be held from July 09th - 11th (Fri - Sun) - in other words, the week between HitB Amsterda [ more ] [ reply ] [SECURITY] [DSA 2016-1] New drupal6 packages fix several vulnerabilities 2010-03-13 Giuseppe Iuculano (iuculano debian org) ...because you can't get enough of clickjacking 2010-03-13 Michal Zalewski (lcamtuf coredump cx) [ I promise to post something more interesting shortly - but in the meantime, I wanted to drop a quick note about something kinda amusing. ] There was a considerable amount of buzz around clickjacking [1] in the past year or so. It is commonly believed that this simple attack can only be realistica [ more ] [ reply ] [Tool] sqlmap 0.8 released 2010-03-15 Bernardo Damele A. G. (bernardo damele gmail com) Hi, I am glad to release sqlmap version 0.8. Introduction ============ sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of back-end database servers. It comes with a broad range of features lasting from dat [ more ] [ reply ] [HITB-Announce] HITBSecConf2010 - Dubai Agenda Released 2010-03-14 Hafez Kamal (aphesz hackinthebox org) Conference agenda for HITBSecConf2010 - Dubai has been announced! Welcoming Address by H.E Mohammed Nasser Al-Ghanim (Director General, UAE Telecom Regulatory Authority - TRA) -- TBC Keynote 1: John Viega (CTO, SaaS, McAfee Inc.) -- A/V Vendors Aren't As Dumb As They Look Keynote 2: Matt Watchinsk [ more ] [ reply ] SyScan'10 CFP 2010-03-15 thomas (at) syscan (dot) org [email concealed] (thomas syscan org) *SyScan'10 CALL FOR PAPERS* *ABOUT SYSCAN'10* This year, SyScan'10 will be held in the 4 exciting cities of Singapore, Hangzhou, Taipei and Ho Chi Minh City. Details are as follows: */SyScan'10 Singapore /*date: 17 â?? 18 June 2010 */SyScan'10 HangZhou /*date: 10 - 11 July 2010 */SyScan'10 Taipe [ more ] [ reply ] Vulnerability in phpAdsNew, OpenAds and OpenX 2010-03-14 MustLive (mustlive websecurity com ua) Hello Bugtraq! I want to warn you about vulnerability in phpAdsNew, OpenAds and OpenX. Earlier I already wrote to the list about XSS and HTML Injection vulnerabilities in tagcloud.swf in multiple plugins for many engines such as WordPress, Joomla and DLE. About this issue I wrote in details in my [ more ] [ reply ] Ananta Gazelle SQL Injection Vulnerability 2010-03-13 admin bugreport ir ##########################www.BugReport.ir############################## ########## # # AmnPardaz Security Research Team # # Title: Ananta Gazelle SQL Injection Vulnerability # Vendor: http://www.anantasoft.com/ # Vulnerable Version: 1.0 (Latest version till now) # Exploitation: Remote with [ more ] [ reply ] Sun Java System Communication Express CSRF via HPP 2010-03-13 edgard chammas beyond-security org Hello, As a continuation of my advisory about "Sun Java System Communications Express Multiple HTML Injection Vulnerabilities" that can be found here: (http://www.securityfocus.com/bid/34083/info), I would like to introduce another potential security threat in the same product and based on my pre [ more ] [ reply ] CVE-2010-0188 Exploit Code 2010-03-12 villys777 gmail com # Exploit Title: Adobe Acrobat libtiff Remote Code Execution # Date: 2010-03-12 # Author: villy( http://bugix-security.blogspot.com/) # Software Link: http://adobe.com/ # Version: Adobe Reader 9.x < 9.3.1 # Tested on: windows xp(sp2 and xp3) # CVE : CVE-2010-0188 Full python code on the link : http [ more ] [ reply ] |
|
Privacy Statement |
Hash: SHA1
Core Security Technologies - CoreLabs Advisory
http://www.coresecurity.com/corelabs/
Virtual PC Hypervisor Memory Protection Vulnerability
1. *Advisory Information*
Title: Virtual PC Hypervisor Memory Protection Vulnerability
Ad
[ more ] [ reply ]