/.
• How a Guy Found 4 New Planets Without a Telescope
• Why Digital Newsstands Stink
• Using Technology To Enforce Good Behavior
• Researchers Claim 1,000 Core Chip Created
• Does Windows Phone 7 Have a Data Transmission Bug?
• Wikipedia Meets $16M Budget Goal
• Apple Support Company Sues Customer For Complaint
• Google Nexus S Processor Overclocked To 1.2GHz
• Battle Escalates Between Airlines and Online Agents
• Why Digital Newsstands Stink
• Using Technology To Enforce Good Behavior
• Researchers Claim 1,000 Core Chip Created
• Does Windows Phone 7 Have a Data Transmission Bug?
• Wikipedia Meets $16M Budget Goal
• Apple Support Company Sues Customer For Complaint
• Google Nexus S Processor Overclocked To 1.2GHz
• Battle Escalates Between Airlines and Online Agents
Гелерия
LifeHacker
• Update Your Resume and Get a (Better) Job This Weekend
• This Week’s Most Popular Posts: January 21-27
• How to Know When You're Wrong (and What You Can Do About It)
• What to Write Down During a Class Lecture
• Use Google Alerts as an Identity Theft Watchdog
• How to Stay Motivated and Avoid Slacking Off While Working From Home
• Get Your Ideas Out of Your Head and On Paper to Actually Make Progress Towards Your Goals
• How Do I Make My Own Height Adjustable Desk?
• Eat Your World Tells You How to Eat Like a Local When You Travel
• Should I Prepare My Own Taxes?
• How Long You Should Wait to Hear Back About a Job Application
• How Sitting All Day Is Damaging Your Body and How You Can Counteract It
• Fill in Online Job Application Salary Requests with $1 to Improve Your Chances of a Response
• What’s In Your DIY Toolkit?
• From the Tips Box: Smartphone Gaming, Packing Woes, and Returned Phone Calls
• Avoid Spills When Pouring Liquids with a Chopstick
• All the Awesome Things You Can Do with a Long Press on Your iPhone, iPad, or iPad touch
• What Should I Use for My Home Theater PC: Apple TV, Nettop, Old Computer, or Something Else?
• Google Is Facebook Is AOL: What Happens When a Good Google Goes Bad
• How to Build a (Nearly) Hack-Proof Password System with LastPass and a Thumb Drive
• Brand Name Batteries Last Longer but the Savings Over Generics Is Small
...
• This Week’s Most Popular Posts: January 21-27
• How to Know When You're Wrong (and What You Can Do About It)
• What to Write Down During a Class Lecture
• Use Google Alerts as an Identity Theft Watchdog
• How to Stay Motivated and Avoid Slacking Off While Working From Home
• Get Your Ideas Out of Your Head and On Paper to Actually Make Progress Towards Your Goals
• How Do I Make My Own Height Adjustable Desk?
• Eat Your World Tells You How to Eat Like a Local When You Travel
• Should I Prepare My Own Taxes?
• How Long You Should Wait to Hear Back About a Job Application
• How Sitting All Day Is Damaging Your Body and How You Can Counteract It
• Fill in Online Job Application Salary Requests with $1 to Improve Your Chances of a Response
• What’s In Your DIY Toolkit?
• From the Tips Box: Smartphone Gaming, Packing Woes, and Returned Phone Calls
• Avoid Spills When Pouring Liquids with a Chopstick
• All the Awesome Things You Can Do with a Long Press on Your iPhone, iPad, or iPad touch
• What Should I Use for My Home Theater PC: Apple TV, Nettop, Old Computer, or Something Else?
• Google Is Facebook Is AOL: What Happens When a Good Google Goes Bad
• How to Build a (Nearly) Hack-Proof Password System with LastPass and a Thumb Drive
• Brand Name Batteries Last Longer but the Savings Over Generics Is Small
...
Bugtraq
• Vuln: Pligg CMS 'status' Parameter SQL Injection Vulnerability
• Vuln: QEMU KVM CVE-2012-0029 Local Privilege Escalation Vulnerability
• Vuln: Apache Tomcat AJP Protocol Security Bypass Vulnerability
• Vuln: Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability
• Bugtraq: AdaCore Security Advisory SA-2012-L119-003 Hash collisions in AWS
• Bugtraq: [ GLSA 201201-15 ] ktsuss: Privilege escalation
• Bugtraq: [SECURITY] [DSA 2394-1] libxml2 security update
• Bugtraq: [HITB-Announce] Reminder: HITB2012AMS Call For Papers Closing Soon
• More rss feeds from SecurityFocus
• Vuln: QEMU KVM CVE-2012-0029 Local Privilege Escalation Vulnerability
• Vuln: Apache Tomcat AJP Protocol Security Bypass Vulnerability
• Vuln: Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability
• Bugtraq: AdaCore Security Advisory SA-2012-L119-003 Hash collisions in AWS
• Bugtraq: [ GLSA 201201-15 ] ktsuss: Privilege escalation
• Bugtraq: [SECURITY] [DSA 2394-1] libxml2 security update
• Bugtraq: [HITB-Announce] Reminder: HITB2012AMS Call For Papers Closing Soon
• More rss feeds from SecurityFocus
PacketStormSecurity
• Gitorious Remote Command Execution - Gitorious versions prior to 2.1.1 suffer from a remote command execution vulnerability.
• HP Diagnostics Server magentservice.exe Overflow - This Metasploit module exploits a stack buffer overflow in HP Diagnostics Server magentservice.exe service. By sending a specially crafted packet, an attacker may be able to execute arbitrary code. Originally found and posted by AbdulAziz Harir via ZDI.
• MS12-004 midiOutPlayNextPolyEvent Heap Overflow - This Metasploit module exploits a heap overflow vulnerability in the Windows Multimedia Library (winmm.dll). The vulnerability occurs when parsing specially crafted MIDI files. Remote code execution can be achieved by using Windows Media Player's ActiveX control. Exploitation is done by supplying a specially crafted MIDI file with specific events, causing the offset calculation being higher than how much is available on the heap (0x400 allocated by WINMM!winmmAlloc), and then allowing us to either "inc al" or "dec al" a byte. This can be used to corrupt an array (CImplAry) we setup, and force the browser to confuse types from tagVARIANT objects, which leverages remote code execution under the context of the user. At this time, for IE 8 target, JRE (Java Runtime Environment) is required to bypass DEP (Data Execution Prevention). Note: Based on our testing, the vulnerability does not seem to trigger when the victim machine is operated via rdesktop.
• AWS Hash Collisions - AdaCore Security Advisory - All AWS releases and wavefronts prior to 2012-01-21 suffer from hash collision vulnerabilities.
• Studio Manolibera Listarivisteuk SQL Injection - Studio Manolibera's listarivisteuk.php suffers from a remote SQL injection vulnerability.
• Dark D0rk3r 0.5 - Dark D0rk3r is a python script that performs dork searching and searches for local file inclusion and SQL injection errors.
• IBBY SQL Injection - IBBY's nouvelles.php suffers from a remote SQL injection vulnerability.
• Kraken Payload Generator Beta 1.0 - Kraken Payload Generator is a bash script that makes use of msfpayload to generate various shellcode.
• Fortigate UTM WAF Appliance Cross Site Scripting - The Fortigate UTM WAF appliance suffers from persistent and reflective cross site scripting vulnerabilities.
• Adobe Cross Site Scripting - Adobe's forgotten password flow suffers from a cross site scripting vulnerability.
• Gentoo Linux Security Advisory 201201-16 - Gentoo Linux Security Advisory 201201-16 - A debugging functionality in the X.Org X Server that is bound to a hotkey by default can be used by local attackers to circumvent screen locking utilities. Versions less than 2.4.1-r3 are affected.
• Debian Security Advisory 2396-1 - Debian Linux Security Advisory 2396-1 - Nicolae Mogoraenu discovered a heap overflow in the emulated e1000e network interface card of KVM, a solution for full virtualization on x86 hardware, which could result in denial of service or privilege escalation.
• Debian Security Advisory 2395-1 - Debian Linux Security Advisory 2395-1 - Laurent Butti discovered a buffer underflow in the LANalyzer dissector of the Wireshark network traffic analyzer, which could lead to the execution of arbitrary code.
• Interactive Web Design SQL Injection - Interactive Web Design suffers from a remote SQL injection vulnerability.
• Global Media Service SQL Injection - Global Media Service suffers from a remote SQL injection vulnerability.
...
• HP Diagnostics Server magentservice.exe Overflow - This Metasploit module exploits a stack buffer overflow in HP Diagnostics Server magentservice.exe service. By sending a specially crafted packet, an attacker may be able to execute arbitrary code. Originally found and posted by AbdulAziz Harir via ZDI.
• MS12-004 midiOutPlayNextPolyEvent Heap Overflow - This Metasploit module exploits a heap overflow vulnerability in the Windows Multimedia Library (winmm.dll). The vulnerability occurs when parsing specially crafted MIDI files. Remote code execution can be achieved by using Windows Media Player's ActiveX control. Exploitation is done by supplying a specially crafted MIDI file with specific events, causing the offset calculation being higher than how much is available on the heap (0x400 allocated by WINMM!winmmAlloc), and then allowing us to either "inc al" or "dec al" a byte. This can be used to corrupt an array (CImplAry) we setup, and force the browser to confuse types from tagVARIANT objects, which leverages remote code execution under the context of the user. At this time, for IE 8 target, JRE (Java Runtime Environment) is required to bypass DEP (Data Execution Prevention). Note: Based on our testing, the vulnerability does not seem to trigger when the victim machine is operated via rdesktop.
• AWS Hash Collisions - AdaCore Security Advisory - All AWS releases and wavefronts prior to 2012-01-21 suffer from hash collision vulnerabilities.
• Studio Manolibera Listarivisteuk SQL Injection - Studio Manolibera's listarivisteuk.php suffers from a remote SQL injection vulnerability.
• Dark D0rk3r 0.5 - Dark D0rk3r is a python script that performs dork searching and searches for local file inclusion and SQL injection errors.
• IBBY SQL Injection - IBBY's nouvelles.php suffers from a remote SQL injection vulnerability.
• Kraken Payload Generator Beta 1.0 - Kraken Payload Generator is a bash script that makes use of msfpayload to generate various shellcode.
• Fortigate UTM WAF Appliance Cross Site Scripting - The Fortigate UTM WAF appliance suffers from persistent and reflective cross site scripting vulnerabilities.
• Adobe Cross Site Scripting - Adobe's forgotten password flow suffers from a cross site scripting vulnerability.
• Gentoo Linux Security Advisory 201201-16 - Gentoo Linux Security Advisory 201201-16 - A debugging functionality in the X.Org X Server that is bound to a hotkey by default can be used by local attackers to circumvent screen locking utilities. Versions less than 2.4.1-r3 are affected.
• Debian Security Advisory 2396-1 - Debian Linux Security Advisory 2396-1 - Nicolae Mogoraenu discovered a heap overflow in the emulated e1000e network interface card of KVM, a solution for full virtualization on x86 hardware, which could result in denial of service or privilege escalation.
• Debian Security Advisory 2395-1 - Debian Linux Security Advisory 2395-1 - Laurent Butti discovered a buffer underflow in the LANalyzer dissector of the Wireshark network traffic analyzer, which could lead to the execution of arbitrary code.
• Interactive Web Design SQL Injection - Interactive Web Design suffers from a remote SQL injection vulnerability.
• Global Media Service SQL Injection - Global Media Service suffers from a remote SQL injection vulnerability.
...
-
Език / Language
-
Меню
-
За връзка
-
Други
Български
english
16785168