/.
• An Early Look At Civilization V
• Historic IEEE 802 Group Looks Back and Forward
• Microsoft Shows Full 3D XNA Games On Windows Phone
• The Future of Wind Power May Be Underground
• New Phone Allows Bosses To Snoop On Staff
• Former TSA Analyst Charged With Computer Tampering
• “Mythical Man-Month” Supposedly Busted By MIT Startup
• Zeus Botnet Dealt a Blow As ISPs Troyak, Group 3 Knocked Out
• OnLive Remote Gaming Service Launches In June
• Google Opens Apps Marketplace
• Digitizing and Geocoding Old Maps?
• Sweet, Sour, Salty, Bitter, Protein … and Now Fat
• The Lost Film That Accompanied Empire Strikes Back
• OpenSSH 5.4 Released
• Amazon 1-Click Patent Survives Almost Unscathed
• 6 Smartphone Keyboards Compared
• Man Threatened Spam Attack In $200,000 Extortion Plot
• Code Bubbles — Rethinking the IDE’s User Interface
• Unboxing the Fake Intel Core i7-920
• Historic IEEE 802 Group Looks Back and Forward
• Microsoft Shows Full 3D XNA Games On Windows Phone
• The Future of Wind Power May Be Underground
• New Phone Allows Bosses To Snoop On Staff
• Former TSA Analyst Charged With Computer Tampering
• “Mythical Man-Month” Supposedly Busted By MIT Startup
• Zeus Botnet Dealt a Blow As ISPs Troyak, Group 3 Knocked Out
• OnLive Remote Gaming Service Launches In June
• Google Opens Apps Marketplace
• Digitizing and Geocoding Old Maps?
• Sweet, Sour, Salty, Bitter, Protein
• The Lost Film That Accompanied Empire Strikes Back
• OpenSSH 5.4 Released
• Amazon 1-Click Patent Survives Almost Unscathed
• 6 Smartphone Keyboards Compared
• Man Threatened Spam Attack In $200,000 Extortion Plot
• Code Bubbles — Rethinking the IDE’s User Interface
• Unboxing the Fake Intel Core i7-920
Гелерия
NewsForge
Bugtraq
• Vuln: Apache 'mod_isapi' Memory Corruption Vulnerability
• Vuln: Samba 'CAP_DAC_OVERRIDE' File Permissions Security Bypass Vulnerability
• Vuln: Apache 'mod_proxy_ftp' Wildcard Characters Cross-Site Scripting Vulnerability
• Vuln: Pidgin Multiple Denial of Service Vulnerabilities
• Bugtraq: [USN-908-1] Apache vulnerabilities
• Bugtraq: [ MDVSA-2010:059 ] virtualbox
• Bugtraq: [SECURITY] [DSA-2010-1] New kvm packages fix several vulnerabilities
• Bugtraq: Secunia Research: XnView DICOM Parsing Integer Overflow Vulnerability
• More rss feeds from SecurityFocus
• Vuln: Samba 'CAP_DAC_OVERRIDE' File Permissions Security Bypass Vulnerability
• Vuln: Apache 'mod_proxy_ftp' Wildcard Characters Cross-Site Scripting Vulnerability
• Vuln: Pidgin Multiple Denial of Service Vulnerabilities
• Bugtraq: [USN-908-1] Apache vulnerabilities
• Bugtraq: [ MDVSA-2010:059 ] virtualbox
• Bugtraq: [SECURITY] [DSA-2010-1] New kvm packages fix several vulnerabilities
• Bugtraq: Secunia Research: XnView DICOM Parsing Integer Overflow Vulnerability
• More rss feeds from SecurityFocus
PacketStormSecurity
• MDVSA-2010-060.txt - Mandriva Linux Security Advisory 2010-060 - The htcpHandleTstRequest function in htcp.c in Squid 2.x and 3.0 through 3.0.STABLE23 allows remote attackers to cause a denial of service (crash) via crafted packets to the HTCP port, which triggers a NULL pointer dereference. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct this issue.
• cookiemonster_v1.6.zip - Cookie Monster is a cookie analysis tool written in Python. Cookie Monster will grab cookies from a host and assign each character a number. This number can be used to perform mathematical calculations on the differences in order to find a pattern and see if cookie prediction is possible.
• super-vulns.tgz - SUPERAntiSpyware and Super Ad Blocker have almost identical device drivers in order to set up hooks and perform other duties from kernel space. These device drivers suffer from lack of validation of parameters passed from user mode. Additionally, some of the functions accessible from user mode are inherently insecure and lead to easy privilege escalation. All vulnerabilities are applicable to both applications. Proof of concept code included with full advisory.
• joomlaabout-sql.txt - The Joomla About component suffers from a remote SQL injection vulnerability.
• USN-908-1.txt - Ubuntu Security Notice 908-1 - It was discovered that mod_proxy_ajp did not properly handle errors when a client doesn't send a request body. A remote attacker could exploit this with a crafted request and cause a denial of service. This issue affected Ubuntu 8.04 LTS, 8.10, 9.04 and 9.10. It was discovered that Apache did not properly handle headers in subrequests under certain conditions. A remote attacker could exploit this with a crafted request and possibly obtain sensitive information from previous requests.
• MDVSA-2010-059.txt - Mandriva Linux Security Advisory 2010-059 - Unspecified vulnerability in Guest Additions in Sun xVM VirtualBox 1.6.x and 2.0.x before 2.0.12, 2.1.x, and 2.2.x, and Sun VirtualBox before 3.0.10, allows guest OS users to cause a denial of service (memory consumption) on the guest OS via unknown vectors. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct this issue.
• dsa-2010-1.txt - Debian Linux Security Advisory 2010-1 - Several local vulnerabilities have been discovered in kvm, a full virtualization system.
• secunia-xnviewdicom.txt - Secunia Research has discovered a vulnerability in XnView, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused due to an integer overflow when processing DICOM images with certain dimensions. This can be exploited to cause a heap-based buffer overflow by e.g. tricking a user into opening a specially crafted DICOM file. Version 1.97 is affected.
• excel-codeexec.txt - VUPEN Vulnerability Research Team discovered a critical vulnerability affecting Microsoft Office Excel. The flaw is caused by a memory corruption error when processing malformed EntExU2 records in an Excel document, which could be exploited by attackers to execute arbitrary code.
• ie_iepeers_pointer.rb.txt - This Metasploit module exploits a use-after-free vulnerability within iepeers.dll of Microsoft Internet Explorer versions 6 and 7. NOTE: Internet Explorer 8 and Internet Explorer 5 are not affected.
• phpcityportal-sqlrfi.txt - PHPCityPortal suffers from remote file inclusion and SQL injection vulnerabilities.
• Botan-1.9.4.tgz - Botan is a C++ library of cryptographic algorithms, including AES, DES, SHA-1, RSA, DSA, Diffie-Hellman, and many others. It also supports X.509 certificates and CRLs, and PKCS #10 certificate requests, and has a high level filter/pipe message processing system. The library is easily portable to most systems and compilers, and includes a substantial tutorial and API reference.
• gnupg-2.0.15.tar.bz2 - GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions.
• fwbuilder-4.0.0.tar.gz - Firewall Builder consists of a GUI and set of policy compilers for various firewall platforms. It helps users maintain a database of objects and allows policy editing using simple drag-and-drop operations. The GUI and policy compilers are completely independent, which provides for a consistent abstract model and the same GUI for different firewall platforms. It currently supports iptables, ipfilter, ipfw, OpenBSD pf, Cisco PIX and FWSM, and Cisco routers access lists.
• anantasoft-xsrf.txt - Anantasoft Gazelle CMS suffers from a cross site request forgery vulnerability.
...
• cookiemonster_v1.6.zip - Cookie Monster is a cookie analysis tool written in Python. Cookie Monster will grab cookies from a host and assign each character a number. This number can be used to perform mathematical calculations on the differences in order to find a pattern and see if cookie prediction is possible.
• super-vulns.tgz - SUPERAntiSpyware and Super Ad Blocker have almost identical device drivers in order to set up hooks and perform other duties from kernel space. These device drivers suffer from lack of validation of parameters passed from user mode. Additionally, some of the functions accessible from user mode are inherently insecure and lead to easy privilege escalation. All vulnerabilities are applicable to both applications. Proof of concept code included with full advisory.
• joomlaabout-sql.txt - The Joomla About component suffers from a remote SQL injection vulnerability.
• USN-908-1.txt - Ubuntu Security Notice 908-1 - It was discovered that mod_proxy_ajp did not properly handle errors when a client doesn't send a request body. A remote attacker could exploit this with a crafted request and cause a denial of service. This issue affected Ubuntu 8.04 LTS, 8.10, 9.04 and 9.10. It was discovered that Apache did not properly handle headers in subrequests under certain conditions. A remote attacker could exploit this with a crafted request and possibly obtain sensitive information from previous requests.
• MDVSA-2010-059.txt - Mandriva Linux Security Advisory 2010-059 - Unspecified vulnerability in Guest Additions in Sun xVM VirtualBox 1.6.x and 2.0.x before 2.0.12, 2.1.x, and 2.2.x, and Sun VirtualBox before 3.0.10, allows guest OS users to cause a denial of service (memory consumption) on the guest OS via unknown vectors. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct this issue.
• dsa-2010-1.txt - Debian Linux Security Advisory 2010-1 - Several local vulnerabilities have been discovered in kvm, a full virtualization system.
• secunia-xnviewdicom.txt - Secunia Research has discovered a vulnerability in XnView, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused due to an integer overflow when processing DICOM images with certain dimensions. This can be exploited to cause a heap-based buffer overflow by e.g. tricking a user into opening a specially crafted DICOM file. Version 1.97 is affected.
• excel-codeexec.txt - VUPEN Vulnerability Research Team discovered a critical vulnerability affecting Microsoft Office Excel. The flaw is caused by a memory corruption error when processing malformed EntExU2 records in an Excel document, which could be exploited by attackers to execute arbitrary code.
• ie_iepeers_pointer.rb.txt - This Metasploit module exploits a use-after-free vulnerability within iepeers.dll of Microsoft Internet Explorer versions 6 and 7. NOTE: Internet Explorer 8 and Internet Explorer 5 are not affected.
• phpcityportal-sqlrfi.txt - PHPCityPortal suffers from remote file inclusion and SQL injection vulnerabilities.
• Botan-1.9.4.tgz - Botan is a C++ library of cryptographic algorithms, including AES, DES, SHA-1, RSA, DSA, Diffie-Hellman, and many others. It also supports X.509 certificates and CRLs, and PKCS #10 certificate requests, and has a high level filter/pipe message processing system. The library is easily portable to most systems and compilers, and includes a substantial tutorial and API reference.
• gnupg-2.0.15.tar.bz2 - GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions.
• fwbuilder-4.0.0.tar.gz - Firewall Builder consists of a GUI and set of policy compilers for various firewall platforms. It helps users maintain a database of objects and allows policy editing using simple drag-and-drop operations. The GUI and policy compilers are completely independent, which provides for a consistent abstract model and the same GUI for different firewall platforms. It currently supports iptables, ipfilter, ipfw, OpenBSD pf, Cisco PIX and FWSM, and Cisco routers access lists.
• anantasoft-xsrf.txt - Anantasoft Gazelle CMS suffers from a cross site request forgery vulnerability.
...
-
Език / Language
-
Меню
-
За връзка
-
Други
Български
english
16785168