/.
• New Calculations May Lead To a Test For String Theory
• Facebook To Add Remote Logout
• Google Releases Chrome 6, Pays $4337 In Bounties
• Harvard Ditching Final Exams?
• Video Appliance For a Large Library On a Network?
• Canon Develops 8 X 8 Inch Digital CMOS Sensor
• Flash On Android Is ‘Shockingly Bad’
• GameStop Pulls Medal of Honor From Military Bases
• DNA-Less ‘Red Rain’ Cells Reproduce At 121 C
• UN Telecom Chief Urges Blackberry Data Sharing
• AMD Hates Laptop Stickers As Much As You Do
• New German Government ID Hacked By CCC
• Cisco Planning To Acquire Skype
• Another Gulf Oil Rig Explodes
• Open Source PS3 Jailbreak Released
• Facebook Post Juror Gets Fined, Removed, Assigned Homework
• Ping Could Be Apple’s Social Networking Backdoor?
• Samsung Shows Off Galaxy Tab, Android Allegiance
• Hawking Picks Physics Over God For Big Bang
• Facebook To Add Remote Logout
• Google Releases Chrome 6, Pays $4337 In Bounties
• Harvard Ditching Final Exams?
• Video Appliance For a Large Library On a Network?
• Canon Develops 8 X 8 Inch Digital CMOS Sensor
• Flash On Android Is ‘Shockingly Bad’
• GameStop Pulls Medal of Honor From Military Bases
• DNA-Less ‘Red Rain’ Cells Reproduce At 121 C
• UN Telecom Chief Urges Blackberry Data Sharing
• AMD Hates Laptop Stickers As Much As You Do
• New German Government ID Hacked By CCC
• Cisco Planning To Acquire Skype
• Another Gulf Oil Rig Explodes
• Open Source PS3 Jailbreak Released
• Facebook Post Juror Gets Fined, Removed, Assigned Homework
• Ping Could Be Apple’s Social Networking Backdoor?
• Samsung Shows Off Galaxy Tab, Android Allegiance
• Hawking Picks Physics Over God For Big Bang
Гелерия
LifeHacker
• Ubuntu 10.10 Beta Adds New Photo Manager, Improves Multimedia Experience [Downloads]
• The Best Things to Buy in September [Buying Guide]
• The Basic Guide to Troubleshooting Common Windows PC Problems [Troubleshooting]
• How to Always Get to the Airport On Time [Travel Tip]
• The Best iPhone Apps for Your Car [IPhone]
• The Best Android Apps for Your Car [Android]
• Chrome Stable Updates to Version 6 with Extension Syncing and Form Autofill [Downloads]
• Devote Four Minutes Every Morning to Actual Couple Talk [Relationships]
• What You Can Expect from iOS 4.1 and the Upcoming iOS 4.2 [Updates]
• iTunes 10 Gets a Streamlined Interface, Adds a Social Network for Music [Downloads]
• Adioso Finds the Best Deals for Travelers with Flexible Travel Plans [Travel]
• Battle of the Android Home Screen Launchers: ADW vs. LauncherPro vs. HelixLauncher [Android]
• Stretching Before Running Doesn't Help, But Don't Stop Right Away [Exercise]
• FilerFrog Puts Truly Helpful File Operations in Windows' Context Menu [Downloads]
• How to Remember People's Names (and Deal with Unusual Names) [Mind Hacks]
• Three New Gmail Shortcuts You'll Want to Memorize [Keyboard Shortcuts]
• Why Technology Is So Addictive, and How You Can Avoid Tech Burnout [Technology]
• Plex/Nine Adds Hardware Acceleration, Better Metadata Handling, and iOS Streaming App [Downloads]
• WiFi File Explorer Manages Your Android SD Card from a Web Browser [Downloads]
• Gmail Priority Inbox Finds and Sorts Important Messages Automatically [Gmail]
• The Cheapest Time to Book a Flight Is Eight Weeks Before You're Traveling [Saving Money]
• The Best Things to Buy in September [Buying Guide]
• The Basic Guide to Troubleshooting Common Windows PC Problems [Troubleshooting]
• How to Always Get to the Airport On Time [Travel Tip]
• The Best iPhone Apps for Your Car [IPhone]
• The Best Android Apps for Your Car [Android]
• Chrome Stable Updates to Version 6 with Extension Syncing and Form Autofill [Downloads]
• Devote Four Minutes Every Morning to Actual Couple Talk [Relationships]
• What You Can Expect from iOS 4.1 and the Upcoming iOS 4.2 [Updates]
• iTunes 10 Gets a Streamlined Interface, Adds a Social Network for Music [Downloads]
• Adioso Finds the Best Deals for Travelers with Flexible Travel Plans [Travel]
• Battle of the Android Home Screen Launchers: ADW vs. LauncherPro vs. HelixLauncher [Android]
• Stretching Before Running Doesn't Help, But Don't Stop Right Away [Exercise]
• FilerFrog Puts Truly Helpful File Operations in Windows' Context Menu [Downloads]
• How to Remember People's Names (and Deal with Unusual Names) [Mind Hacks]
• Three New Gmail Shortcuts You'll Want to Memorize [Keyboard Shortcuts]
• Why Technology Is So Addictive, and How You Can Avoid Tech Burnout [Technology]
• Plex/Nine Adds Hardware Acceleration, Better Metadata Handling, and iOS Streaming App [Downloads]
• WiFi File Explorer Manages Your Android SD Card from a Web Browser [Downloads]
• Gmail Priority Inbox Finds and Sorts Important Messages Automatically [Gmail]
• The Cheapest Time to Book a Flight Is Eight Weeks Before You're Traveling [Saving Money]
Bugtraq
• Vuln: Adobe Flash Player and AIR (CVE-2010-2213) Multiple Unspecified Memory Corruption Vulnerabilities
• Vuln: Adobe Flash Player and AIR (CVE-2010-2216) Unspecified Memory Corruption Vulnerability
• Vuln: Adobe Flash Player and AIR (CVE-2010-2215) Unspecified Clickjacking Vulnerability
• Vuln: Adobe Flash Player and AIR (CVE-2010-2214) Unspecified Memory Corruption Vulnerability
• Bugtraq: {PRL} Novell Netware OpenSSH Remote Stack Overflow
• Bugtraq: Vulnerabilities in CMS WebManager-Pro
• Bugtraq: [ MDVSA-2010:169 ] mozilla-thunderbird
• Bugtraq: [USN-982-1] Wget vulnerability
• More rss feeds from SecurityFocus
• Vuln: Adobe Flash Player and AIR (CVE-2010-2216) Unspecified Memory Corruption Vulnerability
• Vuln: Adobe Flash Player and AIR (CVE-2010-2215) Unspecified Clickjacking Vulnerability
• Vuln: Adobe Flash Player and AIR (CVE-2010-2214) Unspecified Memory Corruption Vulnerability
• Bugtraq: {PRL} Novell Netware OpenSSH Remote Stack Overflow
• Bugtraq: Vulnerabilities in CMS WebManager-Pro
• Bugtraq: [ MDVSA-2010:169 ] mozilla-thunderbird
• Bugtraq: [USN-982-1] Wget vulnerability
• More rss feeds from SecurityFocus
PacketStormSecurity
• MDVSA-2010-170.txt - Mandriva Linux Security Advisory 2010-170 - GNU Wget 1.12 and earlier uses a server-provided filename instead of the original URL to determine the destination filename of a download, which allows remote servers to create or overwrite arbitrary files via a 3xx redirect to a URL with a.wgetrc filename followed by a 3xx redirect to a URL with a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory.
• glsa-201009-01.txt - Gentoo Linux Security Advisory 201009-1 - An integer overflow vulnerability in wxGTK might enable remote attackers to cause the execution of arbitrary code. wxGTK is prone to an integer overflow error in the wxImage::Create() function in src/common/image.cpp, possibly leading to a heap-based buffer overflow. Versions less than 2.8.10.1-r1 are affected.
• onecms-xss.txt - OneCMS version 2.6.1 suffers from a cross site scripting vulnerability.
• path-attacks.txt - Whitepaper called PATH Attacks. Written in German.
• moaub02-apple.pdf - Month Of Abysssec Undisclosed Bugs - Apple QuickTime player version 7.6.5 FlashPix NumberOfTiles remote code execution exploit.
• moaub02-rainbow.pdf - Month Of Abysssec Undisclosed Bugs - Rainbow Portal version 2.0 suffers from login weakness, cross site scripting and remote SQL injection vulnerabilities.
• webmanagerpro-sql.txt - CMS WebManager-Pro suffers from a remote SQL injection vulnerability.
• suricata-1.0.2.tar.gz - Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.
• checksum-shellcode.txt - This shellcode is an egg hunter checksum routine.
• USN-982-1.txt - Ubuntu Security Notice 982-1 - It was discovered that Wget would use filenames provided by the server when following 3xx redirects. If a user or automated system were tricked into downloading a file from a malicious site, a remote attacker could create the file with an arbitrary name (e.g. .wgetrc), and possibly run arbitrary code.
• PRL-2010-07.txt - A flaw exists within SSHD.NLM of Novell Netware version 6.5. When the application attempts to resolve an absolute path on the server, a 512 byte destination buffer is used without bounds checking. By providing a large enough value, an attacker can cause a buffer to be overflowed. Successful exploitation results in remote code execution under the context of the server.
• MDVSA-2010-169.txt - Mandriva Linux Security Advisory 2010-169 - dom/base/nsJSEnvironment.cpp in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 does not properly suppress a script's URL in certain circumstances involving a redirect and an error message, which allows remote attackers to obtain sensitive information about script parameters via a crafted HTML document, related to the window.onerror handler. Mozilla Firefox permits cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type and the stylesheet document is malformed, which allows remote HTTP servers to obtain sensitive information via a crafted document. Various other Mozilla related vulnerabilities have been addressed.
• moovida-dllhijack.tgz - Moovida Media Player versions 2.0.0.15 and below DLL hijacking exploit.
• cvechecker-0.5.tar.gz - cvechecker reports about possible vulnerabilities on your system by scanning the installed software and matching the results with the CVE database. This is not a bullet-proof method and you will most likely have many false positives, but it is still better than nothing, especially if you are running a distribution with little security coverage.
• moaub-quicktime.txt - Month Of Abysssec Undisclosed Bugs - Apple QuickTime player version 7.6.5 FlashPix NumberOfTiles remote code execution exploit.
...
• glsa-201009-01.txt - Gentoo Linux Security Advisory 201009-1 - An integer overflow vulnerability in wxGTK might enable remote attackers to cause the execution of arbitrary code. wxGTK is prone to an integer overflow error in the wxImage::Create() function in src/common/image.cpp, possibly leading to a heap-based buffer overflow. Versions less than 2.8.10.1-r1 are affected.
• onecms-xss.txt - OneCMS version 2.6.1 suffers from a cross site scripting vulnerability.
• path-attacks.txt - Whitepaper called PATH Attacks. Written in German.
• moaub02-apple.pdf - Month Of Abysssec Undisclosed Bugs - Apple QuickTime player version 7.6.5 FlashPix NumberOfTiles remote code execution exploit.
• moaub02-rainbow.pdf - Month Of Abysssec Undisclosed Bugs - Rainbow Portal version 2.0 suffers from login weakness, cross site scripting and remote SQL injection vulnerabilities.
• webmanagerpro-sql.txt - CMS WebManager-Pro suffers from a remote SQL injection vulnerability.
• suricata-1.0.2.tar.gz - Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.
• checksum-shellcode.txt - This shellcode is an egg hunter checksum routine.
• USN-982-1.txt - Ubuntu Security Notice 982-1 - It was discovered that Wget would use filenames provided by the server when following 3xx redirects. If a user or automated system were tricked into downloading a file from a malicious site, a remote attacker could create the file with an arbitrary name (e.g. .wgetrc), and possibly run arbitrary code.
• PRL-2010-07.txt - A flaw exists within SSHD.NLM of Novell Netware version 6.5. When the application attempts to resolve an absolute path on the server, a 512 byte destination buffer is used without bounds checking. By providing a large enough value, an attacker can cause a buffer to be overflowed. Successful exploitation results in remote code execution under the context of the server.
• MDVSA-2010-169.txt - Mandriva Linux Security Advisory 2010-169 - dom/base/nsJSEnvironment.cpp in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 does not properly suppress a script's URL in certain circumstances involving a redirect and an error message, which allows remote attackers to obtain sensitive information about script parameters via a crafted HTML document, related to the window.onerror handler. Mozilla Firefox permits cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type and the stylesheet document is malformed, which allows remote HTTP servers to obtain sensitive information via a crafted document. Various other Mozilla related vulnerabilities have been addressed.
• moovida-dllhijack.tgz - Moovida Media Player versions 2.0.0.15 and below DLL hijacking exploit.
• cvechecker-0.5.tar.gz - cvechecker reports about possible vulnerabilities on your system by scanning the installed software and matching the results with the CVE database. This is not a bullet-proof method and you will most likely have many false positives, but it is still better than nothing, especially if you are running a distribution with little security coverage.
• moaub-quicktime.txt - Month Of Abysssec Undisclosed Bugs - Apple QuickTime player version 7.6.5 FlashPix NumberOfTiles remote code execution exploit.
...
-
Език / Language
-
Меню
-
За връзка
-
Други
Български
english
16785168