The finest blend of the latest IT security news headlines, updated every 4 hours.

IT Security News
Regular Security News
Social Media
Tools 		Exploits
Vulnerabilities
Security Videos & Podcasts
Other Stuff 		Security Blogs
Microsoft Security Advisories
Mailing Lists 		Bookmark + Share

Colour scheme


IT Security News

Packet Storm Security Headlines

The Register – Security

Security Bloggers Network

SANS Internet Storm Center, InfoCON: green

SecurityFocus News

[ISN] InfoSec News Mailing List

CNET News – Security

IT Security

 Do you <3 the security news?
Then help us get more links by bookmarking us on sites like digg, delicious, etc.

Regular Security News

hacking – Google News

computer security – Google News

Threat Level

Social Media
Reddit

network security

digg.com: Stories / Security / Popular

digg.com: Stories / Security / Upcoming

Delicious/tag/security

Delicious/tag/hacking

Delicious/tag/encryption

Slashdot: Your Rights Online

 Got any bright ideas about what to put here? I’m sure you can think of something with an rss feed

Tools

Packet Storm Security Tools

  • tor.uclibc.i686.20100309.iso Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced. […]
  • reverberation.c Reverberation is a proof of concept denial of service tool that makes use of UDP echo servers.
  • Ravage.zip Ravage is a rogue DHCP server written in PHP.
  • reglookup-0.12.0.tar.gz RegLookup is a small command line utility for parsing and searching registry files from Windows NT and later.
  • khc_0.2.tar.gz Known Host Cracker (khc) is a small tool designed to recover hashed known_host files back to their plain-text equivalents.
  • geoipgen-0.4.tar.gz GeoIPgen is a country-to-IPs generator. It’s a geographic IP generator for IPv4 networks that uses the MaxMind GeoLite Country database. Geoipgen is the first published use of a geographic ip database in reverse to translate from country-to-IPs instead of the usual use of IP-to-country. Features: Ra. […]
  • nessus-xmlrpc-0.3.tar.gz nessus-xmlrpc is a Ruby library for the Nessus XML-RPC interface. It comes with an example command line program that shows how easy it is to interact with the Nessus scanner.
  • openssh-5.4p1.tar.gz This is a Linux/portable port of OpenBSD’s excellent OpenSSH. OpenSSH is based on the last free version of Tatu Ylonen’s SSH with all patent-encumbered algorithms removed, all known security bugs fixed, new features reintroduced, and many other clean-ups.
  • AdvancedWinServiceManager.zip AdvancedWinServiceManager is a smart tool to remove hidden rootkit services. It makes it easy to eliminate such malicious services by separating out third party services from Windows services. By default it shows only third party services along with more details such as Company Name, Description, In. […]
  • kolang-bypass.txt Kolang is a php script that can be leveraged in local and remote file inclusion attacks and performs safe mode bypass for PHP versions 4.3.10 through 5.3.10.

CNET Download.com Security Software New Releases

Exploits

Packet Storm Security Exploits

  • rivercms-sql.txt River CMS version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
  • nusnewssystem-sql.txt NUs Newssystem version 1.02 suffers from a remote SQL injection vulnerability.
  • jevci-disclose.txt Jevci Siparis Formu Scripti suffers from a remote database disclosure vulnerability.
  • mhproducts-sql.txt Mhproducts Kleinanzeigenmarkt suffers from a remote SQL injection vulnerability.
  • easyftp.rb.txt This Metasploit module exploits a stack overflow in the CWD verb in Easy~FTP Server. You must have valid credentials to trigger this vulnerability.
  • energizer_duo_payload.rb.txt This Metasploit module will execute an arbitrary payload against any system infected with the Arugizer trojan horse. This backdoor was shipped with the software package accompanying the Energizer Duo USB battery charger.
  • orbital_viewer_orb.rb.txt This Metasploit module exploits a stack-based buffer overflow in David Manthey’s Orbital Viewer. When processing .ORB files, data is read from file into a fixed-size stack buffer using the fscanf function. Since no bounds checking is done, a buffer overflow can occur. Attackers can execute arbitrary. […]
  • rsstatic-sql.txt Rsstatic suffers from a remote SQL injection vulnerability.
  • uebimiauwebmail-disclose.txt Uebimiau Webmail version 3.2.0-2.0 suffers from a remote email disclosure vulnerability.
  • aef-xss.txt AEF version 1.0.8 suffers from a cross site scripting vulnerability.

Exploit-DB updates

Securityvulns exploits channel

  • sudo-xpl.sh Tod Miller Sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4
  • easyftp.py Exploits Easy FTP Server 1.7.0.2 Remote BoF
  • operaex.html Opera
  • iMailDecrypt.py Ipswitch IMail Server – IMAP4 Server (IMail 11.01) Password Decryptor
  • nautiluspoc.tar.gz GNOME Nautilus code execution PoC
  • cmsd_exploit.c RPC.cmsd remote PoC for AIX 6.1 and lower
  • 360secex.c 360 Security Guard breg device drivers Privilege Escalation exploit
  • serversman.py Apple Iphone/Ipod – Serversman 3.1.5 HTTP Remote DoS exploit
  • Rising0day.cpp Rising AntiVirus 2008/2009/2010 Local Privilege Escalation Exploit
  • server.c Mod_proxy from apache 1.3 Integer overflow PoC
  • attftpd.c TFTP Daemon Version 1.9 Remote Buffer Overflow Exploit
  • tls-renegotiation-poc.py PoC exploit for the TLS renegotiation vulnerability (CVE-2009-3555)
  • simplephp.pl Simple PHP Blog
  • thedailyshow.pl Mozilla Codesighs Memory Corruption PoC
  • php 9sg_illu.php Adobe Illustrator CS4 (V14.0.0) Encapsulated Postscript (.eps) overlong DSC Comment Buffer Overflow Exploit
  • eurekaex.py Eureka Mail Client Remote Buffer Overflow Exploit XP SP3 English Egghunter Edition

Inj3ct0r.com

Vulnerabilities

Packet Storm Security Advisories

  • TA10-068A.txt Technical Cyber Security Alert 2010-68A – Microsoft has released updates to address vulnerabilities in Microsoft Windows and Microsoft Office.
  • CORE-2009-1103.txt Core Security Technologies Advisory – A memory corruption occurs on Microsoft Office Excel 2002 when parsing a .XLS file with a malformed DbOrParamQry record. This vulnerability could be used by a remote attacker to execute arbitrary code in the context of the currently logged on user, by enticing t. […]
  • CORE-2009-0813.txt Core Security Technologies Advisory – A vulnerability was found in Windows Movie Maker and Microsoft Producer, which can be triggered by a remote attacker by sending a specially crafted file and enticing the user to open it. This vulnerability results in a write access violation and can lead to remo. […]
  • MDVSA-2010-058.txt Mandriva Linux Security Advisory 2010-058 – Multiple vulnerabilities have been found and corrected in PHP. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct these issues.
  • ZDI-10-026.txt Zero Day Initiative Advisory 10-026 – This vulnerability allows remote attackers to execute arbitrary commands on vulnerable installations of Hewlett-Packard Performance Insight. Authentication is not required to exploit this vulnerability. The specific flaw exists in the handling of requests to the. […]
  • HPSBMA02489-SSRT090065.txt HP Security Bulletin – A potential vulnerability has been identified with HP Performance Insight. The vulnerability could be exploited remotely to execute arbitrary commands.
  • ZDI-10-025.txt Zero Day Initiative Advisory 10-025 – This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel. User interaction is required to exploit this vulnerability in that the target must open a malicious file. The specific flaw exists in the. […]
  • dsa-2008-1.txt Debian Linux Security Advisory 2008-1 – Several remote vulnerabilities have been discovered in the TYPO3 web content management framework: Cross-site scripting vulnerabilities have been discovered in both the frontend and the backend. Also, user data could be leaked.
  • USN-907-1.txt Ubuntu Security Notice 907-1 – It was discovered that gnome-screensaver did not correctly lock all screens when monitors get hotplugged. An attacker with physical access could use this flaw to gain access to a locked session. It was discovered that gnome-screensaver did not correctly handle keyboard. […]
  • MDVSA-2010-057.txt Mandriva Linux Security Advisory 2010-057 – The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which mi. […]

Bugtraq

  • ZDI-10-025: Microsoft Office Excel XLSX File Parsing Remote Code Execution Vulnerability Posted by ZDI Disclosures on Mar 09ZDI-10-025: Microsoft Office Excel XLSX File Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-025 March 9, 2010 — CVE ID: CVE-2010-0263 — Affected Vendors: Microsoft — Affected Products: Microsoft Office Excel — Vul. […]
  • [security bulletin] HPSBMA02489 SSRT090065 rev.1 – HP Performance Insight , Remote Execution of Arbitrary Commands Posted by security-alert on Mar 09SUPPORT COMMUNICATION – SECURITY BULLETIN Document ID: c02033170 Version: 1 HPSBMA02489 SSRT090065 rev.1 – HP Performance Insight , Remote Execution of Arbitrary Commands NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Rel. […]
  • [SECURITY] [DSA 2008-1] New typo3-src packages fix several vulnerabilities Posted by Moritz Muehlenhoff on Mar 09———————————————————————— Debian Security Advisory DSA-2008-1 security () debian org http://www.debian.org/security/ Moritz Muehlenhoff March 08, 2010 http://www.debian.org/security/faq —————————–. […]
  • IBM ENOVIA SmarTeam v5 Cross Site Scripting Vulnerability Posted by lament on Mar 09========================================= Yaniv Miron aka “Lament” Advisory March 7, 2010 IBM ENOVIA SmarTeam v5 Cross Site Scripting Vulnerability ========================================= ===================== I. BACKGROUND ===================== ENOVIA SmarTeam provides h. […]
  • Re: Apple Airport Wireless Products: Promiscuous FTP PORT Allowed in FTP Proxy Provides Security Bypass Posted by Sabahattin Gucukoglu on Mar 09Do you have firmware information on which products it affects. Tested with firmware 7.5 on the latest-generation units. Should work just fine with 7.4.2, on the previous generation. These are the latest versions. I don’t know about previous releases for Airpor. […]
  • SQL injection vulnerability in wILD CMS Posted by Maciej Gojny on Mar 09# Title: [SQL injection vulnerability in wILD CMS] # Date: [09.03.2010] # Author: [Ariko-Security] # Software Link: [http://www.wildcms.com/] # Version: [ALL] ============ { Ariko-Security – Advisory #4/3/2010 } ============= SQL injection vulnerability in wILD CMS Ve. […]
  • Croogo CMS 1.2 Cross Site Scripting Vulnerabilities Posted by Paulino Calderon on Mar 09Croogo CMS 1.2 Cross Site Scripting Vulnerabilities ========================================== Vulnerable Software: 1.2 and prior Release Date: 2010-03-06 Last Update: 2010-02-01 Critical: Low Impact: Session hijack Denial of service Code execution Solution Status. […]
  • [ MDVSA-2010:057 ] apache Posted by security on Mar 08 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2010:057 http://www.mandriva.com/security/ _______________________________________________________________________ Package : apache Date : March 6, 2010 Affecte. […]
  • Re: phpinfo() XSS Vulnerability Posted by Salvatore Fresta aka Drosophila on Mar 08I tested it with php 5.1.6 and 5.2.6 and seems not work. The request_uri’s content is encoded before to be printed: /phpinfo.php?+%3CScRipT%3Ealert(0111001101100101011000110111010101110010011010010111010001111001);%3C/sCrIpT%3E+
  • [USN-907-1] gnome-screensaver vulnerabilities Posted by Marc Deslauriers on Mar 08=========================================================== Ubuntu Security Notice USN-907-1 March 08, 2010 gnome-screensaver vulnerabilities CVE-2010-0285, CVE-2010-0422 =========================================================== A security issue affects the foll. […]
  • rPSA-2010-0014-1 mysql mysql-bench mysql-server Posted by rPath Update Announcements on Mar 08rPath Security Advisory: 2010-0014-1 Published: 2010-03-07 Products: rPath Appliance Platform Linux Service 1 rPath Appliance Platform Linux Service 2 rPath Linux 1 rPath Linux 2 Rating: Severe Exposure Level Classification: Remote System User Determinis. […]
  • rPSA-2010-0013-1 gzip Posted by rPath Update Announcements on Mar 08rPath Security Advisory: 2010-0013-1 Published: 2010-03-07 Products: rPath Appliance Platform Linux Service 1 rPath Appliance Platform Linux Service 2 rPath Linux 1 rPath Linux 2 Rating: Major Exposure Level Classification: Local System User Non-determin. […]
  • rPSA-2010-0012-1 postgresql postgresql-contrib postgresql-server Posted by rPath Update Announcements on Mar 08rPath Security Advisory: 2010-0012-1 Published: 2010-03-07 Products: rPath Appliance Platform Linux Service 1 rPath Appliance Platform Linux Service 2 rPath Linux 1 rPath Linux 2 Rating: Severe Exposure Level Classification: Remote System User Determinis. […]
  • rPSA-2010-0011-1 gnome-ssh-askpass openssh openssh-client openssh-server Posted by rPath Update Announcements on Mar 08rPath Security Advisory: 2010-0011-1 Published: 2010-03-07 Products: rPath Appliance Platform Linux Service 1 rPath Appliance Platform Linux Service 2 rPath Linux 1 rPath Linux 2 Rating: Minor Exposure Level Classification: Remote User Non-deterministic. […]
  • ZoneAlarm Security Circumvention Posted by Andrew Barkley on Mar 08Hi, During my (in)security research, I’ve discovered what appears initially to be a design oversight and not necessarily a vulnerability, affecting ZoneAlarm and various other security vendors. I’ve tested this on various XP platforms successfully, please feel free. […]

SecurityFocus Vulnerabilities

Unofficial Secunia Security Advisories

Security Videos & Podcasts

SecurityTube.Net

PaulDotCom

Risky Business

Other Stuff

Hack a Day

There are no items in this feed.

Packet Storm Security Miscellaneous Files

Packet Storm Security Last Files

  • TA10-068A.txt Technical Cyber Security Alert 2010-68A – Microsoft has released updates to address vulnerabilities in Microsoft Windows and Microsoft Office.
  • tor.uclibc.i686.20100309.iso Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced. […]
  • CORE-2009-1103.txt Core Security Technologies Advisory – A memory corruption occurs on Microsoft Office Excel 2002 when parsing a .XLS file with a malformed DbOrParamQry record. This vulnerability could be used by a remote attacker to execute arbitrary code in the context of the currently logged on user, by enticing t. […]
  • CORE-2009-0813.txt Core Security Technologies Advisory – A vulnerability was found in Windows Movie Maker and Microsoft Producer, which can be triggered by a remote attacker by sending a specially crafted file and enticing the user to open it. This vulnerability results in a write access violation and can lead to remo. […]
  • rivercms-sql.txt River CMS version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
  • MDVSA-2010-058.txt Mandriva Linux Security Advisory 2010-058 – Multiple vulnerabilities have been found and corrected in PHP. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct these issues.
  • nusnewssystem-sql.txt NUs Newssystem version 1.02 suffers from a remote SQL injection vulnerability.
  • jevci-disclose.txt Jevci Siparis Formu Scripti suffers from a remote database disclosure vulnerability.
  • ZDI-10-026.txt Zero Day Initiative Advisory 10-026 – This vulnerability allows remote attackers to execute arbitrary commands on vulnerable installations of Hewlett-Packard Performance Insight. Authentication is not required to exploit this vulnerability. The specific flaw exists in the handling of requests to the. […]
  • mhproducts-sql.txt Mhproducts Kleinanzeigenmarkt suffers from a remote SQL injection vulnerability.

Security Blogs

Security Bloggers Network

Schneier on Security

LinuxSecurity.com – Latest News

TaoSecurity

SecuriTeam Blogs

Offensive Computing – Community Malicious code research and analysis

Darknet – The Darkside

The Dark Visitor

Jeremiah Grossman

cr0 blog

Hack In The Box

GNUCITIZEN

The Ethical Hacker Network RSS News Feed

carnal0wnage.attackresearch.com

Daily Dave

ha.ckers.org web application security lab

Security4all – Dedicated to digital security, enterprise 2.0 and presentation skills

Metasploit

DVLabs: Blogs

The RISKS Digest

Security Fix

Microsoft Security Advisories

The Microsoft Security Response Center (MSRC)

  • March 2010 Security Bulletin Release Today we are releasing two Important security bulletins addressing eight vulnerabilities in Windows and Microsoft Office. Both bulletins have an aggregate Exploitability Index rating of “1” so we recommend that customers deploy these updates as soon as possible. The Microsoft Exploitability Inde. […]
  • Security Advisory 981374 Released Hi everyone, Today we released Security Advisory 981374 addressing a publicly disclosed vulnerability in Internet Explorer 6 and Internet Explorer 7. Internet Explorer 8 is not affected by this issue. Customers using Internet Explorer 6 or 7 should upgrade to Internet Explorer 8 immediately to benef. […]
  • March 2010 Bulletin Release Advance Notification Today we are providing advance notification to customers that we will be releasing two bulletins this month affecting Windows and Microsoft Office products. Both bulletins are rated Important and address a total of 8 vulnerabilities. We recommend that customers review the Advance Notification webpag. […]
  • Update: MS10-015 security update re-released with new detection logic Hi, I am writing to let you know that we have revised the installation packages for MS10-015 with new logic that prevents the security update from being installed on systems if certain abnormal conditions exist. Such conditions could be the result of an infection with a computer virus such as the Al. […]
  • Security Advisory 981169 Released Hello again, Today we released Security Advisory 981169 to address the VBScript issue involving Windows Help files that we blogged about yesterday. To reiterate what we said in that post, we are not aware of any active attacks at this time and the following operating systems are not affected by this. […]
  • Investigating a new win32hlp and Internet Explorer issue Hi everyone, On Friday 2/26/2010, an issue was posted publicly that could allow an attacker to host a maliciously crafted web page and run arbitrary code if they could convince a user to visit the web page and then get them to press the F1 key in response to a pop up dialog box. We are not aware of. […]
  • Update – Restart Issues After Installing MS10-015 and the Alureon Rootkit Hi, We wanted to provide you with an update on our ongoing investigation into the “blue screen” issues affecting a limited number of customers who installed MS10-015.  We have been working around the clock with our customers, partners and several teams at Microsoft to determine the cause of the. […]
  • Update – Restart Issues After Installing MS10-015 In our continuing investigation in to the restart issues related to MS10-015 that a limited number of customers are experiencing, we have determined that malware on the system can cause the behavior. We are not yet ruling out other potential causes at this time and are still investigating. Please re. […]
  • February 2010 Security Bulletin Webcast Hi everyone, As we do every month following our public webcast, we have posted the questions and answers (which you can find here) and the recorded webcast below. This month there were no particular themes that emerged in the questions. They ranged from wanting clarification of what it means when we. […]
  • Restart issues after installing MS10-015 Hi everyone, I am writing to let you know that we are aware that after installing the February security updates a limited number of users are experiencing issues restarting their computers. Our initial analysis suggests that the issue occurs after installing MS10-015 (KB977165). However, we have not. […]
  • February 2010 Security Bulletin Release MSRC Bulletin Release Blog Post Hi everyone, As mentioned in our ANS blog post last week, today we are releasing 13 bulletins addressing 26 vulnerabilities. 11 bulletins affect Windows and 2 affect older versions of Microsoft Office. In the post on Thursday, we mentioned that bulletins in the ANS li. […]
  • February 2010 Bulletin Release Advance Notification Today we released February bulletin information through our Advance Notification Service (ANS). This month, we will be releasing 13 bulletins – five rated Critical, seven rated Important, and one rated Moderate – addressing 26 vulnerabilities. Eleven of the bulletins affect Windows and the remaining. […]
  • Security Advisory 980088 Released Hi everyone, Today we released Security Advisory 980088 to address a publicly disclosed vulnerability in Internet Explorer that may allow Information Disclosure for customers running on Windows XP or who have disabled Internet Explorer Protected Mode.  At this time we are not aware of any attacks s. […]
  • January 2010 Out-of-Band Security Bulletin Webcast Hello everyone, Yesterday Adrian Stone from the Microsoft Security Response Center (MSRC) and I hosted a live webcast to discuss Security Bulletin MS10-002 and Security Advisory 979682 in more detail with customers. Below is the video of that presentation and you can find the question & answer trans. […]
  • Bulletin MS10-002 Released Hello, Today we released Security Bulletin MS10-002 out-of-band to address vulnerabilities in Internet Explorer. All customers using currently supported versions of Windows and Internet Explorer should apply this update as soon as possible. Once applied, customers are protected against the known att. […]

MS Sec Notification

  • Microsoft Security Bulletin Major Revisions Posted by Microsoft on Mar 09******************************************************************** Title: Microsoft Security Bulletin Major Revisions Issued: March 9, 2010 ******************************************************************** Summary ======= The following bulletins have undergone a maj. […]
  • Microsoft Security Bulletin Summary for March 2010 Posted by Microsoft on Mar 09******************************************************************** Microsoft Security Bulletin Summary for March 2010 Issued: March 9, 2010 ******************************************************************** This bulletin summary lists security bulletins released for. […]
  • Microsoft Security Bulletin Summary for February 2010 Posted by Microsoft on Feb 09******************************************************************** Microsoft Security Bulletin Summary for February 2010 Issued: February 9, 2010 ******************************************************************** This bulletin summary lists security bulletins release. […]
  • Microsoft Security Bulletin Summary for January 2010 Posted by Microsoft on Jan 21******************************************************************** Microsoft Security Bulletin Summary for January 2010 Issued: January 21, 2010 ******************************************************************** This bulletin summary lists the out-of-band security bu. […]
  • Microsoft Security Bulletin Major Revision Posted by Microsoft on Jan 14******************************************************************** Title: Microsoft Security Bulletin Major Revision Issued: January 13, 2010 ******************************************************************** Summary ======= The following bulletin has undergone a maj. […]
  • Microsoft Security Bulletin Summary for January 2010 Posted by Microsoft on Jan 12******************************************************************** Microsoft Security Bulletin Summary for January 2010 Issued: January 12, 2010 ******************************************************************** This bulletin summary lists security bulletins released. […]
  • Microsoft Security Bulletin Re-Release Posted by Microsoft on Jan 12******************************************************************** Title: Microsoft Security Bulletin Re-Release Issued: January 12, 2010 ******************************************************************** Summary ======= The following bulletin has undergone a major r. […]
  • Microsoft Security Bulletin Major Revisions Posted by Microsoft on Dec 08******************************************************************** Title: Microsoft Security Bulletin Major Revisions Issued: December 8, 2009 ******************************************************************** Summary ======= The following bulletins have undergone a. […]
  • Microsoft Security Bulletin Summary for December 2009 Posted by Microsoft on Dec 08******************************************************************** Microsoft Security Bulletin Summary for December 2009 Issued: December 8, 2009 ******************************************************************** This bulletin summary lists security bulletins release. […]
  • Microsoft Security Bulletin Major Revisions Posted by Microsoft on Nov 24******************************************************************** Title: Microsoft Security Bulletin Major Revisions Issued: November 24, 2009 ******************************************************************** Summary ======= The following bulletins have undergone a. […]
  • Microsoft Security Bulletin Major Revisions Posted by Microsoft on Nov 10******************************************************************** Title: Microsoft Security Bulletin Major Revisions Issued: November 10, 2009 ******************************************************************** Summary ======= The following bulletins have undergone a. […]
  • Microsoft Security Bulletin Summary for November 2009 Posted by Microsoft on Nov 10******************************************************************** Microsoft Security Bulletin Summary for November 2009 Issued: November 10, 2009 ******************************************************************** This bulletin summary lists security bulletins releas. […]
  • Microsoft Security Bulletin Advance Notification for November 2009 Posted by Microsoft on Nov 05******************************************************************** Microsoft Security Bulletin Advance Notification for November 2009 Issued: November 5, 2009 ******************************************************************** This is an advance notification of securi. […]
  • Microsoft Security Bulletin Major Revisions Posted by Microsoft on Nov 03******************************************************************** Title: Microsoft Security Bulletin Major Revisions Issued: November 2, 2009 ******************************************************************** Summary ======= The following bulletins have undergone a. […]
  • Microsoft Security Bulletin Major Revisions Posted by Microsoft on Oct 28******************************************************************** Title: Microsoft Security Bulletin Major Revisions Issued: October 28, 2009 ******************************************************************** Summary ======= The following bulletins have undergone a. […]

Mailing Lists

Full Disclosure

  • Re: Ubisoft DDoS Posted by Jan Schejbal on Mar 09Am 09.03.2010 21:11, schrieb James Matthews: If the attack behaved like LOTS of legitimate clients, it might have been hard to lock out the bots while not locking out players. The option that the attack is just made up as an excuse for too few resources to support all. […]
  • CORE-2009-1103: Microsoft Office Excel DbOrParamQry Record Parsing Vulnerability Posted by CORE Security Technologies Advisories on Mar 09 Core Security Technologies – CoreLabs Advisory http://www.coresecurity.com/corelabs/ Microsoft Office Excel DbOrParamQry Record Parsing Vulnerability 1. *Advisory Information* Title: Microsoft Office Excel DbOrParamQry Record Parsing Vulnerab. […]
  • CORE-2009-0813: Windows Movie Maker and Microsoft Producer IsValidWMToolsStream() Heap Overflow Posted by CORE Security Technologies Advisories on Mar 09 Core Security Technologies – CoreLabs Advisory http://www.coresecurity.com/corelabs/ Windows Movie Maker and Microsoft Producer IsValidWMToolsStream() Heap Overflow 1. *Advisory Information* Title: Windows Movie Maker and Microsoft Producer I. […]
  • Re: Ubisoft DDoS Posted by Christian Sciberras on Mar 09Perhaps Cisco xt 5650a? Also, 6500 series are actually switches, not routers. ;-) Cheers.
  • [ MDVSA-2010:058 ] php Posted by security on Mar 09 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2010:058 http://www.mandriva.com/security/ _______________________________________________________________________ Package : php Date : March 9, 2010 Affected:. […]
  • Re: Ubisoft DDoS Posted by James Matthews on Mar 09I don’t see why they didn’t just block the attack. It must be more then this.
  • ZDI-10-026: Hewlett-Packard OVPI helpmanager Servlet Remote Code Execution Vulnerability Posted by ZDI Disclosures on Mar 09ZDI-10-026: Hewlett-Packard OVPI helpmanager Servlet Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-026 March 9, 2010 — CVE ID: CVE-2010-0447 — Affected Vendors: Hewlett-Packard — Affected Products: Hewlett-Packard OpenVie. […]
  • ZDI-10-025: Microsoft Office Excel XLSX File Parsing Remote Code Execution Vulnerability Posted by ZDI Disclosures on Mar 09ZDI-10-025: Microsoft Office Excel XLSX File Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-025 March 9, 2010 — CVE ID: CVE-2010-0263 — Affected Vendors: Microsoft — Affected Products: Microsoft Office Excel — Vul. […]
  • Re: Mozilla Firefox 3.6 plenitude StringCrash(0day) Exploit Posted by Kaddeh on Mar 09I wouldn’t call this a bug in the least bit. I would call it a lack of hardware issue than anything, similar to “minimal requirements” on software, etc. This issue only happens on 32-bit with the configuration that you yourself are running, there is no issue with Firefox it. […]
  • List Charter Posted by John Cartwright on Mar 09[Full-Disclosure] Mailing List Charter John Cartwright – Introduction & Purpose – This document serves as a charter for the [Full-Disclosure] mailing list hosted at lists.grok.org.uk. The list was created on 9th July 2002 by Len Rose, and is. […]
  • Re: Mozilla Firefox 3.6 plenitude StringCrash(0day) Exploit Posted by information security on Mar 09 The testcase crashes in Mozilla because The reason for this is that the are stack exhaustion crashes and are not exploitable. Stack exhaustion occurs when there is no more room on the program stack to push any more data. This is not a stack-based buffer overf. […]
  • Re: Ubisoft DDoS Posted by Dobbins, Roland on Mar 09A good way to get started w/scalable DDoS mitigation is to implement S/RTBH on one’s hardware-based edge routers, and then make use of open-source NetFlow tools for visibility. There are commercial solutions as well – in the interests of full disclosure (pardon the. […]
  • Re: Ubisoft DDoS Posted by Valdis . Kletnieks on Mar 09On Tue, 09 Mar 2010 15:24:44 GMT, Michal said: Oh, I didn’t say they didn’t exist. There’s some *really* nice gear for DDoS mitigation available, if your budget is in the high 6 digits to 7 digits range per year. Your average 6509 router is going to need some ex. […]
  • SQL injection vulnerability in wILD CMS Posted by Maciej Gojny on Mar 09============ { Ariko-Security – Advisory #4/3/2010 } ============= SQL injection vulnerability in wILD CMS Vendor’s Description of Software: # http://www.wildcms.com/ Vulnerable DEMO # http://www.wildcms.com/page.php?page_id=139 Dork: # N/A Application Info: # Name: w. […]
  • Re: Ubisoft DDoS Posted by Michal on Mar 09I’ve worked at huge online better company and they had network devices that worked to stop DDoS as we got hit quite a bit. I have to say they managed quite well, often we would only notice because we regularly checked the graphs over 24 hours periods. Other times the attack. […]

Top WordPress blogs Top Wordpress Blogs online!