The finest blend of the latest IT security news headlines, updated every 4 hours.

IT Security News
Regular Security News
Social Media
Tools
Exploits
Vulnerabilities
Security Videos & Podcasts
Other Stuff
Security Blogs
Microsoft Security Advisories
Mailing Lists
Bookmark + Share

Colour scheme


IT Security News

Astalavista removed

Regular Security News

Social Media

Reddit Digg is dead Digg is dead
Got any bright ideas about what to put here? I’m sure you can think of something with an rss feed

Tools

Security Tool Files ≈ Packet Storm

  • Obeseus Distributed Denial Of Service Detector 7.1a Obeseus is a light-weight, high-speed ip DDOS detector that has been designed to run on an Intel probe running an advanced 10 Gb/s FPGA card. It detects TCP floods, Fragment Floods, raw ICMP/TCP/UDP, reflected (DNS / SMURF) and BOGON misuse. It also detects application misuse in HTTP and UDP.
  • 360-FAAR Firewall Analysis Audit And Repair 0.4.4 360-FAAR Firewall Analysis Audit and Repair is an offline command line perl policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands for new policies, in checkpoint dbedit or screenos commands.
  • CodeCrypt 1.1 codecrypt is a GnuPG-like program for encryption and signing that uses only quantum-computer-resistant algorithms.
  • Sanewall 1.0.2 Sanewall is a firewall builder for Linux which uses an elegant language abstracted to just the right level. This makes it powerful and easy to use, audit, and understand. It allows you to create very readable configurations even for complex stateful firewalls. Sanewall can be used for almost any pur. […]
  • ipset 6.19 ipset allows administration of sets of IP addresses/networks, ports, MAC addresses, and interfaces, which are stored in hash or bitmap data structures. These can then be used in conjunction with iptables to do fast presence lookups.
  • Packet Fence 4.0.0 PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration. […]
  • Bing LFI / RFI Scanner This is a python script for searching Bing for sites that may have local and remote file inclusion vulnerabilities.
  • Sanewall 1.1.1 Sanewall is a firewall builder for Linux which uses an elegant language abstracted to just the right level. This makes it powerful and easy to use, audit, and understand. It allows you to create very readable configurations even for complex stateful firewalls. Sanewall can be used for almost any pur. […]
  • NTDS Hash Decoder 01.b This application dumps LM and NTLM hashes from active accounts stored in an Active Directory database.
  • CodeCrypt 1.0 codecrypt is a GnuPG-like program for encryption and signing that uses only quantum-computer-resistant algorithms.
  • Sanewall 1.1.0 Sanewall is a firewall builder for Linux which uses an elegant language abstracted to just the right level. This makes it powerful and easy to use, audit, and understand. It allows you to create very readable configurations even for complex stateful firewalls. Sanewall can be used for almost any pur. […]
  • Multithreaded SQL Injector This is a SQL injection tool similar to havij but is super fast per the author.
  • ClamWin 0.97.8 ClamWin is a free antivirus solution for Windows that uses the well-respected ClamAV scanning engine. It includes a virus scanner, scheduler, virus database updates, context menu integration to MS Windows Explorer and Add-in to MS Outlook. Also features easy setup program.
  • WAF-FLE ModSecurity Console 0.6.0 WAF-FLE is a console for ModSecurity. It allows modsec administrators to view and search events logged by mlogc or mlog2waffle. The dashboard shows a graphical view of events, and when combined with the powerful drill-down filter allows quick searching for relevant events. Events can be viewed in de. […]
  • Internet Explorer 7/8/9 Password Dumper 1.0 This tool demonstrates how to decode Internet Explorer 7, 8 and 9 passwords. Win32 binary and source code included.
  • Sanewall 1.0.0 Sanewall is a firewall builder for Linux which uses an elegant language abstracted to just the right level. This makes it powerful and easy to use, audit, and understand. It allows you to create very readable configurations even for complex stateful firewalls. Sanewall can be used for almost any pur. […]

CNET Download.com Security Software New Releases

empty What security software source do you want to see here?

Exploits

Exploit Files ≈ Packet Storm

Exploit-DB updates

Securityvulns exploits channel

Vulnerabilities

Security Videos & Podcasts

Other Stuff

Announcement

Announcements go here.

PenTest Magazine

Files ≈ Packet Storm

  • CAREL pCOWeb 1.5.0 Default Credential Shell Access The CAREL pCOWeb firmware version 1.5.0 and lower has two passwordless default accounts that allow direct shell access via telnet. These accounts are not exposed in the associated Web UI. CAREL pCOWeb is an embedded device used primarily for HVAC systems.
  • Microsoft Internet Explorer 10-9 Object Confusion Sandbox Bypass VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Internet Explorer. The vulnerability is caused by an object confusion error in the IE broker process when processing unexpected variant objects, which could allow an attacker to execute arbitrary code within the conte. […]
  • Microsoft Internet Explorer 10-9-8-7-6 VML Remote Integer Overflow VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Internet Explorer. The vulnerability is caused by an integer overflow error in the “vml.dll” component when processing certain undocumented vector graphic properties, which could be exploited by remote attackers to le. […]
  • Nginx HTTP Server 1.3.9-1.4.0 Chuncked Encoding Stack Buffer Overflow This Metasploit module exploits a stack buffer overflow in versions 1.3.9 to 1.4.0 of nginx. The exploit first triggers an integer overflow in the ngx_http_parse_chunked() by supplying an overly long hex value as chunked block size. This value is later used when determining the number of bytes to re. […]
  • AdobeCollabSync Buffer Overflow Adobe Reader X Sandbox Bypass This Metasploit module exploits a vulnerability on Adobe Reader X Sandbox. The vulnerability is due to a sandbox rule allowing a Low Integrity AcroRd32.exe process to write register values which can be used to trigger a buffer overflow on the AdobeCollabSync component, allowing to achieve Medium Int. […]
  • Weyal CMS SQL Injection Weyal CMS suffers from a remote SQL injection vulnerability. Note that this finding has site-specific information.
  • Fuzzing: An Introduction To Sully Framework This paper is an introduction to the world of fuzzing by exploring the Sulley Fuzzing Framework.
  • Debian Security Advisory 2672-1 Debian Linux Security Advisory 2672-1 – Adam Nowacki discovered that the new FreeBSD NFS implementation processes a crafted READDIR request which instructs to operate a file system on a file node as if it were a directory node, leading to a kernel crash or potentially arbitrary code execution.
  • Debian Security Advisory 2671-1 Debian Linux Security Advisory 2671-1 – Multiple vulnerabilities have been discovered in Request Tracker, an extensible trouble-ticket tracking system.
  • Red Hat Security Advisory 2013-0856-01 Red Hat Security Advisory 2013-0856-01 – Red Hat Certificate System is an enterprise software system designed to manage enterprise Public Key Infrastructure deployments. The Token Processing System is a PKI subsystem that acts as a Registration Authority for authenticating and processing enrollment. […]
  • Red Hat Security Advisory 2013-0855-01 Red Hat Security Advisory 2013-0855-01 – IBM J2SE version 5.0 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.
  • Spider Event Calendar 1.3.0 Cross Site Scripting / Path Disclosure / SQL Injection Spider Event Calendar version 1.3.0 is a WordPress plugin that suffers from multiple cross site scripting, path disclosure, and remote SQL injection vulnerabilities.
  • Spider Catalog 1.4.6 Cross Site Scripting / Path Disclosure / SQL Injection Spider Catalog version 1.4.6 is a WordPress plugin that suffers from multiple cross site scripting, path disclosure, and remote SQL injection vulnerabilities.
  • Obeseus Distributed Denial Of Service Detector 7.1a Obeseus is a light-weight, high-speed ip DDOS detector that has been designed to run on an Intel probe running an advanced 10 Gb/s FPGA card. It detects TCP floods, Fragment Floods, raw ICMP/TCP/UDP, reflected (DNS / SMURF) and BOGON misuse. It also detects application misuse in HTTP and UDP.
  • WordPress Flagallery-Skins SQL Injection WordPress Flagallery-skins plugin suffers from an SQL Injection vulnerability. Note that this advisory has site-specific information.
  • Infotecs ViPNet Products Privilege Escalation A common local privilege escalation vulnerability has been discovered in multiple Infotecs ViPNet products. The affected versions include ViPNet Client version 3.2.10 (15632), ViPNet Coordinator version 3.2.10 (15632), ViPNet SafeDisk version 4.1 (0.5643), and ViPNet Personal Firewall version 3.1. P. […]

Files ≈ Packet Storm

  • CAREL pCOWeb 1.5.0 Default Credential Shell Access The CAREL pCOWeb firmware version 1.5.0 and lower has two passwordless default accounts that allow direct shell access via telnet. These accounts are not exposed in the associated Web UI. CAREL pCOWeb is an embedded device used primarily for HVAC systems.
  • Microsoft Internet Explorer 10-9 Object Confusion Sandbox Bypass VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Internet Explorer. The vulnerability is caused by an object confusion error in the IE broker process when processing unexpected variant objects, which could allow an attacker to execute arbitrary code within the conte. […]
  • Microsoft Internet Explorer 10-9-8-7-6 VML Remote Integer Overflow VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Internet Explorer. The vulnerability is caused by an integer overflow error in the “vml.dll” component when processing certain undocumented vector graphic properties, which could be exploited by remote attackers to le. […]
  • Nginx HTTP Server 1.3.9-1.4.0 Chuncked Encoding Stack Buffer Overflow This Metasploit module exploits a stack buffer overflow in versions 1.3.9 to 1.4.0 of nginx. The exploit first triggers an integer overflow in the ngx_http_parse_chunked() by supplying an overly long hex value as chunked block size. This value is later used when determining the number of bytes to re. […]
  • AdobeCollabSync Buffer Overflow Adobe Reader X Sandbox Bypass This Metasploit module exploits a vulnerability on Adobe Reader X Sandbox. The vulnerability is due to a sandbox rule allowing a Low Integrity AcroRd32.exe process to write register values which can be used to trigger a buffer overflow on the AdobeCollabSync component, allowing to achieve Medium Int. […]
  • Weyal CMS SQL Injection Weyal CMS suffers from a remote SQL injection vulnerability. Note that this finding has site-specific information.
  • Fuzzing: An Introduction To Sully Framework This paper is an introduction to the world of fuzzing by exploring the Sulley Fuzzing Framework.
  • Debian Security Advisory 2672-1 Debian Linux Security Advisory 2672-1 – Adam Nowacki discovered that the new FreeBSD NFS implementation processes a crafted READDIR request which instructs to operate a file system on a file node as if it were a directory node, leading to a kernel crash or potentially arbitrary code execution.
  • Debian Security Advisory 2671-1 Debian Linux Security Advisory 2671-1 – Multiple vulnerabilities have been discovered in Request Tracker, an extensible trouble-ticket tracking system.
  • Red Hat Security Advisory 2013-0856-01 Red Hat Security Advisory 2013-0856-01 – Red Hat Certificate System is an enterprise software system designed to manage enterprise Public Key Infrastructure deployments. The Token Processing System is a PKI subsystem that acts as a Registration Authority for authenticating and processing enrollment. […]
  • Red Hat Security Advisory 2013-0855-01 Red Hat Security Advisory 2013-0855-01 – IBM J2SE version 5.0 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.
  • Spider Event Calendar 1.3.0 Cross Site Scripting / Path Disclosure / SQL Injection Spider Event Calendar version 1.3.0 is a WordPress plugin that suffers from multiple cross site scripting, path disclosure, and remote SQL injection vulnerabilities.
  • Spider Catalog 1.4.6 Cross Site Scripting / Path Disclosure / SQL Injection Spider Catalog version 1.4.6 is a WordPress plugin that suffers from multiple cross site scripting, path disclosure, and remote SQL injection vulnerabilities.
  • Obeseus Distributed Denial Of Service Detector 7.1a Obeseus is a light-weight, high-speed ip DDOS detector that has been designed to run on an Intel probe running an advanced 10 Gb/s FPGA card. It detects TCP floods, Fragment Floods, raw ICMP/TCP/UDP, reflected (DNS / SMURF) and BOGON misuse. It also detects application misuse in HTTP and UDP.
  • WordPress Flagallery-Skins SQL Injection WordPress Flagallery-skins plugin suffers from an SQL Injection vulnerability. Note that this advisory has site-specific information.
  • Infotecs ViPNet Products Privilege Escalation A common local privilege escalation vulnerability has been discovered in multiple Infotecs ViPNet products. The affected versions include ViPNet Client version 3.2.10 (15632), ViPNet Coordinator version 3.2.10 (15632), ViPNet SafeDisk version 4.1 (0.5643), and ViPNet Personal Firewall version 3.1. P. […]

Security Blogs

Microsoft Security Advisories

MSRC

  • May 2013 Security Bulletin Webcast, Q&A, and Slide Deck For those who couldn’t attend the live webcast, today we’re publishing the May 2013 Security Bulletin Webcast Questions & Answers page.  We fielded 13 questions on various topics during the webcast, with specific bulletin questions focusing primarily on Internet Explorer (MS13-037 and MS13-038). […]
  • Microsoft Customer Protections for May 2013 Today, we are releasing 10 bulletins, addressing 33 vulnerabilities in Microsoft products. Before we get into the details, we wanted to first let our enterprise customers know about a change in how we’re communicating technical details within our security advisories. Starting today, customers will. […]
  • Advance Notification Service for the May 2013 Security Bulletin Release Today we’re providing Advance Notification of 10 bulletins for release on Tuesday, May 14, 2013. This release brings two Critical and eight Important-class bulletins, which address 33 unique vulnerabilities. The Critical-rated bulletins address issues in Microsoft Windows and Internet Explorer. Of. […]
  • Fix it for Security Advisory 2847140 is available We have updated Security Advisory 2847140 to include an easy, one-click Fix it to address the known attack vectors. The Fix it is available to all customers and helps prevent known attacks that leverage the vulnerability to execute code and should not affect your ability to browse the Web. Additiona. […]
  • Microsoft Releases Security Advisory 2847140 Today, we released Security Advisory 2847140 regarding an issue that impacts Internet Explorer 8. Internet Explorer 6, 7, 9 and 10 are not affected by the vulnerability. This issue allows remote code execution if users browse to a malicious website with an affected browser. This would typically occu. […]
  • New update available for MS13-036  Portuguese (Brazil), Русский Today we released a new update to replace KB2823324, which was originally made available through MS13-036. As we previously discussed, we stopped distributing this update when we learned some customers were having issues. The new update, KB2840149, still addres. […]
  • April 2013 Security Bulletin Webcast, Q&A, and Slide Deck Today we’re publishing the April 2013 Security Bulletin Webcast Questions & Answers page.  We fielded nine questions during the webcast, with almost half of those focused on the Remote Desktop Client bulletin (MS13-024).  One question that was not answered on air has been included on the Q&A pag. […]
  • KB2839011 Released to Address Security Bulletin Update Issue Portuguese (Brazil), Русский  We are aware that some of our customers may be experiencing difficulties after applying security update 2823324, which we provided in security bulletin MS13-036 on Tuesday, April 9. We’ve determined that the update, when paired with certain third-party softwar. […]
  • Out with the old, in with the April 2013 security updates Windows XP was originally released on August 24, 2001. Since that time, high-speed Internet connections and wireless networking have gone from being a rarity to the norm, and Internet usage has grown from 360 million to almost two-and-a-half billion users. Thanks to programs like Skype, we now make. […]
  • Advance Notification Service for the April 2013 Security Bulletin Release In celebration of spring’s onset, today we’re providing advance notification for the April 2013 release of nine bulletins; two Critical and seven Important. The Critical bulletins address vulnerabilities in Microsoft Windows and Internet Explorer, and the seven Important-rated bulletins will add. […]

Microsoft Sec Notification

  • Microsoft Security Bulletin Minor Revisions Posted by Microsoft on May 22******************************************************************** Title: Microsoft Security Bulletin Minor Revisions Issued: May 22, 2013 ******************************************************************** Summary ======= The following bulletins have undergone minor. […]
  • Microsoft Security Bulletin Minor Revisions Posted by Microsoft on May 16******************************************************************** Title: Microsoft Security Bulletin Minor Revisions Issued: May 15, 2013 ******************************************************************** Summary ======= The following bulletins have undergone minor. […]
  • Microsoft Security Advisory Notification Posted by Microsoft on May 14******************************************************************** Title: Microsoft Security Advisory Notification Issued: May 14, 2013 ******************************************************************** Security Advisories Updated or Released Today ==================. […]
  • Microsoft Security Bulletin Minor Revisions Posted by Microsoft on May 14******************************************************************** Title: Microsoft Security Bulletin Minor Revisions Issued: May 14, 2013 ******************************************************************** Summary ======= The following bulletins have undergone minor. […]
  • Microsoft Security Bulletin Summary for May 2013 Posted by Microsoft on May 14******************************************************************** Microsoft Security Bulletin Summary for May 2013 Issued: May 14, 2013 ******************************************************************** This bulletin summary lists security bulletins released for May. […]
  • Microsoft Security Bulletin Advance Notification for May 2013 Posted by Microsoft on May 09******************************************************************** Microsoft Security Bulletin Advance Notification for May 2013 Issued: May 9, 2013 ******************************************************************** This is an advance notification of security bulleti. […]
  • Microsoft Security Advisory Notification Posted by Microsoft on May 08******************************************************************** Title: Microsoft Security Advisory Notification Issued: May 8, 2013 ******************************************************************** Security Advisories Updated or Released Today ===================. […]
  • Microsoft Security Advisory Notification Posted by Microsoft on May 04******************************************************************** Title: Microsoft Security Advisory Notification Issued: May 3, 2013 ******************************************************************** Security Advisories Updated or Released Today ===================. […]
  • Microsoft Security Bulletin Minor Revisions Posted by Microsoft on Apr 26******************************************************************** Title: Microsoft Security Bulletin Minor Revisions Issued: April 26, 2013 ******************************************************************** Summary ======= The following bulletins have undergone mino. […]
  • Microsoft Security Bulletin Minor Revisions Posted by Microsoft on Apr 24******************************************************************** Title: Microsoft Security Bulletin Minor Revisions Issued: April 24, 2013 ******************************************************************** Summary ======= The following bulletins have undergone mino. […]
  • Microsoft Security Bulletin Re-Releases Posted by Microsoft on Apr 23******************************************************************** Title: Microsoft Security Bulletin Re-Releases Issued: April 23, 2013 ******************************************************************** Summary ======= The following bulletins have undergone a major. […]
  • Microsoft Security Bulletin Minor Revisions Posted by Microsoft on Apr 18******************************************************************** Title: Microsoft Security Bulletin Minor Revisions Issued: April 17, 2013 ******************************************************************** Summary ======= The following bulletins have undergone mino. […]
  • Microsoft Security Bulletin Minor Revisions Posted by Microsoft on Apr 16******************************************************************** Title: Microsoft Security Bulletin Minor Revisions Issued: April 16, 2013 ******************************************************************** Summary ======= The following bulletins have undergone mino. […]
  • Microsoft Security Bulletin Summary for April 2013 Posted by Microsoft on Apr 09******************************************************************** Microsoft Security Bulletin Summary for April 2013 Issued: April 9, 2013 ******************************************************************** This bulletin summary lists security bulletins released for. […]
  • Microsoft Security Bulletin Advance Notification for April 2013 Posted by Microsoft on Apr 04******************************************************************** Microsoft Security Bulletin Advance Notification for April 2013 Issued: April 4, 2013 ******************************************************************** This is an advance notification of security bul. […]
IT Security News
Regular Security News
Social Media
Tools
Exploits
Vulnerabilities
Security Videos & Podcasts
Other Stuff
Security Blogs
Microsoft Security Advisories
Mailing Lists
Colour scheme