14 matches found
Microsoft Threatening Security Researcher
An anonymous security researcher called "Nightmare Eclipse" has been publishing a series of significant security exploits against Microsoft Windows--including one that breaks BitLocker. Microsoft has threatened legal action against the researcher. Lots of recriminations are being traded back and...
About the security content of Safari18.1
About the security content of Safari18.1 This document describes the security content of Safari 18.1. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available...
About the security content of Safari 15.5
About the security content of Safari 15.5 This document describes the security content of Safari 15.5. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available...
Update now! Apple patches another actively used zero-day
Apple has released patches for iOS 15.3, iPadOS 15.3, and macOS Monterey 12.2 and is urging users to update. The most significant reasons are two actively exploited zero-day vulnerabilities, one of which has a publicly disclosed Proof-of-Concept PoC. Using this vulnerability, designated...
About the security content of iOS 12.5.4
About the security content of iOS 12.5.4 This document describes the security content of iOS 12.5.4. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available...
About the security content of Xcode 11.4
About the security content of Xcode 11.4 This document describes the security content of Xcode 11.4. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available...
Microsoft Windows - Shell COM Server Registrar Local Privilege Escalation
// Axel '0vercl0k' Souchet - December 28 2019 // References: // - Found by an anonymous researcher, written up by Simon '@HexKitchen' Zuckerbraun // - https://www.zerodayinitiative.com/blog/2019/12/19/privilege-escalation-via-the-core-shell-com-registrar-object // -...
Overflow issues in libstagefright — Mozilla
An anonymous researcher reported, via TippingPoint's Zero Day Initiative, two integer overflows in the libstagefright library that could be triggered by a malicious 'saio' chunk in an MPEG4 video. These overflows allowed for potential arbitrary code execution. This issue was independently reporte...
Microsoft Pillar - Client Side SWF Cross Site Vulnerability
Document Title: =============== Microsoft Pillar - Client Side SWF Cross Site Vulnerability References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1328 https://www.youtube.com/watch?v=jVMHhCxM2pY Release Date: ============= 2014-09-29 Vulnerability Laboratory ID VL-ID:...
Juniper Website - Cross Site Scripting Vulnerabilities
Document Title: =============== Juniper Website - Cross Site Scripting Vulnerabilities Release Date: ============= 2011-08-13 Vulnerability Laboratory ID VL-ID: ==================================== 248 Product & Service Introduction: =============================== Networking and security solutio...
Unfixed XSS vulnerability at www.mouthshut.com
Security researcher Anonymous, has submitted on 27/08/2007 a cross-site-scripting XSS vulnerability affecting www.mouthshut.com, which at the time of submission ranked 12675 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 30/08/2007. It is...
Sun JDK/JRE: Execution of arbitrary code
Background The Sun Java Development Kit JDK and the Sun Java Runtime Environment JRE provide the Sun Java platform. Description A anonymous researcher discovered that an error in the handling of a GIF image with a zero width field block leads to a memory corruption flaw. Impact An attacker could...
[Full-disclosure] ZDI-06-054: Novell NetMail IMAP APPEND Buffer Overflow Vulnerability
ZDI-06-054: Novell NetMail IMAP APPEND Buffer Overflow Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-06-054.html December 22, 2006 -- CVE ID: CVE-2006-6425 -- Affected Vendor: Novell -- Affected Products: Novell NetMail 3.5.2 -- TippingPointTM IPS Customer Protection: TippingPoint...
ZDI-06-036: Novell Netmail User Authentication Buffer Overflow Vulnerability
ZDI-06-036: Novell Netmail User Authentication Buffer Overflow Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-06-036.html October 31, 2006 -- CVE ID: CVE-2006-5478 -- Affected Vendor: Novell -- Affected Products: Netmail 3.5.2 Novell eDirectory 8.8.1 -- TippingPointTM IPS Customer...