341 matches found
Squashing Ants: The Dynamics of XSS Remediation
Is anyone else getting tired of hearing excuses from customers — and worse yet, the security community itself — about how hard it is to fix cross-site scripting XSS vulnerabilities? Oh, come on. Fixing XSS is like squashing ants, but some would have you believe it’s more like slaying dragons. I...
Google Seeks Patent on WiFi Snooping Tech
Google’s secret Wi-Fi snooping used in the StreetView-mapping legal cases was powered by new sniffing technology that the company wants to patent, court documents filed allege. Read the full article. Computerworld...
CVE-2010-1095
CVE-2010-1095 is an XSS vulnerability in TRUC before or at version 0.11.0, affecting login_reset_password_page.php. The vulnerability allows remote attackers to inject arbitrary script or HTML via the error parameter. This information is sourced from multiple feeds (NVD/Red Hat/OpenVAS entries an...
Chris Hoff on Cloud Security, Disruptive Technologies and PCI DSS
Dennis Fisher talks with Chris Hoff of Cisco about the challenges of cloud deployment and security, cloud use cases and the effect that disruptive technologies can have on enterprises, vendors and standards organizations. Download Subscribe to the Digital Underground podcast on Podcast audio...
BPLawyerCaseDocuments SQL Injection
Exploit for unknown platform in category web applications =================================== BPLawyerCaseDocuments SQL Injection ====================================...
BPLawyerCaseDocuments - SQL Injection
x========================================================================================================================================x | AntiSecuritydotorg |...
BPLawyerCaseDocument 1.0 SQL Injection
x========================================================================================================================================x | AntiSecuritydotorg |...
DEBIAN-CVE-2008-6235
The Netrw plugin netrw.vim in Vim 7.0 and 7.1 allows user-assisted attackers to execute arbitrary commands via shell metacharacters in a filename used by the 1 "D" delete command or 2 b:netrwcurdir variable, as demonstrated using the netrw.v4 and netrw.v5 test cases...
CVE-2008-1096
The loadtile function in the XCF coder in coders/xcf.c in 1 ImageMagick 6.2.8-0 and 2 GraphicsMagick aka gm 1.1.7 allows user-assisted remote attackers to cause a denial of service crash or possibly execute arbitrary code via a crafted .xcf file that triggers an out-of-bounds heap write, possibly...
Low: gdb security and bug fix update
6.3.0.0-1.143 - Fix unhandled race cases of exec from threaded program BZ 202689. - Add testcase for exec from threaded program BZ 202689. 6.3.0.0-1.142 - Fixed zombie threads regression from the stale threads crash fix BZ 195429. 6.3.0.0-1.141 - Fix bogus 0x0 unwind of the thread's topmost...
PT-2007-1470 · Smarty · Smarty
Name of the Vulnerable Software and Affected Versions: Smarty version 2.6.1 Description: A remote file inclusion issue in the unit test/test cases.php file of Smarty allows remote attackers to execute arbitrary PHP code via a URL in the SMARTY DIR parameter. Recommendations: For Smarty version...
PYSEC-2007-3
Trac before 0.10.3.1 does not send a Content-Disposition HTTP header specifying an attachment in certain "unsafe" situations, which has unknown impact and remote attack vectors...
Smarty-2.6.1.txt
!!!!!!!!!WWW.SiBERSAVASCiLAR.COM!!!!!!!!! -------------------------------------------------------------------------------- Title : Smarty-2.6.1 Remote File Include Vulnerabilities -------------------------------------------------------------------------------- Author: CrackersChild cont@ct:...
CVE-2006-2782
Firefox 1.5.0.2 does not fix all test cases associated with CVE-2006-1729, which allows remote attackers to read arbitrary files by inserting the target filename into a text box, then turning that box into a file upload control...
CVE-2005-0136
The Linux kernel before 2.6.11 on the Itanium IA64 platform has certain "ptrace corner cases" that allow local users to cause a denial of service crash via crafted syscalls, possibly related to MCA/INIT, a different vulnerability than CVE-2005-1761...
On the s6 su Admin Password Sniffer-vulnerability warning-the black bar safety net
A long time ago ago, FlashSky in the security focus of the above is a review Paper On Introduction to the use of the port dynamic re-binding technology Sniffer. The principle is very simple, I will not repeat it, interested can turn out to look. I this little tool is in Him is given the code base...
security flaw
The Linux kernel before 2.6.11 on the Itanium IA64 platform has certain "ptrace corner cases" that allow local users to cause a denial of service crash via crafted syscalls, possibly related to MCA/INIT, a different vulnerability than CVE-2005-1761...
CVE-2001-1395
CVE-2001-1395 is a vulnerability described as unknown in sockfilter for Linux kernel before 2.2.19. Connected sources corroborate an off-by-one issue in the CPIA driver that could allow a local kernel-memory write and potentially expose or compromise kernel integrity; remediation in practice is t...
CVE-2001-1395
Unknown vulnerability in sockfilter for Linux kernel before 2.2.19 related to "boundary cases," with unknown impact...
ROTOS Remote SNMP Attack Tool
Internet Security Systems Security Alert February 12, 2002 PROTOS Remote SNMP Attack Tool Synopsis: ISS X-Force has learned of a powerful SNMP Simple Network Management Protocol attack tool that may be circulating in the computer underground. The PROTOS SNMP stress-testing tool sends thousands of...