Lucene search
K

128 matches found

Exploit DB
Exploit DB
added 2015/06/22 12:0 a.m.129 views

CUPS < 2.0.3 - Multiple Vulnerabilities

Source: http://googleprojectzero.blogspot.se/2015/06/owning-internet-printing-case-study-in.html Abstract Modern exploit mitigations draw attackers into a game of diminishing marginal returns. With each additional mitigation added, a subset of software bugs become unexploitable, and others become...

10CVSS6.4AI score0.29913EPSS
Exploits9
ThreatPost
ThreatPost
added 2015/01/28 10:6 a.m.13 views

Apple Patches Thunderstrike Bug in OSX, Fixes More Than 30 Flaws in iOS

Apple has released major security updates for both OS X and iOS that includes patches for a number of bugs that could lead to arbitrary code execution. The release of iOS 8.1.3 fixes a vulnerability that allowed an attacker to bypass the sandbox restrictions in Safari and the OS X update fixes a...

0.4AI score
Exploits0References4
ThreatPost
ThreatPost
added 2014/09/24 3:31 p.m.16 views

As Bug Bounties Become the Norm, Challenges Remain

SEATTLE–For many years, Microsoft and other large software vendors resisted the idea of providing bug bounties or other financial incentives for researchers to report vulnerabilities. That changed when the landscape began to shift and more researchers began reporting vulnerabilities through broke...

7.2AI score
Exploits0References2
ThreatPost
ThreatPost
added 2014/09/23 3:52 p.m.131 views

Microsoft Online Services Bug Bounty Program Launches

Microsoft had always rejected the possibility of a full-scale bug bounty, relying instead on solid relationships it spent the better part of a decade fostering with researchers worldwide who submit vulnerabilities to the Microsoft Security Research Center MSRC. Yet in the past couple of years, th...

9.3CVSS9.4AI score0.99945EPSS
Exploits33References6
Binamuse
Binamuse
added 2014/09/18 6:31 p.m.686 views

CoreGraphics Information Disclosure - CVE-2014-4378

This article explores the exploitability of MobileSafari on IOS 7.1.x. Using a crafted PDF file as an HTML image makes it possible to leak information about the memory layout to the browser Javascript interpreter. Apple CoreGraphics library fails to validate input when parsing the colorspace...

5.8CVSS7.9AI score0.04983EPSS
Exploits0
ThreatPost
ThreatPost
added 2014/09/09 2:40 p.m.74 views

September 2014 Microsoft Patch Tuesday security bulletins

The Operation SnowMan espionage campaign, which targeted military intelligence earlier this year via an Internet Explorer zero day, exposed a weak spot in Microsoft’s vulnerability management efforts. What was unique about the SnowMan operation is that it included a check as to whether the...

9.3CVSS0.2AI score0.99945EPSS
Exploits33References10
ThreatPost
ThreatPost
added 2014/07/31 2:41 p.m.119 views

Microsoft Releases EMET 5.0 Exploit Mitigation Tool

The latest version of Microsoft’s freely available stopgap against zero-day exploits was released today with two new exploit mitigations and a batch of new configuration options. The update to Microsoft’s Enhanced Mitigation Experience Tool kit, or EMET, comes six months after a technical preview...

9.3CVSS8.9AI score0.99945EPSS
Exploits33References2
ThreatPost
ThreatPost
added 2014/05/22 1:57 p.m.31 views

Microsoft Working on Patch for IE 8 Zero Day

UPDATE–Microsoft officials say they’re well aware of the Internet Explorer 8 zero day disclosed Wednesday by the Zero Day Initiative and have been working on a fix for it. However, there’s no stated timeline for releasing that patch. The vulnerability in IE 8 is a use-after-free bug in the way th...

10CVSS0.3AI score0.99945EPSS
Exploits34References4
ThreatPost
ThreatPost
added 2014/05/21 2:4 p.m.26 views

Another Internet Explorer Zero Day Surfaces

Researchers have disclosed a new zero day vulnerability in Internet Explorer 8 that could enable an attacker to run arbitrary code on vulnerable machines via drive-by downloads or malicious attachments in email messages. The vulnerability was discovered and disclosed to Microsoft in October, but...

10CVSS1.3AI score0.88013EPSS
Exploits1References2
0day.today
0day.today
added 2014/04/09 12:0 a.m.81 views

BlackBerry Z 10 Buffer Overflow Vulnerability

BlackBerry Z 10 suffers from a remotely exploitable buffer overflow in qconnDoor. BlackBerry Z 10 Buffer Overflow Vulnerability 1. Timeline --------------------------------------------------------------------- 2013-06-23: Vendor has been contacted. 2013-06-24: Vendor response. 2013-06-27: Vendor...

9.3CVSS6.9AI score0.05721EPSS
Exploits4
ThreatPost
ThreatPost
added 2014/02/18 3:36 p.m.9 views

Microsoft Mitigation Bypass Bug Bounty Winner Yang Yu

Yang Yu is no stranger to writing mitigation bypasses for Microsoft Windows products. A year ago at the CanSecWest conference in Vancouver, the 35-year-old security researcher from Beijing did an extensive presentation on bypassing Address Space Layout Randomization ASLR and Data Execution...

0.4AI score
Exploits0References6
ThreatPost
ThreatPost
added 2014/02/10 10:46 a.m.13 views

Bugging the Bug Market

PUNTA CANA–The Microsoft bug bounty program, started last year as a way to encourage researchers to develop new offensive and defensive techniques, has been a success so far and the company is looking for new ways to expand it in the future. Katie Moussouris, the security strategist at Microsoft...

Exploits0References1
ThreatPost
ThreatPost
added 2013/11/04 1:0 p.m.8 views

Microsoft Changes Bug Bounty Program to Include Incident Responders, Forensics Specialists

Having found some initial success with its first foray into the bug bounty world, Microsoft is expanding the program to open up payments of up to $100,000 to incident response teams and forensics experts who come across active attacks in the wild that include new techniques that bypass exploit...

0.2AI score
Exploits0References3
ThreatPost
ThreatPost
added 2013/10/08 3:3 p.m.9 views

Researcher Takes Home $100k Prize From Microsoft For New Attack

One day after announcing that it had paid researchers $28,000 for reporting a number of vulnerabilities in Internet Explorer 11, Microsoft revealed that it has written a much bigger check–this one for $100,000–to a researcher who has discovered a new attack technique that bypasses all of the...

Exploits0References2
ThreatPost
ThreatPost
added 2013/07/31 3:15 p.m.13 views

Inside the Security Model of BlackBerry 10

LAS VEGAS–The new BlackBerry 10 operating system contains a number of security improvements and upgrades over earlier versions, but there are still some features and functions that an attacker may be able to exploit. The OS also contains a diagnostic tool called QUIP that has the ability to colle...

0.3AI score
Exploits0References1
The Hacker News
The Hacker News
added 2012/11/01 6:38 p.m.8 views

Bug Hunters have Windows 8 Zeroday Exploit

French security researcher firm and famous bug hunters at Vupen announced that it had already developed an exploit that could take over a Window 8 machine running Internet Explorer 10, in spite of the many significant security upgrades Microsoft built into the latest version of its operating...

6.8AI score
Exploits0
The Hacker News
The Hacker News
added 2012/07/17 10:49 a.m.13 views

Android Security shielded with full ASLR implementation

The latest release of Google's Android mobile operating system has finally been properly fortified with an industry-standard defense. It's designed to protect end users against hack attacks that install malware on handsets. Android 4.1 Jelly Bean includes several new exploit mitigations and a mor...

6.9AI score
Exploits0
ThreatPost
ThreatPost
added 2012/03/15 8:33 p.m.107 views

Ryan Naraine on Exploit Mitigations and the MS12-020 RDP Bug

Dennis Fisher talks with Ryan Naraine about whether exploit mitigations such as ASLR and DEP really make any difference in preventing browser attacks and the seriousness of the MS12-020 RDP vulnerability that was patched during March’s Patch Tuesday release. Podcast audio courtesy of sykboy65...

9.3CVSS0.4AI score0.99945EPSS
Exploits33References3
ThreatPost
ThreatPost
added 2012/03/12 4:11 p.m.10 views

Raising the Bar on Browser Attacks

VANCOUVER–If there’s one thing that emerged from all of the craziness that was CanSecWest, Pwn2Own and Pwnium, it’s that life is becoming more difficult for researchers and attackers looking to exploit modern browsers. It’s not impossible, of course, but it’s certainly not the warm-up exercise th...

0.5AI score
Exploits0References6
ThreatPost
ThreatPost
added 2012/01/16 5:7 p.m.18 views

Offensive Research Continuing to Advance

MIAMI BEACH–It’s the accepted wisdom these days that many of the traditional security defenses organizations depend on just aren’t effective at deterring attackers. But this glosses over the fact that the last few years have included some major advances in defensive technologies, including the...

0.9AI score
Exploits0References3
Rows per page
Query Builder