186 matches found
Interview VZ Technocrate - Cyberwar & Activities 2011
Document Title: =============== Interview VZ Technocrate - Cyberwar & Activities 2011 References: =========== View: http://www.youtube.com/watch?v=qNUNZP8Rpfk Download: https://www.vulnerability-lab.com/resources/iv-07-technocrate.mp3 Release Date: ============= 2011-06-26 Vulnerability Laborator...
Fedora 15 : subversion-1.6.17-1.fc15 (2011-8352)
This update includes the latest release of Subversion, fixing three security issues : An infinite loop flaw was found in the way the moddavsvn module processed certain data sets. If the SVNPathAuthz directive was set to 'shortcircuit', and path-based access control for files and directories was...
Apple Hires New Security Chief
Apple has hired a software security expert to head up its growing internal security group. The company has hired David Rice, a former National Security Agency analyst and consultant on security issues, according to reports. Rice is currently the director of policy reform at the U.S. Cyber...
[CORE-2010-0624] MS OpenType CFF Parsing Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://corelabs.coresecurity.com/ MS OpenType CFF Parsing Vulnerability 1. Advisory Information Title: MS OpenType CFF Parsing Vulnerability Advisory Id: CORE-2010-0624 Advisory URL:...
ZDI-10-139: Novell iPrint Client Browser Plugin Parameter Name Remote Code Execution
ZDI-10-139: Novell iPrint Client Browser Plugin Parameter Name Remote Code Execution http://www.zerodayinitiative.com/advisories/ZDI-10-139 August 5, 2010 -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -- Affected Vendors: Novell -- Affected Products: Novell iPrint -- TippingPointTM IPS Customer...
NTSOFT BBS E-Market Professional Cross Site Scripting
+================================================================================================+ + NTSOFT BBS E-Market Professional & XSS and Remote Execution Evil code + +================================================================================================+ Authors: Ivan Sanchez...
Interscan Web Security 5.0 - Arbitrary File Upload / Privilege Escalation
Advisory Name: Local Privilege Escalation in InterScan Web Security Virtual Apliance 5.0 Internal Cybsec Advisory Id: 2010-0604 Vulnerability Class: Local Privilege Escalation Release Date: 22-06-2010 Affected Applications: InterScan Web Security Virtual Aplliance 5.0. Other versions may be...
Apple Snags former Mozilla Security Chief
Apple has hired former Microsoft and Mozilla security specialist Window Snyder to help secure its Mac ecosystem. Snyder, who last worked as Mozilla’s security chief, confirmed she is joining Apple as senior product manager for security. At Mozilla, Snyder introduced the concept of threat modeling...
Huawei HG510 CSRF, Auth Bypass, DoS
Hello, Huawei HG510 is a device offered by the Serbian telecom operator, to provide ADSL Internet connection. Administration of settings on this device is allowed only from local LAN network but not only from private IP address eg 192.168.1.1 then You can access with public IP address only from...
Ivan Arce, Core Security
I’m not sure there are too many people around who put more serious thought into their answers in an interview than Ivan does. He doesn’t just throw out a flip sound bite that he knows will make good copy. Instead, he’s much more interested in having a discussion, explaining the reasoning behind h...
FreePBX 2.5.1 - SQL Injection
FreePBX 2.5.1 - SQL Injection Advisory Name: SQL injection in FreePBX 2.5.1 Internal Cybsec Advisory Id: 2010-0103 Vulnerability Class: SQL injection Release Date: 15/01/2010 Affected Applications: Confirmed in FreePBX 2.5.1. Other versions may also be affected. Affected Platforms: Any running...
FreePBX 2.5.1 - SQL Injection
Advisory Name: SQL injection in FreePBX 2.5.1 Internal Cybsec Advisory Id: 2010-0103 Vulnerability Class: SQL injection Release Date: 15/01/2010 Affected Applications: Confirmed in FreePBX 2.5.1. Other versions may also be affected. Affected Platforms: Any running FreePBX 2.5.1 Local / Remote:...
FreePBX 2.5.x < 2.6.0 - Persistent Cross-Site Scripting
Advisory Name: Permanent Cross-Site Scripting XSS in FreePBX 2.5.x – 2.6.0 Internal Cybsec Advisory Id: 2010-0102 Vulnerability Class: Permanent Cross-Site Scripting XSS Release Date: 15/01/2010 Affected Applications: Confirmed in FreePBX 2.5.x and 2.6.0 - Other versions may also be affected...
The All-Decade Interview Team
It occurred to me recently that I’ve been covering the security industry for just about 10 years. That’s a long time to be doing anything, and especially to be writing about one topic. But it’s hard to think of something that would have been much more interesting to cover this decade, given the...
ZDI-09-069: Microsoft Windows Media Player Audio Voice Sample Rate Memory Corruption Vulnerability
ZDI-09-069: Microsoft Windows Media Player Audio Voice Sample Rate Memory Corruption Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-09-069 October 13, 2009 -- CVE ID: CVE-2009-0555 -- Affected Vendors: Microsoft -- Affected Products: Microsoft Windows Media Player 11 Microsoft...
ZDI-09-072: Microsoft Windows GDI+ TIFF Parsing Code Execution Vulnerability
ZDI-09-072: Microsoft Windows GDI+ TIFF Parsing Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-09-072 October 13, 2009 -- CVE ID: CVE-2009-2503 -- Affected Vendors: Microsoft -- Affected Products: Microsoft Windows Vista Microsoft Windows XP Microsoft Windows Server...
Vulnerability in OpenSSL CVE-2009-0591
The function CMSverify does not correctly handle an error condition involving malformed signed attributes. This will cause an invalid set of signed attributes to appear valid and content digests will not be checked. Found by Ivan Nestlerode, IBM...
Inside the OLPC security story
One of my favorite talks on computer security is this one by Ivan Krstic, the former head of security development for the ambitious One Laptop per Child project:...
ZDI-08-056: Microsoft Windows GDI+ GIF Parsing Code Execution Vulnerability
ZDI-08-056: Microsoft Windows GDI+ GIF Parsing Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-08-056 September 9, 2008 -- CVE ID: CVE-2008-3013 -- Affected Vendors: Microsoft -- Affected Products: Microsoft Windows Server 2008 Microsoft Windows XP Microsoft Windows...
hordekrono-xss.txt
+==========================================================================+ + Horde & Kronolith Calendar Application & XSS Vulnerabilities + +==========================================================================+ Authors: Ivan Sanchez Product: Kronolith Calendar Application Web:...