Google Extends Bug Bounty to Web Properties

Google is extending its nascent bug-bounty program to the Web applications that the company owns, including its flagship search service, YouTube and Blogger. The program will pay researchers rewards of up to $3133.7 for bugs that they find in Google Web services and report directly to the company...

NitroSecurity ESM v8.4.0a Remote Code Execution

Exploit for linux platform in category remote exploits =============================================== NitroSecurity ESM v8.4.0a Remote Code Execution =============================================== -- Product description: NitroView ESM is an enterprise-class security information and event...

Zen Cart 1.3.9f Local File Inclusion

Zen Cart v1.3.9f typefilter Local File Inclusion Vulnerability Vendor: Zen Ventures, LLC Product web page: http://www.zen-cart.com Version affected: 1.3.9f Summary: Zen Cart is an online store management system. It is PHP-based, using a MySQL database and HTML components. Support is provided for...

Achievo v1.4.3 Multiple Authorization Flaws / CSRF Vulnerability

Exploit for php platform in category web applications ================================================================ Achievo v1.4.3 Multiple Authorization Flaws / CSRF Vulnerability ================================================================ Vulnerability Description: It is possible to...

Apple Fixes 13 Bugs in Major OS X Patch Release

Apple released a patch Tuesday that fixes more than a dozen bugs, including a critical remote code-execution flaw in Apple Type Services. The patch release also includes a fix for a flaw in CFNetwork that enabled an attacker to intercept user credentials and other sensitive data silently on a...

Why Vulnerability Research Matters

It seems that any time there’s a high-profile incident in which a vulnerability is disclosed without a patch being available, there is an immediate and loud call from some corners to abolish the practice of vulnerability research. If researchers weren’t spending their days poking holes in softwar...

Adobe Photoshop CS4 Extended 11.0 ASL File Handling Remote BoF PoC

No description provided by source. / Title: Adobe Photoshop CS4 Extended 11.0 ASL File Handling Remote Buffer Overflow PoC Summary: The Adobe® Photoshop® family of products is the ultimate playground for bringing out the best in your digital images, transforming them into anything you can imagine...

Adobe Photoshop CS4 Extended 11.0 GRD File Handling Remote Buffer Overflow

/ Title: Adobe Photoshop CS4 Extended 11.0 GRD File Handling Remote Buffer Overflow PoC Summary: The Adobe® Photoshop® family of products is the ultimate playground for bringing out the best in your digital images, transforming them into anything you can imagine and showcasing them in extraordina...

3Com* iMC (Intelligent Management Center) - Cross-Site Scripting Information Disclosure Flaws

3Com iMC Intelligent Management Center - Cross-Site Scripting Information Disclosure Flaws PR10-02: Various XSS and information disclosure flaws within 3Com iMC Intelligent Management Center On the 12th April 2010 Hewlett Packard completed its acquisition of 3Com Vulnerability found: 29th January...

Mandriva Update for bind MDVSA-2010:021 (bind)

Check for the Version of bind OpenVAS Vulnerability Test Mandriva Update for bind MDVSA-2010:021 bind Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the ter...

Mandriva Update for bind MDVSA-2010:021 (bind)

Check for the Version of bind OpenVAS Vulnerability Test Mandriva Update for bind MDVSA-2010:021 bind Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the ter...

Mandriva Linux Security Advisory : bind (MDVSA-2010:021)

Some vulnerabilities were discovered and corrected in bind : The original fix for CVE-2009-4022 was found to be incomplete. BIND was incorrectly caching certain responses without performing proper DNSSEC validation. CNAME and DNAME records could be cached, without proper DNSSEC validation, when...

Secunia Research: Microsoft Windows Flash Player Movie Unloading Vulnerability

====================================================================== Secunia Research 12/01/2010 - Microsoft Windows Flash Player Movie Unloading Vulnerability - ====================================================================== Table of Contents Affected...

Microsoft Investigating New IIS Zero Day

Microsoft is investigating reports of a new zero-day vulnerability in its IIS Web server software, and says that the flaw is a problem mainly on servers that are poorly configured. The vulnerability, which first surfaced last week, exists in versions 6.0 and earlier of IIS, according to an adviso...

Microsoft Acknowledges IE7 Flaw

Microsoft has acknowledged a new unpatched vulnerability in Internet Explorer 6 and 7, and said that the company is investigating methods for fixing the flaw. The company said that although there is public exploit code available for the vulnerability, it has not seen any evidence of ongoing attac...

Palm Pre WebOS 1.0.4 Remote execution of arbitrary HTML code vulnerability

I. Description The Palm Pre WebOS version 1.0.4 and below allows a remote attacker to execute arbitrary HTML code on the phone via certain applications. The affected applications involve the native email client via the notifications system as well as the native calendar application. The vendor ha...

Adobe quarterly patch release should serve as an example

Adobe has become the third major software vendor to begin shipping its security updates on a regular schedule. Following the lead of Microsoft and Oracle, who have been releasing patches on a set schedule for many years, Adobe now will ship its patches once per quarter. It’s a move that’s overdue...

[Bkis-04-2009] GOM Encoder Heap-based Buffer Overflow

GOM Encoder Heap-based Buffer Overflow 1. General Information GOM Encoder is a video transcoder that can work with a lot of video formats. One of its functions is embedding subtitles to the video, which means you can see subtitles on the resulting video even if your device doesn't support subtitl...

Cisco Unity 7.0存在多个漏洞

BUGTRAQ ID: 31642 CNCAN ID：CNCAN-2008100906 Cisco Unity是一款面向企业级机构的统一通信解决方案。 Cisco Unity存在多个安全问题，包括： -Unity监听在动态UDP端口的多个服务处理特殊报文存在拒绝服务攻击。 -Unity server共享目录可泄漏信息给所有域用户。 -Unity server的会话管理看起来受限制，允许恶意用户使用所有可用户会话对合法管理者进行拒绝服务访问。要恢复新会话功能需要重新启动系统，重新启动默认WEB将不奏效。 -存在输入验证问题，导致多个跨站脚本攻击。 Cisco Unity 7.0...

iDefense Security Advisory 06.11.08: Multiple Vendor X Server MIT-SHM Extension Information Disclosure Vulnerability

iDefense Security Advisory 06.11.08 http://labs.idefense.com/intelligence/vulnerabilities/ Jun 11, 2008 I. BACKGROUND The X Window System is a graphical windowing system based on a client/server model. More information about about The X Window system is available at the following link...