How I Got Here: Katie Moussouris

Dennis Fisher talks with Katie Moussouris of Microsoft about her childhood exploits with Commodore 64 programming, ignoring her Barbies, growing up as a hacker, her days as a pen tester and the challenges of working on security at Microsoft. Download: 12moussouris.mp3 Microsoft image via Robert...

Software Defense: mitigating heap corruption vulnerabilities

Heap corruption vulnerabilities are the most common type of vulnerability that Microsoft addresses through security updates today. These vulnerabilities typically occur as a result of programming mistakes that make it possible to write beyond the bounds of a heap buffer a spatial issue or to plac...

[SECURITY] Fedora 18 Update: libguestfs-1.20.12-1.fc18

Libguestfs is a library for accessing and modifying guest disk images. Amongst the things this is good for: making batch configuration changes to guests, getting disk used/free statistics see also: virt-df, migrating between virtualization systems see also: virt-p2v, performing partial backups,...

Oracle Java java.awt.image.ByteComponentRaster Overflow

Added: 10/24/2013 CVE: CVE-2013-2473 BID: 60623 OSVDB: 94336 Background Java is a programming language that compiles programs to bytecode, which is then executed inside a Java Virtual Machine. This is optimal for applications that must run on various hardware platforms, such as web applets. Probl...

Oracle Java java.awt.image.ByteComponentRaster Overflow

Added: 10/24/2013 CVE: CVE-2013-2473 BID: 60623 OSVDB: 94336 Background Java is a programming language that compiles programs to bytecode, which is then executed inside a Java Virtual Machine. This is optimal for applications that must run on various hardware platforms, such as web applets. Probl...

Moderate: Red Hat Security Advisory: ruby193-ruby security update

Updated ruby193-ruby packages that fix one security issue are now available for Red Hat Software Collections 1. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity ratin...

Debian DSA-2768-1 : icedtea-web - heap-based buffer overflow

A heap-based buffer overflow vulnerability was found in icedtea-web, a web browser plugin for running applets written in the Java programming language. If a user were tricked into opening a malicious website, an attacker could cause the plugin to crash or possibly execute arbitrary code as the us...

DSA-2768-1 icedtea-web - heap-based buffer overflow

Bulletin has no description...

SilverStripe Framework CMS 3.0.5 Cross Site Scripting

Title: ====== SilverStripe Framework CMS 3.0.5 - Multiple Vulnerabilities Date: ===== 2013-09-23 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1084 VL-ID: ===== 1084 Common Vulnerability Scoring System: ==================================== 3.9 Introduction:...

[SECURITY] [DSA 2764-1] libvirt security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2764-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff September 25, 2013 http://www.debian.org/security/faq -...

[SECURITY] Fedora 19 Update: chicken-4.8.0.4-4.fc19

CHICKEN is a compiler for the Scheme programming language. CHICKEN produces portable, efficient C, supports almost all of the R5RS Scheme language standard, and includes many enhancements and extensions...

Debian DSA-2764-1 : libvirt - programming error

Daniel P. Berrange discovered that incorrect memory handling in the remoteDispatchDomainMemoryStats function could lead to denial of service. The oldstable distribution squeeze is not affected. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this...

Debian Security Advisory DSA 2764-1 (libvirt - programming error)

Daniel P. Berrange discovered that incorrect memory handling in the remoteDispatchDomainMemoryStats function could lead to denial of service. The oldstable distribution squeeze is not affected. OpenVAS Vulnerability Test $Id: deb2764.nasl 6611 2017-07-07 12:07:20Z cfischer $ Auto-generated from...

Debian Security Advisory DSA 2594-1 (virtualbox-ose - programming error)

halfdog discovered that incorrect interrupt handling in VirtualBox, a x86 virtualization solution, can lead to denial of service. OpenVAS Vulnerability Test $Id: deb25941.nasl 14276 2019-03-18 14:43:56Z cfischer $ Auto-generated from advisory DSA 2594-1 using nvtgen 1.0 Script version: 1.0 Author...

Debian Security Advisory DSA 2586-1 (perl - several vulnerabilities)

Two vulnerabilities were discovered in the implementation of the Perl programming language: CVE-2012-5195The x operator could cause the Perl interpreter to crash if very long strings were created. CVE-2012-5526The CGI module does not properly escape LF characters in the Set-Cookie and P3P headers...

Ruby Programming Language 1.7 File Upload

TITLE: Unauthenticated Remote File Upload via HTTP for ruby-Programming language 1.7 on iOS Date: 8/1/2013 Author: Larry W. Cashdollar, @larry0 Download: https://itunes.apple.com/us/app/ruby-programming-language/id581732143?mt=8&ls=1 http://www.tayutec.com/indexen.html Description: "This is an io...

Perl Programming Language 1.6 File Upload

TITLE: Unauthenticated Remote File Upload via HTTP for perl-Programming language 1.6 on iOS Date: 8/1/2013 Author: Larry W. Cashdollar, @larry0 Download: https://itunes.apple.com/us/app/perl-programming-language/id578116006?mt=8&ls=1 http://www.tayutec.com/indexen.html Description: "This is an io...

DefCamp 2013 - International Hacking and Information Security Conference in Romania

The Fourth Edition of an International Information Security Conference hosted in Romania , The DefCamp 2013 is now open for Call for Papers. Over 300 Security experts, Researchers, and Enthusiasts from Romania and neighboring countries are expected to take part in the event in Bucharest, at the...

Lua-Programming Language 1.6 File Upload

TITLE: Unauthenticated Remote File Upload via HTTP for lua-Programming language 1.6 on iOS Date: 8/1/2013 Author: Larry W. Cashdollar, @larry0 Download: https://itunes.apple.com/us/app/lua-programming-language/id505972017?mt=8&ls=1 http://www.tayutec.com/indexen.html Description: "Please download...

Ruby Gem Features 0.3.0 Injection

Title: Features 0.3.0 Ruby gem file injection vulnerability Date: 9/1/2013 Author: Larry W. Cashdollar @larry0 Download: http://rubygems.org/gems/features Description: "Plaintext User Stories Parser supporting native programming languages. Especially Objective-C" Same vulnerability as...