Google Releases Web App Security Course

Google has released a new online training course for Web application developers designed to teach them how to avoid common programming mistakes that lead to vulnerabilities such as cross-site scripting, cross-site request forgery and others. The course, which is part of the company’s Google Code...

Debian DSA-2036-1 : jasper - programming error

It was discovered that the JasPer JPEG-2000 runtime library allowed an attacker to create a crafted input file that could lead to denial of service and heap corruption. Besides addressing this vulnerability, this updates also addresses a regression introduced in the security fix for CVE-2008-3521...

Microsoft Office Publisher File Conversion TextBox Processing Buffer Overflow Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office. Exploitation requires user interaction in that a victim must open a malicious PUB file. The specific flaw exists within the code responsible for converting files from the Publishe...

VUPEN Security Research - Sun Java JDK/JRE AWT Library Invalid Index Vulnerability

VUPEN Security Research - Sun Java JDK/JRE AWT Library Invalid Index Vulnerability http://www.vupen.com/english/research.php I. BACKGROUND --------------------- "Java is a programming language and computing platform released by Sun Microsystems. It is the underlying technology that powers...

Debian DSA-2027-1 : xulrunner - several vulnerabilities

Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2010-0174 Jesse Ruderman and Ehsan Akhgari discovered crashes...

DSA-2027-1 xulrunner - several vulnerabilities

Bulletin has no description...

Free MP3 CD Ripper 2.6 Buffer Overflow

Exploit Title: Free MP3 CD Ripper 2.6 0 day Date: 30/03/2010 Author: Richard leahy Software Link: http://www.soft32.com/Download/Free/FreeMP3CDRipper/4-250188-1.html Version: 2.6 Tested on: Windows Xp Sp2 to exploit this open up the application select file - wav converter - wav to mp3 use your...

Free MP3 CD Ripper 2.6 - .wav Local Overflow

Free MP3 CD Ripper 2.6 - .wav Local Overflow Exploit Title: Free MP3 CD Ripper 2.6 0 day Date: 30/03/2010 Author: Richard leahy Reference: http://www.exploit-db.com/exploits/11975/ Software Link: http://www.soft32.com/Download/Free/FreeMP3CDRipper/4-250188-1.html Version: 2.6 Tested on: Windows X...

Free MP3 CD Ripper 2.6 0day

Exploit for windows platform in category local exploits =========================== Free MP3 CD Ripper 2.6 0day =========================== Author: Richard leahy Software Link: http://www.soft32.com/Download/Free/FreeMP3CDRipper/4-250188-1.html Version: 2.6 Tested on: Windows Xp Sp2 category: loc...

[SECURITY] Fedora 13 Update: gnu-smalltalk-3.1-8.fc13

GNU Smalltalk is an implementation that closely follows the Smalltalk-80 language as described in the book Smalltalk-80: the Language and its Implementation' by Adele Goldberg and David Robson. The Smalltalk programming language is an object oriented programming language. Unlike other Smalltalks...

[SECURITY] Fedora 12 Update: gnu-smalltalk-3.1-8.fc12

GNU Smalltalk is an implementation that closely follows the Smalltalk-80 language as described in the book Smalltalk-80: the Language and its Implementation' by Adele Goldberg and David Robson. The Smalltalk programming language is an object oriented programming language. Unlike other Smalltalks...

Fedora Update for ruby FEDORA-2010-0533

Check for the Version of ruby OpenVAS Vulnerability Test Fedora Update for ruby FEDORA-2010-0533 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms of...

Sun Java Runtime Environment Type1 Font Parsing Integer Overflow (CVE-2009-1099)

Java Technology is a programing platform developed by Sun Microsystems which aims to provide a system for developing and deploying cross-platform applications. Java is used in a wide variety programs that are deployed on personal computers as well as embedded devices and cell phones. Java...

Debian DSA-1841-1 : git-core - denial of service

It was discovered that git-daemon which is part of git-core, a popular distributed revision control system, is vulnerable to denial of service attacks caused by a programming mistake in handling requests containing extra unrecognized arguments which results in an infinite loop. While this is no...

Debian DSA-1831-1 : djbdns - programming error

Matthew Dempsky discovered that Daniel J. Bernstein's djbdns, a Domain Name System server, does not constrain offsets in the required manner, which allows remote attackers with control over a third-party subdomain served by tinydns and axfrdns, to trigger DNS responses containing arbitrary record...

Debian DSA-1873-1 : xulrunner - programming error

Juan Pablo Lopez Yacubian discovered that incorrect handling of invalid URLs could be used for spoofing the location bar and the SSL certificate status of a web page. Xulrunner is no longer supported for the old stable distribution etch. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...

Debian DSA-1886-1 : iceweasel - several vulnerabilities

Several remote vulnerabilities have been discovered in the Iceweasel web browser, an unbranded version of the Firefox browser. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-3079 'mozbugra4' discovered that a programming error in the FeedWriter...

Debian DSA-1932-1 : pidgin - programming error

It was discovered that incorrect pointer handling in the purple library, an internal component of the multi-protocol instant messaging client Pidgin, could lead to denial of service or the execution of arbitrary code through malformed contact requests. %NASLMINLEVEL 70300 C Tenable Network...

Debian DSA-1938-1 : php-mail - programming error

It was discovered that php-mail, a PHP PEAR module for sending email, has insufficient input sanitising, which might be used to obtain sensitive data from the system that uses php-mail. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin wer...

Debian DSA-1889-1 : icu - programming error

It was discovered that the ICU unicode library performed incorrect processing of invalid multibyte sequences, resulting in potential bypass of security mechanisms. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debia...