Remote code execution by launching Firefox from Internet Explorer — Mozilla

Internet Explorer calls registered URL protocols without escaping quotes and may be used to pass unexpected and potentially dangerous data to the application that registers that URL Protocol...

[SECURITY] Fedora 7 Update: bind-9.4.1-4.fc7

BIND Berkeley Internet Name Domain is an implementation of the DNS Domain Name System protocols. BIND includes a DNS server named, which resolves host names to IP addresses; a resolver library routines for applications to use when interfacing with DNS; and tools for verifying that the DNS server ...

RHEL 5 : bind (RHSA-2007:0057)

Updated bind packages that fix a security issue and a bug are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. ISC BIND Berkeley Internet Name Domain is an implementation of the DNS Domain Name Syste...

[NB07-10] Multiple vulnerabilities in Takebishi Electric DeviceXplorer MODBUS OPC server

Multiple vulnerabilities in Takebishi Electric DeviceXplorer MODBUS OPC server ============================================================================ == OPC servers provide a standard way to interoperate automation and control systems, bridging data from several industrial protocols such as...

[NB07-07] Multiple vulnerabilities in Takebishi Electric DeviceXplorer HIDIC OPC server

Multiple vulnerabilities in Takebishi Electric DeviceXplorer HIDIC OPC server ============================================================================ = OPC servers provide a standard way to interoperate automation and control systems, bridging data from several industrial protocols such as...

Moderate: Red Hat Security Advisory: bind security update

Updated bind packages that fix a security issue and a bug are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. ISC BIND Berkeley Internet Name Domain is an implementation of the DNS Domain Name Syste...

Microsoft Windows UPnP Service Remote Code Execution (MS07-019; CVE-2007-1204)

The Universal Plug and Play UPnP service in Microsoft Windows is vulnerable to remote code execution. UPnP is a set of computer network protocols that extends Plug and Play to allow computers and devices to configure network services automatically. A remote attacker may exploit this issue to caus...

[SECURITY] Fedora Core 6 Update: ekiga-2.0.5-3.fc6

Ekiga is a tool to communicate with video and audio over the internet. It uses the standard SIP and H323 protocols...

CVE-2007-0959

Cisco PIX 500 and ASA 5500 Series Security Appliances 7.2.2, when configured to inspect certain TCP-based protocols, allows remote attackers to cause a denial of service device reboot via malformed TCP packets...

SecurityVulns.com: Microsoft Visual C++ 8.0 standard library time functions invalid assertion DoS (Problem 3000).

Title: Microsoft Visual C++ 8.0 standard library time functions invalid assertion DoS Problem 3000. Product: Visual Studio 2005 Vendor: Microsoft Vulnerability class: Denial of Service Remote: application dependant, remote vector is possible CVE: CVE-2007-0842 Author: 3APA3A,...

Moderate: Red Hat Security Advisory: bind security update

Updated bind packages that fix a security issue and a bug are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. ISC BIND Berkeley Internet Name Domain is an implementation of the DNS Domain Name System protocols. A flaw was found i...

Re: [Full-disclosure] S21sec-034-en: Cisco VTP DoS vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello - Cisco has posted a Security Response in reference to this issue at the following URL: http://www.cisco.com/warp/public/707/cisco-sr-20070129-vtp.shtml Cisco Response ============== An issue has been reported to the Cisco PSIRT involving...

Apple QuickDraw InternalUnpackBits远程内存破坏漏洞

QuickDraw是Apple操作系统中所捆绑的图形处理工具。 QuickDraw在解析带有畸形ARGB记录的PICT图形时存在内存破坏漏洞，远程攻击者可能利用此漏洞对用户机器执行拒绝服务攻击。 如果用户受骗打开了恶意图形文件的话，就会触发这个漏洞，破坏传送给GetSrcBits32ARGB函数的指针，导致拒绝服务。 Apple Mac OS X 10.4.8 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： http://www.apple.com http://security-protocols.com/poc/sp-x43.pct...

MOAB-02-01-2007: VLC Media Player udp:// Format String Vulnerability

Summary The following description of the software is provided by vendor VideoLAN: VideoLAN is a software project, which produces free software for video, released under the GNU General Public License. The main product is the cross-platform VLC media player. The VLC media player is a highly portab...

[SECURITY] Fedora Core 6 Update: fetchmail-6.3.6-1.fc6

Fetchmail is a remote mail retrieval and forwarding utility intended for use over on-demand TCP/IP links, like SLIP or PPP connections. Fetchmail supports every remote-mail protocol currently in use on the Internet POP2, POP3, RPOP, APOP, KPOP, all IMAPs, ESMTP ETRN, IPv6, and IPSEC for retrieval...

Apple WebKit build 18794 - WebCore Remote Denial of Service

source: https://www.securityfocus.com/bid/22059/info Apple WebKit is prone to a denial-of-service vulnerability. Attackers may exploit this issue by enticing victims into opening a malicious HTML document with an application using the affected framework. Successful exploits will result in...

[SECURITY] Fedora Core 5 Update: wget-1.10.2-3.3.fc5

GNU Wget is a file retrieval utility which can use either the HTTP or FTP protocols. Wget features include the ability to work in the background while you are logged out, recursive retrieval of directories, file name wildcard matching, remote file timestamp storage and comparison, use of Rest wit...

Network protocols security: View from client side

Security of Common Application Network Protocols: A Client's Perspective Having received an offer to write an article about the security of network protocols and their vulnerabilities, at first I wanted to refuse - it seems that everything that can be written on this topic has already been writte...

OWASP JBroFuzz 0.3 Fuzzer Released!

JBroFuzz is an OWASP Project that emerged from penetration testing. It deals with fuzzing stateless network protocols such as HTTP, SOAP, XML, LDAP, etc. Apart from fancy terminology, JBroFuzz 0.3 has inbuilt the following Generators ready to be used: basic cross site scripting checks XSS basic S...

Free resources undetected streaming media download technical overview-vulnerability warning-the black bar safety net

Now focus on the description I'm looking for the url of the experience: 1, From html source code to find Open IE to view/view source file in the Notepad and then find the Streaming Media protocols such as rtsp\pnm\mms\mmst, etc. or find it in the extension swf\wmv\rm\asf\avi, maybe you can see...