DARPA, FIDO Alliance Join Race to Replace Passwords

Nearly everyone agrees that passwords are the bane of Internet security. For years, industry thinkers have somewhat vaguely referenced the need for Internet fingerprints capable of reliably verifing identities online. Yet here we are, it’s 2013 and passwords remain the primary means of...

EFF Data Shows Four CAs Compromised Since June

The EFF, through the use of its SSL Observatory, has taken a look at the data from certificate revocation lists for SSL certificates in recent months, and found that there were four separate CAs compromised in the last four months. The data that the EFF looked at was a summary of the reasons that...

[SECURITY] Fedora 15 Update: cyrus-imapd-2.4.12-1.fc15

The cyrus-imapd package contains the core of the Cyrus IMAP server. It is a scaleable enterprise mail system designed for use from small to large enterprise environments using standards-based internet mail technologies. A full Cyrus IMAP implementation allows a seamless mail and bulletin board...

Troubling Cracks Showing in Internet's Security Foundation

The revelation last week that researchers Thai Duong and Juliano Rizzo had developed a new attack on SSL that gives them the ability to decrypt some protected sessions on the fly sparked a lot of discussions about the inherent problems of the protocol and whether it has outlived its usefulness. B...

Mozilla Firefox <= 1.0.6 (Host:) Buffer Overflow DoS String

No description provided by source. !-- Mozilla Firefox = 1.0.6 Host: Buffer Overflow DoS String Formatted for your tesing /str0ke Tom Ferris www.security-protocols.com Versions Affected: Firefox Win32 1.0.6 and prior Firefox Linux 1.0.6 and prior Firefox 1.5 Beta 1 Deer Park Alpha 2...

MS Internet Explorer 7.0 Beta 2 (urlmon.dll) Denial of Service Vuln

No description provided by source. !--- Internet Explorer 7.0 Beta 2 urlmon.dll DoS Discovered by: Tom Ferris tommyatsecurity-protocolsdotcom Tested on: Windows XP SP2 Vulnerable Versions: IE 7.0.5296.0 1/31/2006 Security-Protocols.com ...

Apple QuickDraw InternalUnpackBits远程内存破坏漏洞

QuickDraw是Apple操作系统中所捆绑的图形处理工具。 QuickDraw在解析带有畸形ARGB记录的PICT图形时存在内存破坏漏洞，远程攻击者可能利用此漏洞对用户机器执行拒绝服务攻击。 如果用户受骗打开了恶意图形文件的话，就会触发这个漏洞，破坏传送给GetSrcBits32ARGB函数的指针，导致拒绝服务。 Apple Mac OS X 10.4.8 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： http://www.apple.com http://security-protocols.com/poc/sp-x43.pct...

Apple WebKit build 18794 - WebCore Remote Denial of Service

source: https://www.securityfocus.com/bid/22059/info Apple WebKit is prone to a denial-of-service vulnerability. Attackers may exploit this issue by enticing victims into opening a malicious HTML document with an application using the affected framework. Successful exploits will result in...

Apple Mac OS X Safari <= 2.0.3 (417.9.2) Multiple Vulnerabilities PoC

No description provided by source. !--- Safari 2.0.3 417.9.2 CELLSPACING Issue.. Discovered by: Tom Ferris tommyatsecurity-protocolsdotcom Tested on: Mac OS X 10.4.5 using Safari 03/16/2006 Security-Protocols.com Advisory: http://www.security-protocols.com/advisory/sp-xxx This program is free...

Apple Mac OSX Safari 2.0.3 (417.9.2) - Multiple Vulnerabilities

Apple Mac OSX Safari 2.0.3 417.9.2 - Multiple Vulnerabilities Tested on: Mac OS X 10.4.5 using Safari 03/16/2006 Security-Protocols.com Advisory: http://www.security-protocols.com/advisory/sp-xxx This program is free software; you can redistribute it and/or modify it under the terms of the GNU...

[NT] Internet Explorer 7.0 Beta 2 urlmon.dll Buffer Overflow

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...

pwnzilla.txt

/ SSSSSSS, SSSSSSS' PwnZilla 5 - One sploit fits all. FireFox optimized iSY iS; .sS Exploit for IDN host name heap buffer overrun in .SSSSSSS .sS Mozilla browsers FireFox, Mozilla and Netscape iS; .sS Copyright C 2003-2005 by Berend-Jan Wever. .SS sSSSSSSP Official release:...

[Full-disclosure] Mozilla Firefox "Host:" Buffer Overflow

Mozilla Firefox "Host:" Buffer Overflow Release Date: September 8, 2005 Date Reported: September 4, 2005 Severity: Critical Vendor: Mozilla Versions Affected: Firefox Win32 1.0.6 and prior Firefox Linux 1.0.6 and prior Firefox 1.5 Beta 1 Deer Park Alpha 2 Overview: A buffer overflow vulnerability...

MS Windows XP SP2 (rdpwd.sys) Remote Kernel DoS Exploit

Exploit for unknown platform in category dos / poc ======================================================= MS Windows XP SP2 rdpwd.sys Remote Kernel DoS Exploit ======================================================= // get SPIKE here: http://www.immunitysec.com/resources-freesoftware.shtml /str0...

Voice VLAN Access/Abuse Possible on Cisco voice-enabled, 802.1x-secured Interfaces

========================================================================== Title: Voice VLAN Access/Abuse Possible on Cisco voice-enabled, 802.1x-secured Interfaces Vulnerability Discovery: FishNet Security - http://www.fishnetsecurity.com Date: 06/08/2005 Severity: Medium - Voice VLAN locally...

[Full-disclosure] AOL AIM Instant Messenger Buddy Icon "ateimg32.dll" DoS

AOL AIM Instant Messenger Buddy Icon "ateimg32.dll" DoS Release Date: June 6, 2005 Date Reported: June 6, 2005 Severity: Medium? if you can exploit it, email me. ;- Vendor: AOL Systems Affected: AIM 5.9.3797 for Windows 98/ME/2K/XP 5.96 MB and all prior versions. Affected Platforms: Windows...

IRC

...

Microsoft ASN.1 BitString Encoding Attack (MS04-007; CAN-2003-0818)

...

Multiple Vulnerabilities in FlatNuke

CODEBUG Labs Advisory 6 Title: Multiple Vulnerabilities in Flat-nuke Author: Pierquinto 'Mantra' Manco English Version: David 'hanska' Paleino Product: Flat-Nuke 2.5.1 Type: Multiple Vulnerabilities Web: http://www.codebug.org - Software Page www.flatnuke.org "FlatNuke is a CMS Content Management...

Hydra: SSH2

This plugin runs Hydra to find SSH2 accounts and passwords by brute force. To use this plugin, enter the 'Logins file' and the 'Passwords file' under the 'Hydra NASL wrappers options' advanced settings block. TRUSTED...