Security Hero Rotating Header Image

Security

HP OpenView NNM ovalarm.exe CGI Accept-Language Stack Overflow Vulnerability

Bugtraq: TPTI-09-12: HP OpenView NNM ovalarm.exe CGI Accept-Language Stack Overflow Vulnerability

TPTI-09-12: HP OpenView NNM ovalarm.exe CGI Accept-Language Stack Overflow Vulnerability

URL: http://www.securityfocus.com/archive/1/508355

HP OpenView NNM ovwebsnmpsrv.exe OVwSelection Stack Overflow Vulnerability

Bugtraq: TPTI-09-14: HP OpenView NNM ovwebsnmpsrv.exe OVwSelection Stack Overflow Vulnerability

TPTI-09-14: HP OpenView NNM ovwebsnmpsrv.exe OVwSelection Stack Overflow Vulnerability

URL: http://www.securityfocus.com/archive/1/508357

Symantec Multiple Products VRTSweb.exe Remote Code Execution Vulnerability

Bugtraq: ZDI-09-098: Symantec Multiple Products VRTSweb.exe Remote Code Execution Vulnerability

ZDI-09-098: Symantec Multiple Products VRTSweb.exe Remote Code Execution Vulnerability

URL: http://www.securityfocus.com/archive/1/508358

HP OpenView NNM snmpviewer.exe CGI Host Header Stack Overflow Vulnerability

Bugtraq: TPTI-09-13: HP OpenView NNM snmpviewer.exe CGI Host Header Stack Overflow Vulnerability

TPTI-09-13: HP OpenView NNM snmpviewer.exe CGI Host Header Stack Overflow Vulnerability

URL: http://www.securityfocus.com/archive/1/508356

ffmpeg

[ MDVSA-2009:297-1 ] ffmpeg

Posted by security on Dec 05

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2009:297-1

http://www.mandriva.com/security/

_______________________________________________________________________

Package : ffmpeg

Date : December 5, 2009

Affected: 2008.0

_______________________________________________________________________

Problem Description:

Vulnerabilities have been…

URL: http://seclists.org/fulldisclosure/2009/Dec/133

out of box scanner

Re: out of box scanner

Posted by Nathan Grandbois on Dec 04

John Bennett wrote:

John,

You might want to take a look at the WASC list here:

http://projects.webappsec.org/Web-Application-Security-Scanner-List

The thread is still under discussion on the webappsec mailing list.

_nathan

URL: http://seclists.org/pen-test/2009/Dec/5

Autodesk Maya Script Nodes Arbitrary Command Execution

Bugtraq: CORE-2009-0910: Autodesk Maya Script Nodes Arbitrary Command Execution

CORE-2009-0910: Autodesk Maya Script Nodes Arbitrary Command Execution

URL: http://www.securityfocus.com/archive/1/508013

DoS vulnerability in Internet Explorer

Bugtraq: Re: DoS vulnerability in Internet Explorer

Re: DoS vulnerability in Internet Explorer

URL: http://www.securityfocus.com/archive/1/507759

Dark side of bookmarks

Dark side of bookmarks

Posted by MustLive on Nov 01

Hello participants of Full-Disclosure!

After my articles about different attacks via redirectors – Redirectors: the

phantom menace (http://websecurity.com.ua/3495/) and Attacks via closed

redirectors (http://websecurity.com.ua/3531/), here is my new article. This

time about attacks via bookmarks. In article Dark side of bookmarks

(http://websecurity.com.ua/3643/) I’ll tell you about risks of bookmarks in

browsers.

There are possible next…

URL: http://seclists.org/fulldisclosure/2009/Nov/0

ARM Expects Mobile Phones with Dual-Core Processors Next Year.

ARM Expects Mobile Phones with Dual-Core Processors Next Year.

Dual-core central processing units (CPUs) were considered a breakthrough in the personal computer industry back in 2005. In 2010, dual-core chips, albeit powered by processors with different micro-architecture, are set to enter the market of mobile phones, according to ARM, a leading developer of processors for portable electronics.

“We don¡¦t need silly GHz speeds. With our dual-core A9, we can get two times the performance, without the speed draining the battery, so by the time you get home your phone is dead,¡¨ said Rob Coombs, director of mobile solutions for ARM, in an interview with TechRadar web-site.

Mr. Coombs added that ARM hopes that actual implementers would introduce dual-core processors for mobile phones sometime in 2010, but still, delays to 2011 were possible.

URL: http://www.hackinthebox.org/index.php?name=News&file=article&sid=33626

/proc filesystem allows bypassing directory permissions on

Bugtraq: Re: /proc filesystem allows bypassing directory permissions on

Re: /proc filesystem allows bypassing directory permissions on

URL: http://www.securityfocus.com/archive/1/507584

/proc filesystem allows bypassing directory permissions on

Bugtraq: Re: /proc filesystem allows bypassing directory permissions on

Re: /proc filesystem allows bypassing directory permissions on

URL: http://www.securityfocus.com/archive/1/507584

/proc filesystem allows bypassing directory permissions on Linux

Bugtraq: Re: /proc filesystem allows bypassing directory permissions on Linux

Re: /proc filesystem allows bypassing directory permissions on Linux

URL: http://www.securityfocus.com/archive/1/507473

2910 (kernel)

CVE-2009-2910 (kernel)

arch/x86/ia32/ia32entry.S in the Linux kernel before 2.6.31.4 on the x86_64 platform does not clear certain kernel registers before a return to user mode, which allows local users to read register values from an earlier process by switching an ia32 process to 64-bit mode.

URL: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2910

insecure elements in https protected pages

insecure elements in https protected pages

Posted by Mohammad Hosein on Oct 18

in a certain web application e.g gmail there are times the whole

communication is secured by ssl and sometimes "there are insecure elements"

that raise questions . i’m not a web professional . how to find these

insecure elements ? and how to evaluate if these elements are the results of

a successful man in the middle attack or not ?

regards

URL: http://seclists.org/fulldisclosure/2009/Oct/251