If it’s about security, you heard it here first
BASE – 3 Persistent Cross Site Scripting Vulnerabilities
Posted by Jabra on May 30
BASE, a well known Snort Frontend has 3 Persistent Cross Site Scripting Vulnerabilities.
For those who don’t know, Cross-Site Scripting allows the attacker to inject Javascript to modify the functionality of the webpages. Since this vulnerability exists in [...]
Is FFSpy a hoax?
Posted by FFSpy Buster on May 30
Hi,
I have been watching the discussion on FFSpy since the last few weeks. Duarte Silva, the author first posted it here: myf00.net/?p=18
He also believes that the addon mechanism of all software is flawed from security standpoint. He says that [...]
Re: Whitepaper
Posted by Jeffrey Walton on May 29
Hi Jared,
Regarding ‘The Digital Examination Process: Closing Gaps with New Technology’,et al. From the page: "This paper introduces new technology called Crucial Vision that addresses this widespread need."
It seems to me that if Crucial Security wants to reach the widest [...]
Microsoft DirectShow Remote Code Execution Vulnerability
Summary:
Fortinet’s FortiGuard Global Security Research Team investigates a vulnerability in Microsoft DirectX (DirectShow) through a specially crafted QuickTime media file.
Impact:
Remote Code Execution.
Affected Software:
DirectX 7.0 on Microsoft Windows 2000 Service Pack 4
DirectX 8.1 on Microsoft Windows 2000 Service Pack 4
DirectX 9.0 on Microsoft Windows 2000 Service Pack 4
DirectX 9.0 on Windows [...]
VMSA-2009-0007 VMware Hosted products and ESX and ESXi patches resolve security issues
Posted by VMware Security team on May 28
———————————————————————— VMware Security Advisory
Advisory ID: VMSA-2009-0007 Synopsis: VMware Hosted products and…
URL: http://seclists.org/fulldisclosure/2009/May/0269.html
[TZO-27-2009] Firefox Denial of Service (Keygen)
<!– Envelope-to: email@address Delivery-date: Thu, 28 May 2009 20:46:55 +0100 Received: from outgoing.securityfocus.com ([205.206.231.26] helo=outgoing2.securityfocus.com) by lt.network5.net with esmtp (Exim 4.43) id 1M9lZ1-0004Rq-7A for email@address; Thu, 28 May 2009 20:46:55 +0100 Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20]) by outgoing2.securityfocus.com (Postfix) with QMQP id AB551143D35; Thu, 28 May 2009 13:43:40 -0600 (MDT) [...]
rPSA-2009-0092-1 ntp ntp-utils
<!– Envelope-to: email@address Delivery-date: Thu, 28 May 2009 16:14:57 +0100 Received: from outgoing.securityfocus.com ([205.206.231.26] helo=outgoing2.securityfocus.com) by lt.network5.net with esmtp (Exim 4.43) id 1M9hJp-0006Wx-Lx for email@address; Thu, 28 May 2009 16:14:57 +0100 Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20]) by outgoing2.securityfocus.com (Postfix) with QMQP id 065D81439E1; Thu, 28 May 2009 09:05:18 -0600 (MDT) Mailing-List: contact bugtraq-help@securityfocus.com; [...]
Survey: quotMIMEContent-Type-Sniffingquot Issues in Image Uploads in Forum Scripts
Posted by Jacques Copeau on May 28
Survey: "MIME/Content-Type-Sniffing" Issues in Image Uploads in Forum Scripts Author: Jacques Copeau
Abstract ==================================================== Internet Explorer, especially versions 7 and 6, can be tricked to treat images as html, opening XSS vulnerabilities in…
URL: http://seclists.org/fulldisclosure/2009/May/0255.html
Re: [TZO-26-2009] Firefox (all?) Denial ofService through unclamped loop (SVG)
Posted by OTB on May 28
Sure, you say that now, but wait until I maliciously entice you to click on my BROWSER-HANGING SVG OF DEATH!!!!!!!
Chris Evans wrote: > On Wed, May 27, 2009 at 12:03 PM, Thierry Zoller <Thierry_at_zoller.lu [...]
[Bkis-09-2009] XSS vulnerability in Monitor_Bandwidth – PRTG Traffic Grapher
Posted by Bkis on May 28
XSS vulnerability in ‘Monitor_Bandwidth’ – PRTG Traffic Grapher <http://blog.bkis.com/?p=704>
1. General information
PRTG Traffic Grapher is a network monitoring solution, which helps manage and classify bandwidth usage of a network by providing accurate [...]
[TZO-27-2009] Firefox Denial of Service (Keygen)
Posted by Thierry Zoller on May 28
URL: http://seclists.org/fulldisclosure/2009/May/0246.html
Vuln: Citrix Password Manager Secondary Credentials Local Information Disclosure Vulnerability
Citrix Password Manager Secondary Credentials Local Information Disclosure Vulnerability
URL: http://www.securityfocus.com/bid/35133
rPSA-2009-0091-1 cyrus-sasl cyrus-sasl-server
Posted by rPath Update Announcements on May 27
rPath Security Advisory: 2009-0091-1 Published: 2009-05-27 Products: rPath Appliance Platform Linux Service 1 rPath Appliance Platform Linux Service 2 rPath Linux 1 rPath Linux 2
Rating:…
URL: http://seclists.org/fulldisclosure/2009/May/0250.html
Bugtraq: Re[2]: [Full-disclosure] Addendum : [TZO-26-2009] Firefox (all?) Denial of Service through unclamped loop (SVG)
Re[2]: [Full-disclosure] Addendum : [TZO-26-2009] Firefox (all?) Denial of Service through unclamped loop (SVG)
URL: http://www.securityfocus.com/archive/1/503851
Re[2]: Addendum : [TZO-26-2009] Firefox (all?) Denial of Service through unclamped loop (SVG)
<!– Envelope-to: email@address Delivery-date: Wed, 27 May 2009 20:49:48 +0100 Received: from outgoing.securityfocus.com ([205.206.231.27] helo=outgoing3.securityfocus.com) by lt.network5.net with esmtp (Exim 4.43) id 1M9P8G-000753-Ez for email@address; Wed, 27 May 2009 20:49:48 +0100 Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20]) by outgoing3.securityfocus.com (Postfix) with QMQP id 7EB3723716A; [...]
Threat Expert