[Full-disclosure] PAPER: Security Mitigations for Return-Oriented Programming Attacks

ABSTRACT With the discovery of new exploit techniques, new protection mechanisms are needed as well. Mitigations like DEP (Data Execution Prevention) or ASLR (Address Space Layout Randomization) created a significantly more difficult environment for vulnerability exploitation. Attackers, howev

[Full-disclosure] [Bkis-04-2010] Multiple Vulnerabilities in OpenBlog

[Bkis-04-2010] Multiple Vulnerabilities in OpenBlog 1. General Information OpenBlog is a free software for developing blogging platform. OpenBlog is written on PHP language and available at http://www.open-blog.info. In August 2010, Bkis Security discovered some XSS, CSRF vulnerabilities on this

[Full-disclosure] e107 CMS Multiple Vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Vulnerability Report Details of this report may also be found at http://www.madirish.net/?article=471 Description of Vulnerability: - - e107 (http://e107.org) is a PHP/MySQL based content management system. e107 allows an

[Full-disclosure] [ MDVSA-2010:157 ] freetype2

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2010:157 http://www.mandriva.com/security/ _

[Full-disclosure] [ MDVSA-2010:156 ] freetype2

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2010:156 http://www.mandriva.com/security/ _