ZDI-10-174: Hewlett-Packard Data Protector DtbClsLogin Utf8cpy Remote Code
Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-174
September 13, 2010
-- CVE ID:
CVE-2010-3007
-- CVSS:
10, (AV:N/AC:L/Au:N/C:C/I:C/A:C)
-- Affected Vendors:
Hewlett-Packard
-- Affected Produ
ZDI-10-176: Mozilla Firefox normalizeDocument Remote Code Execution
Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-176
September 13, 2010
-- CVE ID:
CVE-2010-2766
-- CVSS:
10, (AV:N/AC:L/Au:N/C:C/I:C/A:C)
-- Affected Vendors:
Mozilla Firefox
-- Affected Products:
Mozilla Fire
Hello,
Next Friday I will be running a web-based challenges contest. Winner will
be awarded with the new iPod touch from Apple. Thanks to Hispasec Sistemas
(you probably know them as the makers of VirusTotal service) from
sponsoring the prize.
Full info (registration currently open):
http://www.r
> Isn't *any* mechanism for code execution going to be effective with the use
> of social engineering? I mean, isn't that what we've known for years, that
> the weakest component of any security system is the users?
Yes, we know. Don't get us wrong. We're not telling Social Engineering.
We're tel
ZDI-10-173: Mozilla Firefox nsTreeSelection Dangling Pointer Remote Code
Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-173
September 13, 2010
-- CVE ID:
CVE-2010-2760
-- CVSS:
9, (AV:N/AC:L/Au:N/C:P/I:P/A:C)
-- Affected Vendors:
Mozilla Firefox
-- Affected Products
ZDI-10-172: Mozilla Firefox tree Object Removal Remote Code Execution
Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-172
September 13, 2010
-- CVE ID:
CVE-2010-3168
-- CVSS:
9, (AV:N/AC:L/Au:N/C:P/I:P/A:C)
-- Affected Vendors:
Mozilla Firefox
-- Affected Products:
Mozilla Fir
ZDI-10-171: Mozilla Firefox nsTreeContentView Dangling Pointer Remote Code
Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-171
September 13, 2010
-- CVE ID:
CVE-2010-3167
-- CVSS:
9, (AV:N/AC:L/Au:N/C:P/I:P/A:C)
-- Affected Vendors:
Mozilla Firefox
-- Affected Produc
ZDI-10-170: Apple Safari Webkit Runin Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-170
September 13, 2010
-- CVE ID:
CVE-2010-1806
-- CVSS:
9, (AV:N/AC:L/Au:N/C:P/I:P/A:C)
-- Affected Vendors:
Apple
-- Affected Products:
Apple WebKit
-- TippingPoint(TM
It was reported on 24th August already
http://www.exploit-db.com/exploits/14732/
It takes only a few seconds to check it
http://secunia.com/advisories/41083/
Juha-Matti
MustLive [mustl...@websecurity.com.ua] wrote:
> Hello Full-Disclosure!
>
> I want to warn you about DLL Hijacking vulnerabili
ZDI-10-169: Novell Netware SSHD.NLM Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-169
September 1, 2010
-- CVSS:
9, (AV:N/AC:L/Au:S/C:C/I:C/A:C)
-- Affected Vendors:
Novell
-- Affected Products:
Novell Netware
-- Vulnerability Details:
This vulnerability
Hello Full-Disclosure!
I want to warn you about DLL Hijacking vulnerability in Opera. As I wrote in
Saturday in my post DLL Hijacking in different browsers
(http://websecurity.com.ua/4522/), besides Mozilla Firefox (which was fixed
in version 3.6.9) there is also vulnerable such browser as Opera.
>DLL Hijacking is highly effective in combination with use of Social
Engineering Toolkit.
Isn't *any* mechanism for code execution going to be effective with the use
of social engineering? I mean, isn't that what we've known for years, that
the weakest component of any security system is the user
The game this year is entitled Capture the Captcha!
A Captcha is a type of challenge-response test used in computing to
ensure that the response is not generated by a computer. It is a
contrived acronym for "Completely Automated Public Turing test to tell
Computers and Humans Apart."
The process
==
Secunia Research 13/09/2010
- MailEnable SMTP Service Two Denial of Service Vulnerabilities -
==
Table of Contents
Affected Softwar
Christian Sciberras wrote:
> I can't take THAT seriously. At least not all of it.
>
> The part that interested me most:
>
>> 4. Should I find such vulnerability in many applications as I can?
>>
>> You should not. It's just a waste of time and your energy. Focus on most
>> popular application
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-
Debian Security Advisory DSA-2097-2 secur...@debian.org
http://www.debian.org/security/ Thijs Kinkhorst
September 11, 2010
fwd for FD
-
Mac OS X 10.6 Security Configuration Guide - Link Posted on NSA's IA Guidance
Portal
I am very pleased to announce the immediate availability of the much
anticipated Security Configuration Guide for Mac OS X 10.6 at the NSA
Information Assurance / Security Guidance Do
On 9/12/2010 4:43 PM, paul.sz...@sydney.edu.au wrote:
> Firefox's interpretation of the same-origin policy is more strict than
> most other browsers, and it affects how fonts are loaded with the
> @font-face CSS directive. ...
> There is a solution to this, however, if you manage the se
18 matches
Mail list logo