vulnerability headlines
- SLAED CMS Installation Script Unauthorized Access
- Orbital Viewer ".orb" File Stack-Based Buffer Overflow
- Arab Cart "showimg.php" Cross-Site Scripting and SQL Injection Vulnerabilities
- OpenInferno OI.Blogs Multiple Local File Include Vulnerabilities
- My Little Forum "contact.php" SQL Injection
- Uiga Fan Club and Personal Portal "id" Parameter SQL Injection
- Softbiz Recipes Portal and Link Directory Script "showcats.php" SQL Injection
- HD FLV Player Component for Joomla! "id" Parameter SQL Injection
- Pre Multi-Vendor E-Commerce Solution "detail.php" SQL Injection
- Oracle Siebel "loyalty_enu/start.swe" Cross-Site Scripting
- Vuln: Linux Kernel KVM Segment Selector Loading Local Privilege Escalation Vulnerability
- Vuln: Linux Kernel KVM Multiple Privilege Escalation and Denial of Service Vulnerabilities
- Vuln: Squid Web Proxy Cache HTCP Request Processing Remote Denial of Service Vulnerability
- Vuln: Microsoft Excel FNGROUPNAME Record Remote Code Execution Vulnerability
- VU#744549: Microsoft Internet Explorer iepeers.dll use-after-free vulnerability
- MS10-016 - Important: Vulnerability in Windows Movie Maker Could Allow Remote Code Execution (975561)
- MS10-017 - Important: Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (980150)
- VU#154421: Energizer DUO USB battery charger software allows unauthorized remote system access
- VU#576029: libpng stalls on highly compressed ancillary chunks
- VU#612021: Internet Explorer VBScript Windows Help arbitrary code execution
- VU#166739: APC Network Management Card web interface vulnerable to cross-site scripting and cross-site request forgery
- VU#869993: Panda Security ActiveScan fails to properly validate downloaded software
- MS10-003 - Important: Vulnerability in Microsoft Office (MSO) Could Allow Remote Code Execution (978214)
- MS10-004 - Important: Vulnerabilities in Microsoft Office PowerPoint Could Allow Remote Code Execution (975416)
- MS10-005 - Moderate: Vulnerability in Microsoft Paint Could Allow Remote Code Execution (978706)
- MS10-006 - Critical: Vulnerabilities in SMB Client Could Allow Remote Code Execution (978251)
- MS10-007 - Critical: Vulnerability in Windows Shell Handler Could Allow Remote Code Execution (975713)
- MS10-008 - Critical: Cumulative Security Update of ActiveX Kill Bits (978262)
- MS10-009 - Critical: Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution (974145)
- MS10-010 - Important: Vulnerability in Windows Server 2008 Hyper-V Could Allow Denial of Service (977894)
- MS10-011 - Important: Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (978037)
- MS10-012 - Important: Vulnerabilities in SMB Server Could Allow Remote Code Execution (971468)
- MS10-013 - Critical: Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (977935)
- MS10-014 - Important: Vulnerability in Kerberos Could Allow Denial of Service (977290)
- MS10-015 - Important: Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (977165)
- MS10-002 - Critical: Cumulative Security Update for Internet Explorer (978207)
- VU#360341: BIND 9 DNSSEC validation code could cause fake NXDOMAIN responses
- VU#144233: Rockwell Automation Allen-Bradley MicroLogix PLC authentication and authorization vulnerabilities
- VU#492515: Microsoft Internet Explorer HTML object memory corruption vulnerability
- VU#773545: NOS Microsystems Adobe getPlus Helper ActiveX control stack buffer overflows
- VU#204889: Windows XP Macromedia Flash 6 ActiveX control use-after-free vulnerability
- MS10-001 - Critical: Vulnerability in the Embedded OpenType Font Engine Could Allow Remote Code Execution (972270)
- VU#750796: Liferay Portal p_p_id parameter vulnerable to persistent cross-site scripting
- VU#571629: S2 Security Linear eMerge Access Control System management component vulnerable to unauthenticated factory reset
- VU#508357: Adobe Acrobat and Reader contain a use-after-free vulnerability in the JavaScript Doc.media.newPlayer method
- VU#228561: Microsoft Indeo video codecs contain multiple vulnerabilities
- VU#433821: DISA UNIX SRR scripts execute untrusted programs as root
- VU#568372: NTP mode 7 denial-of-service vulnerability
- MS09-069 - Important: Vulnerability in Local Security Authority Subsystem Service Could Allow Denial of Service (974392)
- MS09-070 - Important: Vulnerabilities in Active Directory Federation Services Could Allow Remote Code Execution (971726)
- MS09-071 - Critical: Vulnerabilities in Internet Authentication Service Could Allow Remote Code Execution (974318)
- MS09-072 - Critical: Cumulative Security Update for Internet Explorer (976325)
- MS09-073 - Important: Vulnerability in WordPad and Office Text Converters Could Allow Remote Code Execution (975539)
- MS09-074 - Critical: Vulnerability in Microsoft Office Project Could Allow Remote Code Execution (967183)
- VU#418861: BIND DNS Nameserver, DNSSEC validation Vulnerability
- VU#261869: Clientless SSL VPN products break web browser domain-based security models
- VU#515749: Microsoft Internet Explorer CSS style element vulnerability
- VU#723308: TCP may keep its offered receive window closed indefinitely (RFC 1122)
- VU#632633: Wyse Simple Imager (WSI) includes vulnerable versions of TFTPD32
- VU#120541: SSL and TLS protocols renegotiation vulnerability
- MS09-067 - Important: Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (972652)
- MS09-068 - Important: Vulnerability in Microsoft Office Word Could Allow Remote Code Execution (976307)
- VU#257117: Adobe Acrobat and Reader contain vulnerabilities in multiple Document Object JavaScript methods
- VU#654545: Wyse Device Manager (WDM) HServer and HAgent contain multiple vulnerabilities
- VU#676492: Wireshark Endace ERF unsigned integer wrap vulnerability
- VU#180065: Nginx ngx_http_parse_complex_uri() buffer underflow vulnerability
- VU#135940: Windows SMB version 2 vulnerability
- VU#336053: Cyrus IMAPd buffer overflow vulnerability
- VU#444513: VMware VMnc AVI video codec image height heap overflow
- TA09-314A: Microsoft Updates for Multiple Vulnerabilities
- TA09-342A: Microsoft Updates for Multiple Vulnerabilities
- TA09-343A: Adobe Flash Vulnerabilities Affect Flash Player and Adobe AIR
- TA10-012A: Oracle Updates for Multiple Vulnerabilities
- TA10-012B: Microsoft Windows EOT Font and Adobe Flash Player 6 Vulnerabilities
- TA10-013A: Adobe Reader and Acrobat Vulnerabilities
- TA10-021A: Microsoft Internet Explorer Vulnerabilities
- TA10-040A: Microsoft Updates for Multiple Vulnerabilities
- TA10-055A: Malicious Activity Associated with "Aurora" Internet Explorer Exploit
- TA10-068A: Microsoft Updates for Multiple Vulnerabilities
- More rss feeds from SecurityFocus
- Bugtraq: Secunia Research: XnView DICOM Parsing Integer Overflow Vulnerability
- Bugtraq: [SECURITY] [DSA-2010-1] New kvm packages fix several vulnerabilities
- Bugtraq: [ MDVSA-2010:059 ] virtualbox
- Bugtraq: [USN-908-1] Apache vulnerabilities
- Windows Movie Maker Buffer Overflow Lets Remote Users Cause Arbitrary Code to Be Executed
- Microsoft Office Excel Bugs Let Remote Users Execute Arbitrary Code
- Microsoft Internet Explorer Invalid Pointer Reference Lets Remote Users Execute Arbitrary Code
- Samba Access Control Flaw Lets Remote Authenticated Users Gain Elevated Privileges
- Apache mod_isapi Error Processing Flaw May Let Remote Users Deny Service
exploit archives
- Winplot (.wp2 File) Local Buffer Overflow Exploit
- cP Creator 2.7.1 (Cookie tickets) Remote SQL Injection Exploit
- CMScontrol 7.x (index.php id_menu) SQL Injection Vulnerability
- ProdLer <= 2.0 (prodler.class.php sPath) RFI Vulnerability
- Loggix Project <= 9.4.5 Multiple Remote File Inclusion Vulnerabilities
- WX Guest Book 1.1.208 (SQL/XSS) Multiple Remote Vulnerabilities
- Snort < 2.8.5 Unified1 Output Denial of Service Exploit
- Joomla com_jinc (newsid) Blind SQL Injection Vulnerability
- Joomla com_mytube (user_id) Blind SQL Injection Exploit
- BigAnt Server <= 2.50 SP6 Local (ZIP File) Buffer Overflow PoC #2
- rivercms-sql.txt
- hydra-sqlxss.txt
- friendlytr69-sql.txt
- 60cyclecms-xss.txt
- campsite-xsrf.txt
- softbizjobsrecruitment-sql.txt
- httpdx-breaksvc.txt
- ispcp-rfi.txt
- notepadpoc.zip
- anantasoft-xsrf.txt
Bugtraq - mailing list
- Friendly-Tech FriendlyTR69 CPE Remote Management V2.8.9 SQL Injection Vulnerability
- CVE-2010-0624: Heap-based buffer overflow in GNU Tar and GNU Cpio
- [SECURITY] [DSA-2010-1] New kvm packages fix several vulnerabilities
- [SECURITY] [DSA 2009-1] New tdiary packages fix cross-site scripting
- [USN-908-1] Apache vulnerabilities
- Secunia Research: XnView DICOM Parsing Integer Overflow Vulnerability
- [ MDVSA-2010:059 ] virtualbox
- iDefense Security Advisory 03.09.10: Microsoft Excel MDXSET Record Heap Overflow Vulnerability
- Secunia Research: Employee Timeclock Software Backup Information Disclosure
- iDefense Security Advisory 03.09.10: Microsoft Excel MDXTUPLE Record Heap Overflow Vulnerability
- iDefense Security Advisory 03.09.10: Microsoft Excel Sheet Object Type Confusion Vulnerability
- [ MDVSA-2010:058 ] php
- Vulnerabilities in Hydra Engine
- VUPEN Security Research - Microsoft Office Excel Record Processing Code Execution Vulnerability
- Secunia Research: Employee Timeclock Software "mysqldump" Password Disclosure
Full Disclosure - mailing list
- Re: Mozilla Firefox 3.6 plenitude String Crash(0day) Exploit
- [ MDVSA-2010:060 ] squid
- Re: New Internet Explorer code-execution
- Re: GeoIPgen version 0.4 released - country-to-IPs generator
- Multiple vulnerabilities in SUPERAntiSpyware and Super Ad Blocker
- Re: GeoIPgen version 0.4 released - country-to-IPs generator
- [USN-908-1] Apache vulnerabilities
- [ MDVSA-2010:059 ] virtualbox
- credit union phishing scam
- New Internet Explorer code-execution
- Re: Mozilla Firefox 3.6 plenitude String Crash(0day) Exploit
- Secunia Research: Employee Timeclock Software "mysqldump" Password Disclosure
- Secunia Research: Employee Timeclock Software SQL Injection Vulnerabilities
- Secunia Research: Employee Timeclock Software Backup Information Disclosure
- CVE-2010-0624: Heap-based buffer overflow in GNU Tar and GNU Cpio
Mirko Iodice
mirko -at- notageek (.dot) it
