NIST is preparing the fourth Static Analysis Tool Expostion (SATE IV).
Briefly, participating tool makers run their tool on a set of programs.
Researchers led by NIST analyze the tool reports. The results and experiences
are reported at a workshop. The tool reports and analysis are made
German ISP 'Alice' has been shipping custom embedded devices (DSL
modems/routers etc.) for the past few years. Their first self-branded
DSL modem, Alice Modem , using firmware version 4.19, is prone to at
least the following two security vulnerabilities (after it has passed
initial
Advisory: Persistent Cross Site Scripting Vulnerability in Oracle I-Recruitment
File Uploading Module- E-Business Suite
CVE-2010-2404
Version Affected - 11.5.10.2, 12.0.6, 12.1.3
About: Oracle I-Recruitment Suite
Oracle iRecruitment is a web based full-cycle recruiting solution that
gives
Hello All,
As you know, we recently released the July issue with Metasploit as the theme
(http://chmag.in/issue/jul2011).
And ClubHack Mag is seeking submissions for next issue, Issue19-August 2011.
Topics of interest include, but not limited to:-
Mobile (Cellular), VOIP Exploitation and
Vulnerability ID: HTB23026
Reference:
http://www.htbridge.ch/advisory/paltalk_messenger_activex_control_multiple_insecure_methods.html
Product: Paltalk Messenger
Vendor: Paltalk ( http://www.paltalk.com )
Vulnerable Version: 10.0 and probably prior
Tested on: 10.0
Vendor Notification: 22 June
Name: Torque Server Buffer Overflow Vulnerability
Author:Adam Zabrocki (p...@itsec.pl)
Bartlomiej Balcerek (bar...@pwr.wroc.pl)
Maciej Kotowicz
(maciej.kotow...@pwr.wroc.pl)
Date:
This appears to be a duplicate of bug 5374[1], originally reported by Alexander
Koeppe. It was fixed in Wireshark 1.4.2, which was released on November 19,
2010. I can reproduce the problem here with Wireshark 1.4.0 and 1.4.1 but not
Wireshark 1.4.2 or the current 1.4 code.
[1]
OK, you know the drill... We have monthly meetings. This is one of them.
Be there!
What:
Shaun Colley - Jumping the guard page for fun and profit
Stack overflows, generally due to recursion, have long been brushed
aside as 'not exploitable..DoS only'. This isn't true - stack overflows
On 13/07/11 18:47, Major Malfunction wrote:
When:
Tuesday 25th January 2011
OMG I'm a f*kwit (again).
I meant Tuesday 19th July 2011, obviously!!!
cheers,
MM
--
In DEFCON, we have no names... errr... well, we do... but silly ones...
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2011-2526: Apache Tomcat Information disclosure and availability
vulnerabilities
Severity: low
Vendor:
The Apache Software Foundation
Versions Affected:
Tomcat 7.0.0 to 7.0.18
Tomcat 6.0.0 to 6.0.32
Tomcat 5.5.0 to 5.0.33
#2011-001 Chyrp input sanitization errors
Description:
The Chyrp framework, an open source blogging engine, suffers from cross-site
scripting (XSS) and local file inclusion (LFI) vulnerabilities.
Insufficient input sanitization on the parameters passed to pages related to
administration
iDefense Security Advisory 07.14.11
http://labs.idefense.com/intelligence/vulnerabilities/
Jul 14, 2011
I. BACKGROUND
Citrix's Access Gateway solution provides remote access to customers via
the Web browser. This is accomplished through the use of an ActiveX
control that enables an SSL based
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[slackware-security] mozilla-firefox (SSA:2011-195-02)
New mozilla-firefox packages are available for Slackware 13.0 and 13.1 to
fix security issues.
Here are the details from the Slackware 13.1 ChangeLog:
+--+
13 matches
Mail list logo