Product: Windows Live Messenger 2009 (Build 14.0.8089.726) ****************************** Vulnerability: ActiveX - Denial of Service ****************************** Discussion: Vulnerability is in Activex Control(msgsc.14.0.8089.726. Sending a string to ViewProfile() , cause a crash on msnmsgr.exe *must be signed in Msn Messenger account for triggerin the vulnerability. ****************************** Vulnerable: Windows Live Messenger 2009 on Windows Vista Windows Live Messenger 2009 on Windows 7 Not Vulnerable: Windows Live Messenger 2009 on Windows XP Credits: HACKATTACK IT SECURITY GmbH Penetration Testing in Deutschland - Österreich - Schweiz ... Read more » |
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201001-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: NTP: Denial of Service Date: January 03, 2010 Bugs: #290881 ID: 201001-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A Denial of Service condition in ntpd can cause excessi ... Read more » |
DeepToad can generate signatures, clusterize files and/or directories
and compare them. It's inspired in the very good tool ssdeep [1] and, in fact, both projects are very similar. The complete project is written in pure python and is distributed under the LGPL license [2]. Links: Project's Web Page http://code.google.com/p/ Download Web Page http://code.google.com/p/ Wiki http://code.google.com/p/ References: [1] http://ssdeep.sourceforge.net/ [2] http://www.gnu.org/licenses/ |
============================== Secunia Research 04/01/2010 - PDF-XChange Viewer Content Parsing Memory Corruption Vulnerability - ============================== Table of Contents Affected Software...................... Severity...................... Vendor's Description of Software...................... Description of Vulnerability................. Solution...................... Time Table......................... Credits....................... ... Read more » |
The Web Application Security Consortium (WASC) is pleased to announce the long awaited release of the WASC
Threat Classification v2.0. The Threat Classification is an effort to classify the weaknesses, and attacks that can lead to the compromise of a website, its data, or its users. This document's primarily purpose is to serve as a reference guide for common attacks and weaknesses. Main goals - Refine document scope, terminology, and purpose - Update existing sections when applicable - Add missing attacks and weaknesses - Creation of a firm, scalable base foundation allowing for the introduction of data views allowing for various forms of data representation - Addition of attack and weakness reference identifiers (WASC-<xx>) - Publication of two data views WASC Threat Classification v2.0 Online http://projects.webappsec.org/ |
Intel just released updated drivers for their ethernet network adaptors,
see <http://downloadcenter.intel. and <http://downloadcenter.intel. for example. Unfortunately ALL these driver packages but contain an outdated and unsupported "Microsoft Visual C++ 2008 Runtime", repackaged as VC90_CRT_{x86,ia64,x64}.msi and violating Microsofts redistribution rules, which installs VULNERABLE runtime DLLs. See <http://support.microsof ... Read more » |
============================== Secunia Research 29/12/2009 - AproxEngine Multiple Vulnerabilities - ============================== Table of Contents Affected Software...................... Severity...................... Vendor's Description of Software...................... Description of Vulnerability................. Solution...................... Time Table......................... Credits....................... |
------------------------------ FreeWebshop.org: multiple vulnerabilities ------------------------------ Yorick Koster, March 2009 ------------------------------ Abstract ------------------------------ While doing a quick sweep over the code base of FreeWebshop.org (FWS) several vulnerabilities have been found in FWS. These vulnerabilities allow attackers to obtain arbitrary information from the webserver and database. It is even possible to execute arbitrary code with the privileges of FWS. In some cases it may even be possible to fully compromise the system on which FWS is installed. Most of these issues are related to the fact that FWS fully trusts the content of the cookies that it receives. ... Read more » |
XSS Vulnerability in JpGraph 3.0.6
Discovered by Martin Barbella <barbella@sas.upenn.edu> Description of Vulnerability: ----------------------------- JpGraph is an object oriented library for PHP that can be used to create various types of graphs which also contains support for client side image maps. The GetURLArguments function for the JpGraph's Graph class does not properly sanitize the names of get and post variables, leading to a cross site scripting vulnerability. Systems affected: ----------------- This has been confirmed in version 3.0.6 of JpGraph's free release. Previous versions and the professional versions may be affected as well. Impact: ------- When a user is tricked into clicking on a malicious link or submitting a specially crafted form, the injected code travels to the vulnerable web server, which reflects the att ... Read more » |
Hash: SHA1 - ------------------------------ Debian Security Advisory DSA-1962 security@debian.org http://www.debian.org/ December 23, 2009 http://www.debian.org/ - ------------------------------ Package : kvm Vulnerability : several vulnerabilities Problem type : local Debian-specific: no Debian bugs : 557739 562075 562076 CVE Ids &nb ... Read more » |