rmccurdy.com mashup of security feeds HUGE Pipes Output http://pipes.yahoo.com/pipes/pipe.info?_id=5f1dcd4397142867d586ae88e192f796 Wed, 08 Sep 2010 07:01:02 -0700 http://pipes.yahoo.com/pipes/ i dont know security http://seclists.org/fulldisclosure/2010/Sep/106 http://seclists.org/fulldisclosure/2010/Sep/106 Wed, 08 Sep 2010 06:05:52 -0700 exploitdb: [dos] - FreeBSD 8.1/7.3 vm.pmap Kernel Local Race Condition: http://bit.ly/9RZj35 http://twitter.com/exploitdb/statuses/23907621736 http://twitter.com/exploitdb/statuses/23907621736 Wed, 08 Sep 2010 04:59:21 -0700 Parental Fears vs. Realities http://www.schneier.com/blog/archives/2010/09/parental_fears.html http://www.schneier.com/blog/archives/2010/09/parental_fears.html Wed, 08 Sep 2010 04:06:39 -0700 NSA Director says citizens' privacy will never be compromised http://feedproxy.google.com/~r/HelpNetSecurity/~3/OOYVMayL764/secworld.php Wed, 08 Sep 2010 03:47:09 -0700 [SECURITY] [DSA-2105-1] New freetype packages fix several vulnerabilities http://seclists.org/fulldisclosure/2010/Sep/103 http://seclists.org/fulldisclosure/2010/Sep/103 Wed, 08 Sep 2010 03:20:08 -0700 [SECURITY] [DSA 2098-2] New typo3-src packages fix regression http://seclists.org/fulldisclosure/2010/Sep/102 http://seclists.org/fulldisclosure/2010/Sep/102 Wed, 08 Sep 2010 03:18:44 -0700 FreeBSD 8.1/7.3 vm.pmap kernel local race condition http://seclists.org/fulldisclosure/2010/Sep/101 http://seclists.org/fulldisclosure/2010/Sep/101 Wed, 08 Sep 2010 03:17:27 -0700 exploitdb: [papers] - MOAUB #8 – Sirang Web-Based D-Control Multiple Remote Vulnerabilities - 0 day: http://bit.ly/bzUKcg http://twitter.com/exploitdb/statuses/23901100204 http://twitter.com/exploitdb/statuses/23901100204 Wed, 08 Sep 2010 02:57:05 -0700 exploitdb: [papers] - MOAUB #8 - Microsoft Office Visio DXF File Stack based Overflow - Binary Analysis: http://bit.ly/aHfnti http://twitter.com/exploitdb/statuses/23901099825 http://twitter.com/exploitdb/statuses/23901099825 Wed, 08 Sep 2010 02:57:04 -0700 Microsoft Investigates IE CSS Cross-Origin Theft Vulnerability http://www.darknet.org.uk/2010/09/microsoft-investigate-ie-css-cross-origin-theft-vulnerability/ http://www.darknet.org.uk/?p=2946 Wed, 08 Sep 2010 02:53:41 -0700
Read the full post at darknet.org.uk


]]> exploitdb: [local] - MOAUB #8 - Microsoft Office Visio DXF File Stack based Overflow - [CVE: 2010-1681]: http://bit.ly/anl9r3 http://twitter.com/exploitdb/statuses/23899658441 http://twitter.com/exploitdb/statuses/23899658441 Wed, 08 Sep 2010 02:26:40 -0700 exploitdb: [webapps] - MOAUB #8 - Sirang Web-Based D-Control Multiple Remote Vulnerabilities: http://bit.ly/9VlxnO http://twitter.com/exploitdb/statuses/23899658591 http://twitter.com/exploitdb/statuses/23899658591 Wed, 08 Sep 2010 02:26:40 -0700 International variations in online threat perception http://feedproxy.google.com/~r/HelpNetSecurity/~3/t4aM-2qq5qc/secworld.php Wed, 08 Sep 2010 02:12:21 -0700 ClanSphere "index.php" SQL Injection and Cross Site Scripting Vulnerabilities http://www.net-security.org/vuln.php?id=13870 Wed, 08 Sep 2010 02:04:54 -0700 Nagios XI "users.php" SQL Injection http://www.net-security.org/vuln.php?id=13869 Wed, 08 Sep 2010 02:04:25 -0700 MODx Evolution "editor.php" Cross-Site Scripting http://www.net-security.org/vuln.php?id=13868 Wed, 08 Sep 2010 02:03:58 -0700 HP OpenView Network Node Manager Unspecified Remote Code Execution http://www.net-security.org/vuln.php?id=13867 Wed, 08 Sep 2010 02:03:30 -0700 Quagga bgpd Route-Refresh Message Stack Buffer Overflow http://www.net-security.org/vuln.php?id=13866 Wed, 08 Sep 2010 02:03:01 -0700 Fedora SSSD LDAP Unauthenticated Bind Security Bypass http://www.net-security.org/vuln.php?id=13865 Wed, 08 Sep 2010 02:02:36 -0700 Mereo "GET" Request Remote Buffer Overflow http://www.net-security.org/vuln.php?id=13864 Wed, 08 Sep 2010 02:02:02 -0700 Apple Safari "webkit.dll" Invalid SGV Text Style Denial of Service http://www.net-security.org/vuln.php?id=13863 Wed, 08 Sep 2010 02:01:33 -0700 Bloodshed Dev-C++ Multiple EXE Loading Arbitrary Code Execution http://www.net-security.org/vuln.php?id=13862 Wed, 08 Sep 2010 02:00:58 -0700 Trend Micro Internet Security Pro ActiveX Control Remote Code Execution http://www.net-security.org/vuln.php?id=13861 Wed, 08 Sep 2010 02:00:16 -0700 The emotional impact of cybercrime http://feedproxy.google.com/~r/HelpNetSecurity/~3/mCFFYvfcTVQ/secworld.php Wed, 08 Sep 2010 02:00:05 -0700 Safari 5.0.2 addresses three vulnerabilities http://feedproxy.google.com/~r/HelpNetSecurity/~3/5Bd-w_kazkw/secworld.php Wed, 08 Sep 2010 01:12:35 -0700 Released DllHijackAuditor v2 with New Debugger based Interception Engine http://seclists.org/webappsec/2010/q3/46 http://seclists.org/webappsec/2010/q3/46 Wed, 08 Sep 2010 00:52:33 -0700 How black hat spam SEO works http://feedproxy.google.com/~r/HelpNetSecurity/~3/hrdhSNvQhwE/secworld.php Wed, 08 Sep 2010 00:45:42 -0700 Firefox 3.6.9 fixes numerous security issues http://feedproxy.google.com/~r/HelpNetSecurity/~3/4q-Nlf9IETY/secworld.php Wed, 08 Sep 2010 00:42:49 -0700 Vuln: Oracle Java SE and Java for Business CVE-2010-0094 Remote Java Runtime Environment Vulnerability http://www.securityfocus.com/bid/39075 Wed, 08 Sep 2010 00:00:00 -0700 Vuln: FreeType BDF Font File Parsing Remote Denial of Service Vulnerability http://www.securityfocus.com/bid/42624 Wed, 08 Sep 2010 00:00:00 -0700 Vuln: FreeType Stack Buffer Overflow and Memory Corruption Vulnerabilities http://www.securityfocus.com/bid/42285 Wed, 08 Sep 2010 00:00:00 -0700 Vuln: FreeType Compact Font Format (CFF) Multiple Stack Based Buffer Overflow Vulnerabilities http://www.securityfocus.com/bid/42241 Wed, 08 Sep 2010 00:00:00 -0700 [dos] - FreeBSD 8.1/7.3 vm.pmap Kernel Local Race Condition http://www.exploit-db.com/exploits/14947 Maksymilian Arciemowicz 14947 Tue, 07 Sep 2010 23:43:34 -0700 i dont know security http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/75704 Tue, 07 Sep 2010 21:43:14 -0700 [papers] - MOAUB #8 - Microsoft Office Visio DXF File Stack based Overflow - Binary Analysis http://www.exploit-db.com/download_pdf/14946 Abysssec 14946 Tue, 07 Sep 2010 21:28:21 -0700 [papers] - MOAUB #8 – Sirang Web-Based D-Control Multiple Remote Vulnerabilities - 0 day http://www.exploit-db.com/download_pdf/14945 Abysssec 14945 Tue, 07 Sep 2010 21:27:23 -0700 [remote] - MOAUB #8 - Microsoft Office Visio DXF File Stack based Overflow - [CVE: 2010-1681] http://www.exploit-db.com/exploits/14944 Abysssec 14944 Tue, 07 Sep 2010 21:09:37 -0700 [webapps] - MOAUB #8 - Sirang Web-Based D-Control Multiple Remote Vulnerabilities http://www.exploit-db.com/exploits/14943 Abysssec 14943 Tue, 07 Sep 2010 21:05:59 -0700 NYU Poly CSAW CTF http://seclists.org/webappsec/2010/q3/45 http://seclists.org/webappsec/2010/q3/45 Tue, 07 Sep 2010 19:41:31 -0700 exploitdb: [webapps] - 1024 CMS 2.1.1 Blind SQL Injection Vulnerability: http://bit.ly/cnckfS http://twitter.com/exploitdb/statuses/23867987214 http://twitter.com/exploitdb/statuses/23867987214 Tue, 07 Sep 2010 17:48:33 -0700 exploitdb: [remote] - Integard Home and Pro v2 Remote HTTP Buffer Overflow Exploit: http://bit.ly/95d4Gn http://twitter.com/exploitdb/statuses/23867987595 http://twitter.com/exploitdb/statuses/23867987595 Tue, 07 Sep 2010 17:48:33 -0700 Released DllHijackAuditor v2 with New Debugger based Interception Engine http://seclists.org/pen-test/2010/Sep/13 http://seclists.org/pen-test/2010/Sep/13 Tue, 07 Sep 2010 17:10:53 -0700 Pentest Criteria http://seclists.org/pen-test/2010/Sep/12 http://seclists.org/pen-test/2010/Sep/12 Tue, 07 Sep 2010 17:03:43 -0700 WAF Testing..suggestions?? http://seclists.org/pen-test/2010/Sep/11 http://seclists.org/pen-test/2010/Sep/11 Tue, 07 Sep 2010 16:45:38 -0700 [SECURITY] [DSA-2105-1] New freetype packages fix several vulnerabilities http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/75708 Tue, 07 Sep 2010 14:39:32 -0700 [ GLSA 201009-06 ] Clam AntiVirus: Multiple vulnerabilities http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/75702 Tue, 07 Sep 2010 13:23:49 -0700 [ GLSA 201009-05 ] Adobe Reader: Multiple vulnerabilities http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/75701 Tue, 07 Sep 2010 13:15:27 -0700 [ GLSA 201009-04 ] SARG: User-assisted execution of arbitrary code http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/75700 Tue, 07 Sep 2010 13:13:56 -0700 [SECURITY] [DSA 2098-2] New typo3-src packages fix regression http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/75707 Tue, 07 Sep 2010 12:45:57 -0700 [USN-984-1] LFTP vulnerability http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/75699 Tue, 07 Sep 2010 12:40:33 -0700 [ GLSA 201009-06 ] Clam AntiVirus: Multiple vulnerabilities http://seclists.org/fulldisclosure/2010/Sep/97 http://seclists.org/fulldisclosure/2010/Sep/97 Tue, 07 Sep 2010 12:30:22 -0700 [ GLSA 201009-05 ] Adobe Reader: Multiple vulnerabilities http://seclists.org/fulldisclosure/2010/Sep/96 http://seclists.org/fulldisclosure/2010/Sep/96 Tue, 07 Sep 2010 12:25:24 -0700 [ GLSA 201009-04 ] SARG: User-assisted execution of arbitrary code http://seclists.org/fulldisclosure/2010/Sep/95 http://seclists.org/fulldisclosure/2010/Sep/95 Tue, 07 Sep 2010 12:20:23 -0700 FreeBSD 8.1/7.3 vm.pmap kernel local race condition http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/75706 Tue, 07 Sep 2010 12:01:34 -0700 exploitdb: [dos] - Internet Download Accelerator 5.8 Remote Buffer Overflow PoC: http://bit.ly/dvJfM4 http://twitter.com/exploitdb/statuses/23259731774 http://twitter.com/exploitdb/statuses/23259731774 Tue, 07 Sep 2010 11:16:35 -0700 exploitdb: [dos] - QQPlayer 2.3.696.400p1(.wav) Denial of Service Vulnerability: http://bit.ly/aMyVoo http://twitter.com/exploitdb/statuses/23259732111 http://twitter.com/exploitdb/statuses/23259732111 Tue, 07 Sep 2010 11:16:35 -0700 Security problems in Zenphoto version 1.3 http://seclists.org/bugtraq/2010/Sep/41 http://seclists.org/bugtraq/2010/Sep/41 Tue, 07 Sep 2010 10:14:51 -0700 [webapps] - 1024 CMS 2.1.1 Blind SQL Injection Vulnerability http://www.exploit-db.com/exploits/14942 Stephan Sattler 14942 Tue, 07 Sep 2010 10:10:19 -0700 exploitdb: [webapps] - ColdBookmarks 1.22 SQL Injection Vulnerability: http://bit.ly/beYhpu http://twitter.com/exploitdb/statuses/23253148289 http://twitter.com/exploitdb/statuses/23253148289 Tue, 07 Sep 2010 09:46:06 -0700 exploitdb: [webapps] - ColdUserGroup 1.06 Blind SQL Injection Exploit: http://bit.ly/9MseJy http://twitter.com/exploitdb/statuses/23253147524 http://twitter.com/exploitdb/statuses/23253147524 Tue, 07 Sep 2010 09:46:05 -0700 exploitdb: [webapps] - ColdOfficeView 2.04 Multiple Blind SQL Injection Vulnerabilities: http://bit.ly/an68vF http://twitter.com/exploitdb/statuses/23253147869 http://twitter.com/exploitdb/statuses/23253147869 Tue, 07 Sep 2010 09:46:05 -0700 exploitdb: [webapps] - ColdCalendar 2.06 SQL Injection Exploit: http://bit.ly/b8CuFa http://twitter.com/exploitdb/statuses/23250802846 http://twitter.com/exploitdb/statuses/23250802846 Tue, 07 Sep 2010 09:16:36 -0700 [USN-983-1] Sudo vulnerability http://seclists.org/bugtraq/2010/Sep/40 http://seclists.org/bugtraq/2010/Sep/40 Tue, 07 Sep 2010 09:12:57 -0700 [ MDVSA-2010:171 ] lvm2 http://seclists.org/bugtraq/2010/Sep/39 http://seclists.org/bugtraq/2010/Sep/39 Tue, 07 Sep 2010 09:09:22 -0700 The Zed Attack Proxy (ZAP) version 1.0.0 http://seclists.org/bugtraq/2010/Sep/38 http://seclists.org/bugtraq/2010/Sep/38 Tue, 07 Sep 2010 09:01:24 -0700 [SECURITY] [DSA-2103-1] New smbind packages fix sql injection http://seclists.org/bugtraq/2010/Sep/37 http://seclists.org/bugtraq/2010/Sep/37 Tue, 07 Sep 2010 09:00:21 -0700 [ GLSA 201009-03 ] sudo: Privilege Escalation http://seclists.org/bugtraq/2010/Sep/36 http://seclists.org/bugtraq/2010/Sep/36 Tue, 07 Sep 2010 08:51:47 -0700 H2HC São Paulo - Capture the Captcha http://seclists.org/bugtraq/2010/Sep/35 http://seclists.org/bugtraq/2010/Sep/35 Tue, 07 Sep 2010 08:48:01 -0700 XSS in Horde Application Framework <=3.3.8, icon_browser.php http://seclists.org/bugtraq/2010/Sep/34 http://seclists.org/bugtraq/2010/Sep/34 Tue, 07 Sep 2010 08:42:59 -0700 Call for Papers H2HC Cancun/Mexico and H2HC Sao Paulo/Brazil http://seclists.org/bugtraq/2010/Sep/33 http://seclists.org/bugtraq/2010/Sep/33 Tue, 07 Sep 2010 08:37:07 -0700 [remote] - Integard Home and Pro v2 Remote HTTP Buffer Overflow Exploit http://www.exploit-db.com/exploits/14941 Lincoln, Nullthreat, rick2600 14941 Tue, 07 Sep 2010 08:31:45 -0700 nmap <= 5.21 is vulnerable to Windows DLL Hijacking Vulnerability. http://seclists.org/bugtraq/2010/Sep/32 http://seclists.org/bugtraq/2010/Sep/32 Tue, 07 Sep 2010 08:27:40 -0700 [TEHTRI-Security Training + 0days] "Hunting Web Attackers" at HITBSecConf http://seclists.org/bugtraq/2010/Sep/31 http://seclists.org/bugtraq/2010/Sep/31 Tue, 07 Sep 2010 08:20:27 -0700 Joomla Component Clantools version 1.5 Blind SQL Injection Vulnerability http://seclists.org/bugtraq/2010/Sep/30 http://seclists.org/bugtraq/2010/Sep/30 Tue, 07 Sep 2010 08:16:21 -0700 [SECURITY] [DSA-2104-1] New quagga packages fix denial of service http://seclists.org/bugtraq/2010/Sep/28 http://seclists.org/bugtraq/2010/Sep/28 Tue, 07 Sep 2010 08:11:52 -0700 Joomla Component Clantools version 1.2.3 Multiple Blind SQL Injection Vulnerabilities http://seclists.org/bugtraq/2010/Sep/27 http://seclists.org/bugtraq/2010/Sep/27 Tue, 07 Sep 2010 08:04:45 -0700 exploitdb: [webapps] - Java Bridge v. 5.5 Directory Traversal Vulnerability: http://bit.ly/bKPYK3 http://twitter.com/exploitdb/statuses/23241658366 http://twitter.com/exploitdb/statuses/23241658366 Tue, 07 Sep 2010 07:29:15 -0700 Facebook survey spam worm spreads like fire http://feedproxy.google.com/~r/HelpNetSecurity/~3/Vt79Qy-pyL8/malware_news.php Tue, 07 Sep 2010 07:16:39 -0700 Phishers exploit HMRC tax error refund http://feedproxy.google.com/~r/HelpNetSecurity/~3/J5tuBDXWpaM/secworld.php Tue, 07 Sep 2010 07:10:03 -0700 Sourcefire integrates with Qualys http://feedproxy.google.com/~r/HelpNetSecurity/~3/KebIkVbvkoI/secworld.php Tue, 07 Sep 2010 06:21:57 -0700 [TEHTRI-Security Training + 0days] "Hunting Web Attackers" at HITBSecConf http://seclists.org/fulldisclosure/2010/Sep/92 http://seclists.org/fulldisclosure/2010/Sep/92 Tue, 07 Sep 2010 06:18:39 -0700 Behind the scenes and inside workings of a CERT http://feedproxy.google.com/~r/HelpNetSecurity/~3/acZZqz5KvOA/article.php Tue, 07 Sep 2010 06:15:30 -0700 [dos] - Internet Download Accelerator 5.8 Remote Buffer Overflow PoC http://www.exploit-db.com/exploits/14938 eidelweiss 14938 Tue, 07 Sep 2010 05:51:14 -0700 [dos] - QQPlayer 2.3.696.400p1 (.wav) Denial of Service Vulnerability http://www.exploit-db.com/exploits/14937 hadji samir 14937 Tue, 07 Sep 2010 05:35:04 -0700 Consumerization and Corporate IT Security http://www.schneier.com/blog/archives/2010/09/consumerization.html http://www.schneier.com/blog/archives/2010/09/consumerization.html Tue, 07 Sep 2010 05:25:10 -0700 AuthenTec and UPEK to merge http://feedproxy.google.com/~r/HelpNetSecurity/~3/RNvVVeLpdtw/secworld.php Tue, 07 Sep 2010 04:22:46 -0700 [webapps] - ColdUserGroup 1.06 Blind SQL Injection Exploit http://www.exploit-db.com/exploits/14935 mr_me 14935 Tue, 07 Sep 2010 04:02:30 -0700 [webapps] - ColdOfficeView 2.04 Multiple Blind SQL Injection Vulnerabilities http://www.exploit-db.com/exploits/14934 mr_me 14934 Tue, 07 Sep 2010 04:00:26 -0700 [webapps] - ColdBookmarks 1.22 SQL Injection Vulnerability http://www.exploit-db.com/exploits/14933 mr_me 14933 Tue, 07 Sep 2010 03:58:24 -0700 [webapps] - ColdCalendar 2.06 SQL Injection Exploit http://www.exploit-db.com/exploits/14932 mr_me 14932 Tue, 07 Sep 2010 03:53:52 -0700 exploitdb: [papers] - MOAUB #7 - Novell Netware NWFTPD RMD/RNFR/DELE Argument Parsing Buffer overflow: http://bit.ly/c2Rjrf http://twitter.com/exploitdb/statuses/23227144928 http://twitter.com/exploitdb/statuses/23227144928 Tue, 07 Sep 2010 03:51:59 -0700 exploitdb: [papers] - MOAUB #7 - DynPage http://bit.ly/9llmEL http://twitter.com/exploitdb/statuses/23227145099 http://twitter.com/exploitdb/statuses/23227145099 Tue, 07 Sep 2010 03:51:59 -0700 Twitter XSS vulnerability exploited in the wild http://feedproxy.google.com/~r/HelpNetSecurity/~3/OmbPPTaT5VM/secworld.php Tue, 07 Sep 2010 03:24:32 -0700 exploitdb: [dos] - MOAUB #7 - Novell Netware NWFTPD RMD/RNFR/DELE Argument Parsing Buffer overflow: http://bit.ly/ccDn7n http://twitter.com/exploitdb/statuses/23225588742 http://twitter.com/exploitdb/statuses/23225588742 Tue, 07 Sep 2010 03:20:52 -0700 exploitdb: [webapps] - MOAUB #7 - DynPage http://bit.ly/bOls8N http://twitter.com/exploitdb/statuses/23225588873 http://twitter.com/exploitdb/statuses/23225588873 Tue, 07 Sep 2010 03:20:52 -0700 Corporate Identity Theft Used to Obtain Code Signing Certificate http://www.f-secure.com/weblog/archives/00002017.html http://www.f-secure.com/weblog/archives/00002017.html Tue, 07 Sep 2010 02:08:53 -0700 DLL Hijacking and Why Loading Libraries is Hard http://www.f-secure.com/weblog/archives/00002018.html http://www.f-secure.com/weblog/archives/00002018.html Tue, 07 Sep 2010 02:08:53 -0700 CPAlead Spam on YouTube http://www.f-secure.com/weblog/archives/00002019.html http://www.f-secure.com/weblog/archives/00002019.html Tue, 07 Sep 2010 02:08:53 -0700 Phishing Attempt Alert! http://www.f-secure.com/weblog/archives/00002020.html http://www.f-secure.com/weblog/archives/00002020.html Tue, 07 Sep 2010 02:08:53 -0700 When do 258 tweets equal nearly half a million dollars? http://www.f-secure.com/weblog/archives/00002021.html http://www.f-secure.com/weblog/archives/00002021.html Tue, 07 Sep 2010 02:08:53 -0700 Twitter Spam and the OAuthcalypse http://www.f-secure.com/weblog/archives/00002022.html http://www.f-secure.com/weblog/archives/00002022.html Tue, 07 Sep 2010 02:08:53 -0700 Fake Passports http://www.f-secure.com/weblog/archives/00002023.html http://www.f-secure.com/weblog/archives/00002023.html Tue, 07 Sep 2010 02:08:53 -0700 New Spam Worm on Facebook http://www.f-secure.com/weblog/archives/00002024.html http://www.f-secure.com/weblog/archives/00002024.html Tue, 07 Sep 2010 02:08:53 -0700 Facebook Spam Worm Links to "Mobile Entertainment" http://www.f-secure.com/weblog/archives/00002025.html http://www.f-secure.com/weblog/archives/00002025.html Tue, 07 Sep 2010 02:08:53 -0700 [webapps] - Java Bridge v. 5.5 Directory Traversal Vulnerability http://www.exploit-db.com/exploits/14931 Saxtor 14931 Tue, 07 Sep 2010 01:52:21 -0700 Arachni – Web Application Vulnerability Scanning Framework http://www.darknet.org.uk/2010/09/arachni-web-application-vulnerability-scanning-framework/ http://www.darknet.org.uk/?p=2942 Tue, 07 Sep 2010 00:29:23 -0700
Read the full post at darknet.org.uk


]]> exploitdb: [remote] - Weborf http://bit.ly/aHjUAc http://twitter.com/exploitdb/statuses/23217271550 http://twitter.com/exploitdb/statuses/23217271550 Tue, 07 Sep 2010 00:17:43 -0700 [papers] - MOAUB #7 - Novell Netware NWFTPD RMD/RNFR/DELE Argument Parsing Buffer overflow http://www.exploit-db.com/download_pdf/14930 Abysssec 14930 Mon, 06 Sep 2010 22:20:23 -0700 [papers] - MOAUB #7 - DynPage <= v1.0 Multiple Remote Vulnerabilities - 0day http://www.exploit-db.com/download_pdf/14929 Abysssec 14929 Mon, 06 Sep 2010 22:19:18 -0700 [dos] - MOAUB #7 - Novell Netware NWFTPD RMD/RNFR/DELE Argument Parsing Buffer overflow http://www.exploit-db.com/exploits/14928 Abysssec 14928 Mon, 06 Sep 2010 22:08:32 -0700 [webapps] - MOAUB #7 - DynPage <= v1.0 Multiple Remote Vulnerabilities - 0day http://www.exploit-db.com/exploits/14927 Abysssec 14927 Mon, 06 Sep 2010 22:03:34 -0700 exploitdb: [webapps] - HeffnerCMS Version 1.22 - Local File Inclusion Vulnerablitiy ( LFI ): http://bit.ly/al5VUN http://twitter.com/exploitdb/statuses/23202676114 http://twitter.com/exploitdb/statuses/23202676114 Mon, 06 Sep 2010 20:16:54 -0700 [remote] - Weborf <= 0.12.2 Directory Traversal Vulnerability http://www.exploit-db.com/exploits/14925 Rew 14925 Mon, 06 Sep 2010 18:59:33 -0700 Call for Papers H2HC Cancun/Mexico and H2HC Sao Paulo/Brazil http://seclists.org/dailydave/2010/q3/50 http://seclists.org/dailydave/2010/q3/50 Mon, 06 Sep 2010 17:16:29 -0700 [webapps] - Wordpress Events Manager Extended Plugin Persistent XSS Vulnerability http://www.exploit-db.com/exploits/14923 Craw 14923 Mon, 06 Sep 2010 13:25:37 -0700 [webapps] - Joomla Component Aardvertiser 2.1 Free Blind SQL Injection Vulnerability http://www.exploit-db.com/exploits/14922 Stephan Sattler 14922 Mon, 06 Sep 2010 13:23:26 -0700 TechCrunch Europe hacked, serving malware http://feedproxy.google.com/~r/HelpNetSecurity/~3/zf8dl2O3Lxg/malware_news.php Mon, 06 Sep 2010 10:55:39 -0700 [papers] - [Arabic] Paper Introduction What Is Sniffer http://www.exploit-db.com/download_pdf/14920 rOckHuntEr 14920 Mon, 06 Sep 2010 10:12:53 -0700 [papers] - [Arabic] Paper Introduction WireLess Work http://www.exploit-db.com/download_pdf/14921 rOckHuntEr 14921 Mon, 06 Sep 2010 10:12:32 -0700 TrueCrypt 7.0a released http://feedproxy.google.com/~r/HelpNetSecurity/~3/wYb1IZG7N_c/secworld.php Mon, 06 Sep 2010 08:03:32 -0700 Facebook scam: "10 Things Adults Never Tell Their Kids" http://feedproxy.google.com/~r/HelpNetSecurity/~3/mTmjFzOBCdI/secworld.php Mon, 06 Sep 2010 07:45:27 -0700 Terrorism Entrapment http://www.schneier.com/blog/archives/2010/09/terrorism_entra.html http://www.schneier.com/blog/archives/2010/09/terrorism_entra.html Mon, 06 Sep 2010 05:24:50 -0700 Google settles Buzz privacy violation lawsuit http://feedproxy.google.com/~r/HelpNetSecurity/~3/mev04W-yGfc/secworld.php Mon, 06 Sep 2010 05:13:10 -0700 Wireless car hacking due to poor security http://feedproxy.google.com/~r/HelpNetSecurity/~3/xeNJ2M6yT9E/secworld.php Mon, 06 Sep 2010 04:38:42 -0700 Every week 57,000 fake Web addresses try to infect users http://feedproxy.google.com/~r/HelpNetSecurity/~3/Vy2h8ssorU0/malware_news.php Mon, 06 Sep 2010 04:30:24 -0700 nCircle updates PCI scan service http://feedproxy.google.com/~r/HelpNetSecurity/~3/vGFAoYnZ6m0/secworld.php Mon, 06 Sep 2010 01:46:53 -0700 [webapps] - Micronetsoft RV Dealer Website SQL Injection Vulnerability http://www.exploit-db.com/exploits/14914 L0rd CrusAd3r 14914 Mon, 06 Sep 2010 00:52:09 -0700 [webapps] - Micronetsoft Rental Property Management Website SQL Injection Vulnerability http://www.exploit-db.com/exploits/14919 L0rd CrusAd3r 14919 Mon, 06 Sep 2010 00:44:12 -0700 Google Agrees To Pay $ 8.5 Million To Settle Buzz Class Action Lawsuit http://www.darknet.org.uk/2010/09/google-agrees-to-pay-8-5-million-to-settle-buzz-class-action-lawsuit/ http://www.darknet.org.uk/?p=2943 Mon, 06 Sep 2010 00:32:57 -0700
Read the full post at darknet.org.uk


]]> Arachni - Web Application Vulnerability Scanning Framework V0.1 is released http://www.professionalsecuritytesters.org/modules.php?name=News&file=article&sid=1214 1214@http://www.professionalsecuritytesters.org Sun, 05 Sep 2010 04:38:29 -0700 One Page to Share with Your Management http://taosecurity.blogspot.com/2010/09/one-page-to-share-with-your-management.html Richard Bejtlich tag:blogger.com,1999:blog-4088979.post-4963838240609070537 Sun, 05 Sep 2010 02:37:00 -0700 Arachni v0.1 released http://seclists.org/pen-test/2010/Sep/9 http://seclists.org/pen-test/2010/Sep/9 Sun, 05 Sep 2010 00:25:15 -0700 I am in need of good question writers http://www.professionalsecuritytesters.org/modules.php?name=News&file=article&sid=1213 1213@http://www.professionalsecuritytesters.org Fri, 03 Sep 2010 15:34:02 -0700 Cracking video is up http://seclists.org/dailydave/2010/q3/49 http://seclists.org/dailydave/2010/q3/49 Fri, 03 Sep 2010 17:32:39 -0700 Friday Squid Blogging: Squid Car http://www.schneier.com/blog/archives/2010/09/friday_squid_bl_245.html http://www.schneier.com/blog/archives/2010/09/friday_squid_bl_245.html Fri, 03 Sep 2010 14:58:03 -0700 ColdFusion Directory Traversal http://seclists.org/dailydave/2010/q3/48 http://seclists.org/dailydave/2010/q3/48 Fri, 03 Sep 2010 12:11:00 -0700 2nd. OWASP Ibero-American Web-Applications Security conference 2010 (IBWAS 10) http://www.professionalsecuritytesters.org/modules.php?name=News&file=article&sid=1212 1212@http://www.professionalsecuritytesters.org Fri, 03 Sep 2010 07:32:58 -0700 IBWAS10 http://seclists.org/pen-test/2010/Sep/8 http://seclists.org/pen-test/2010/Sep/8 Fri, 03 Sep 2010 11:13:20 -0700 Pentest Criteria http://seclists.org/pen-test/2010/Sep/5 http://seclists.org/pen-test/2010/Sep/5 Fri, 03 Sep 2010 10:51:48 -0700 Scammers using IM to deliver "IQ Test" spam http://feedproxy.google.com/~r/HelpNetSecurity/~3/YJB1VJiHZQc/secworld.php Fri, 03 Sep 2010 07:09:44 -0700 Automated vs. manual security http://feedproxy.google.com/~r/HelpNetSecurity/~3/Sr0R_jv7T7k/secworld.php Fri, 03 Sep 2010 06:53:06 -0700 Facebook boosts security by adding remote logout feature http://feedproxy.google.com/~r/HelpNetSecurity/~3/aeUB3JYY2iQ/secworld.php Fri, 03 Sep 2010 05:52:31 -0700 UAE Man-in-the-Middle Attack Against SSL http://www.schneier.com/blog/archives/2010/09/uae_man-in-the-.html http://www.schneier.com/blog/archives/2010/09/uae_man-in-the-.html Fri, 03 Sep 2010 04:27:05 -0700 Trojan attacks remain widespread http://feedproxy.google.com/~r/HelpNetSecurity/~3/KwjEjz4qBLc/malware_news.php Fri, 03 Sep 2010 03:54:37 -0700 Spammers attack Apple's Ping social network http://feedproxy.google.com/~r/HelpNetSecurity/~3/hp1t6kD4QdQ/secworld.php Fri, 03 Sep 2010 02:31:05 -0700 Malware Hash Checking Tool – Online & Offline Support http://www.darknet.org.uk/2010/09/malware-hash-checking-tool-online-offline-support/ http://www.darknet.org.uk/?p=2941 Fri, 03 Sep 2010 02:07:02 -0700
Read the full post at darknet.org.uk


]]> Labor Day phishing warning http://feedproxy.google.com/~r/HelpNetSecurity/~3/Wg15UXBfwGs/secworld.php Fri, 03 Sep 2010 01:17:16 -0700 SELinux, was X11 -> Root? (Qubes square rooted) http://seclists.org/dailydave/2010/q3/46 http://seclists.org/dailydave/2010/q3/46 Thu, 02 Sep 2010 14:50:18 -0700 Review of Hacking Exposed: Wireless, 2nd Ed Posted http://taosecurity.blogspot.com/2010/09/review-of-hacking-exposed-wireless-2nd.html Richard Bejtlich tag:blogger.com,1999:blog-4088979.post-7939599405453203824 Thu, 02 Sep 2010 10:28:00 -0700 Commission on Cybersecurity for the 44th Presidency and your right to cyber (security) http://seclists.org/dailydave/2010/q3/45 http://seclists.org/dailydave/2010/q3/45 Thu, 02 Sep 2010 14:01:57 -0700 Rooted CON 2011 - Call for Papers http://seclists.org/dailydave/2010/q3/43 http://seclists.org/dailydave/2010/q3/43 Thu, 02 Sep 2010 12:08:41 -0700 Successful Attack Against a Quantum Cryptography System http://www.schneier.com/blog/archives/2010/09/successful_atta.html http://www.schneier.com/blog/archives/2010/09/successful_atta.html Thu, 02 Sep 2010 11:46:00 -0700 User's opinions on malware infections revealed http://feedproxy.google.com/~r/HelpNetSecurity/~3/X-cfww3ZjRs/malware_news.php Thu, 02 Sep 2010 10:30:31 -0700 Google Code hosting malware-spreading project http://feedproxy.google.com/~r/HelpNetSecurity/~3/jRjftVUSN60/malware_news.php Thu, 02 Sep 2010 08:07:34 -0700 New NBISE Cyber Security Certifications will set HIGH BAR for Security Pros http://www.professionalsecuritytesters.org/modules.php?name=News&file=article&sid=1211 1211@http://www.professionalsecuritytesters.org Thu, 02 Sep 2010 03:20:22 -0700 Fake browser warnings lure victims to rogue AV solution http://feedproxy.google.com/~r/HelpNetSecurity/~3/veXuos6R458/malware_news.php Thu, 02 Sep 2010 06:12:29 -0700 Rescue of Chilean miners used as lure by banker Trojan http://feedproxy.google.com/~r/HelpNetSecurity/~3/aAVBEYaJfl0/malware_news.php Thu, 02 Sep 2010 05:42:17 -0700 Cyber-Offence is the New Cyber-Defense http://www.schneier.com/blog/archives/2010/09/cyber-offence_i.html http://www.schneier.com/blog/archives/2010/09/cyber-offence_i.html Thu, 02 Sep 2010 05:33:08 -0700 Deutsche Post Security Cup – Bug Bounty Contest http://www.darknet.org.uk/2010/09/deutsche-post-security-cup-bug-bounty-contest/ http://www.darknet.org.uk/?p=2939 Thu, 02 Sep 2010 03:43:03 -0700
Read the full post at darknet.org.uk


]]> Commission on Cybersecurity for the 44th Presidency and your right to cyber (security) http://seclists.org/dailydave/2010/q3/42 http://seclists.org/dailydave/2010/q3/42 Wed, 01 Sep 2010 17:13:42 -0700 Online Binary Planting Exposure Test http://seclists.org/webappsec/2010/q3/41 http://seclists.org/webappsec/2010/q3/41 Wed, 01 Sep 2010 17:06:57 -0700 VU#204055: Blackboard Transact database credentials disclosure http://www.kb.cert.org/vuls/id/204055 US-CERT http://www.kb.cert.org/vuls/id/204055 Wed, 01 Sep 2010 09:22:50 -0700 Wanted: Skein Hardware Help http://www.schneier.com/blog/archives/2010/09/wanted_skein_ha.html http://www.schneier.com/blog/archives/2010/09/wanted_skein_ha.html Wed, 01 Sep 2010 11:17:40 -0700 nullcon Goa dwitiya (2.0) Call For Papers http://seclists.org/pen-test/2010/Sep/1 http://seclists.org/pen-test/2010/Sep/1 Wed, 01 Sep 2010 10:11:16 -0700 SILICAU Lightning Demo (Wireless key cracking) http://seclists.org/dailydave/2010/q3/41 http://seclists.org/dailydave/2010/q3/41 Wed, 01 Sep 2010 09:34:24 -0700 nullcon GOA Dwitiya (2.0) The Jugaad (hacking) Conference http://www.professionalsecuritytesters.org/modules.php?name=News&file=article&sid=1209 1209@http://www.professionalsecuritytesters.org Wed, 01 Sep 2010 02:57:29 -0700 Commission on Cybersecurity for the 44th Presidency and your right to cyber (security) http://seclists.org/dailydave/2010/q3/37 http://seclists.org/dailydave/2010/q3/37 Wed, 01 Sep 2010 05:15:44 -0700 More Skein News http://www.schneier.com/blog/archives/2010/09/more_skein_news.html http://www.schneier.com/blog/archives/2010/09/more_skein_news.html Wed, 01 Sep 2010 04:01:50 -0700 Windows PowerShell DNS Server Blackhole Tool – Blacklist Domains http://www.darknet.org.uk/2010/09/windows-powershell-dns-server-blackhole-tool-blacklist-domains/ http://www.darknet.org.uk/?p=2940 Wed, 01 Sep 2010 01:40:54 -0700
Read the full post at darknet.org.uk


]]> Pentestn ASP website with tinymce http://seclists.org/pen-test/2010/Aug/76 http://seclists.org/pen-test/2010/Aug/76 Tue, 31 Aug 2010 19:07:55 -0700 Eavesdropping on Smart Homes with Distributed Wireless Sensors http://www.schneier.com/blog/archives/2010/08/eavesdropping_o_4.html http://www.schneier.com/blog/archives/2010/08/eavesdropping_o_4.html Tue, 31 Aug 2010 10:39:14 -0700 September issue of Hakin9 magazine: Mobile Malware – the new cyber threat http://www.professionalsecuritytesters.org/modules.php?name=News&file=article&sid=1208 1208@http://www.professionalsecuritytesters.org Tue, 31 Aug 2010 02:18:46 -0700 High School Teacher Assigns Movie-Plot Threat Contest Problem http://www.schneier.com/blog/archives/2010/08/high_school_tea.html http://www.schneier.com/blog/archives/2010/08/high_school_tea.html Tue, 31 Aug 2010 04:42:54 -0700 Misidentification and the Court System http://www.schneier.com/blog/archives/2010/08/misidentificati.html http://www.schneier.com/blog/archives/2010/08/misidentificati.html Mon, 30 Aug 2010 10:05:09 -0700 China Policy Could Shut Out Foreign Security Firms http://www.darknet.org.uk/2010/08/china-policy-could-shut-out-foreign-security-firms/ http://www.darknet.org.uk/?p=2938 Mon, 30 Aug 2010 03:53:52 -0700
Read the full post at darknet.org.uk


]]> New website announcement - www.itsecdb.com http://www.professionalsecuritytesters.org/modules.php?name=News&file=article&sid=1207 1207@http://www.professionalsecuritytesters.org Sun, 29 Aug 2010 15:02:45 -0700 GE Looking for Business Response Team Leader http://taosecurity.blogspot.com/2010/08/ge-looking-for-business-response-team.html Richard Bejtlich tag:blogger.com,1999:blog-4088979.post-6673938813439117605 Sun, 29 Aug 2010 02:44:00 -0700 FREE Cisco CCNP TSHOOT Webcast http://www.professionalsecuritytesters.org/modules.php?name=News&file=article&sid=1206 1206@http://www.professionalsecuritytesters.org Sun, 29 Aug 2010 02:29:36 -0700 A new advanced security certification from CompTIA -- Fill the survey http://www.professionalsecuritytesters.org/modules.php?name=News&file=article&sid=1205 1205@http://www.professionalsecuritytesters.org Fri, 27 Aug 2010 15:09:15 -0700 [HITB-Announce] HITB2010 SIGNINT Sessions http://seclists.org/webappsec/2010/q3/40 http://seclists.org/webappsec/2010/q3/40 Thu, 26 Aug 2010 07:52:05 -0700 WinAppDbg – Python Instrumentation Scripting/Debugging Tool For Windows http://www.darknet.org.uk/2010/08/winappdbg-python-instrumentation-scriptingdebugging-tool-for-windows/ http://www.darknet.org.uk/?p=2936 Thu, 26 Aug 2010 02:36:05 -0700
Read the full post at darknet.org.uk


]]> Released SpyBHORemover 2.5 http://seclists.org/webappsec/2010/q3/39 http://seclists.org/webappsec/2010/q3/39 Wed, 25 Aug 2010 23:04:15 -0700 VU#707943: Microsoft Windows based applications may insecurely load dynamic libraries http://www.kb.cert.org/vuls/id/707943 US-CERT http://www.kb.cert.org/vuls/id/707943 Wed, 25 Aug 2010 02:40:59 -0700 Windows Binary Planting DLL Preloading/Hijacking Bug http://www.darknet.org.uk/2010/08/windows-binary-planting-dll-preloadinghijacking-bug/ http://www.darknet.org.uk/?p=2935 Wed, 25 Aug 2010 02:05:43 -0700
Read the full post at darknet.org.uk


]]> t2′10 Challenge to be released 2010-08- 28 10:00 EEST http://seclists.org/webappsec/2010/q3/38 http://seclists.org/webappsec/2010/q3/38 Tue, 24 Aug 2010 21:34:34 -0700 VU#278785: DevonIT weak authentication and buffer overflow in /usr/bin/tm-console-bin http://www.kb.cert.org/vuls/id/278785 US-CERT http://www.kb.cert.org/vuls/id/278785 Tue, 24 Aug 2010 07:54:02 -0700 VU#644319: Ghostscript Heap Corruption in TrueType bytecode interpreter http://www.kb.cert.org/vuls/id/644319 US-CERT http://www.kb.cert.org/vuls/id/644319 Tue, 24 Aug 2010 02:51:09 -0700 Bejtlich on Silver Bullet Podcast http://taosecurity.blogspot.com/2010/08/bejtlich-on-silver-bullet-podcast.html Richard Bejtlich tag:blogger.com,1999:blog-4088979.post-6107924371642319688 Mon, 23 Aug 2010 14:52:00 -0700 Review of Least Privilege Security Posted http://taosecurity.blogspot.com/2010/08/review-of-least-privilege-security.html Richard Bejtlich tag:blogger.com,1999:blog-4088979.post-9213737828942457023 Mon, 23 Aug 2010 14:35:00 -0700 Bejtlich Teaching at Black Hat Abu Dhabi 2010 http://taosecurity.blogspot.com/2010/08/bejtlich-teaching-at-black-hat-abu.html Richard Bejtlich tag:blogger.com,1999:blog-4088979.post-5488737330479010615 Mon, 23 Aug 2010 00:33:00 -0700 DotDotPwn v1.0 – Directory Traversal Checker/Scanning Tool http://www.darknet.org.uk/2010/08/dotdotpwn-v1-0-directory-traversal-checkerscanning-tool/ http://www.darknet.org.uk/?p=2934 Mon, 23 Aug 2010 03:34:59 -0700
Read the full post at darknet.org.uk


]]> Review of IT Security Metrics Posted http://taosecurity.blogspot.com/2010/08/review-of-it-security-metrics-posted.html Richard Bejtlich tag:blogger.com,1999:blog-4088979.post-4015493552270101721 Sun, 22 Aug 2010 02:49:00 -0700 Review of Practical Lock Picking Posted http://taosecurity.blogspot.com/2010/08/review-of-practical-lock-picking-posted.html Richard Bejtlich tag:blogger.com,1999:blog-4088979.post-3563163019419622988 Sun, 22 Aug 2010 02:13:00 -0700 Consider Reading Network Flow Analysis http://taosecurity.blogspot.com/2010/08/consider-reading-network-flow-analysis.html Richard Bejtlich tag:blogger.com,1999:blog-4088979.post-7966721738447526931 Sat, 21 Aug 2010 01:42:00 -0700 [OWASP] APPSEC BRAZIL 2010 - REGISTRATIONS OPEN! http://seclists.org/webappsec/2010/q3/37 http://seclists.org/webappsec/2010/q3/37 Fri, 20 Aug 2010 22:41:23 -0700 Better Security Through Sacrificing Maidens http://seclists.org/webappsec/2010/q3/36 http://seclists.org/webappsec/2010/q3/36 Thu, 19 Aug 2010 21:58:07 -0700 Ruxcon 2010 Final Call For Papers http://seclists.org/webappsec/2010/q3/35 http://seclists.org/webappsec/2010/q3/35 Thu, 19 Aug 2010 21:46:36 -0700 VU#320233: Wyse ThinOS LPD service buffer overflow vulnerability http://www.kb.cert.org/vuls/id/320233 US-CERT http://www.kb.cert.org/vuls/id/320233 Mon, 16 Aug 2010 07:38:33 -0700 World's Worst Security Visualization? http://taosecurity.blogspot.com/2010/08/worlds-worst-security-visualization.html Richard Bejtlich tag:blogger.com,1999:blog-4088979.post-7162847758629585376 Mon, 16 Aug 2010 06:56:00 -0700 Do You Use Visualization in Production? http://taosecurity.blogspot.com/2010/08/do-you-use-visualization-in-production.html Richard Bejtlich tag:blogger.com,1999:blog-4088979.post-3055204351673381144 Mon, 16 Aug 2010 00:26:00 -0700 winAUTOPWN v2.3 Released http://seclists.org/webappsec/2010/q3/34 http://seclists.org/webappsec/2010/q3/34 Wed, 11 Aug 2010 17:46:31 -0700 VU#660993: Adobe Flash 10.1 ActionScript AVM1 ActionPush vulnerability http://www.kb.cert.org/vuls/id/660993 US-CERT http://www.kb.cert.org/vuls/id/660993 Tue, 10 Aug 2010 04:39:21 -0700 Review of Wireshark Network Analysis Posted http://taosecurity.blogspot.com/2010/08/review-of-wireshark-network-analysis.html Richard Bejtlich tag:blogger.com,1999:blog-4088979.post-3862304624116608995 Thu, 05 Aug 2010 10:24:00 -0700 VU#275247: FreeType 2 CFF font stack corruption vulnerability http://www.kb.cert.org/vuls/id/275247 US-CERT http://www.kb.cert.org/vuls/id/275247 Thu, 05 Aug 2010 02:48:33 -0700 VU#174089: Oracle Siebel Option Pack for IE ActiveX control memory initialization vulnerability http://www.kb.cert.org/vuls/id/174089 US-CERT http://www.kb.cert.org/vuls/id/174089 Thu, 05 Aug 2010 02:01:54 -0700 Hexcompare and Finding New Tools http://taosecurity.blogspot.com/2010/08/hexcompare-and-finding-new-tools.html Richard Bejtlich tag:blogger.com,1999:blog-4088979.post-1363787212802382626 Wed, 04 Aug 2010 08:23:00 -0700 VU#703189: Invensys Wonderware Archestra ConfigurationAccessComponent ActiveX control stack buffer overflow http://www.kb.cert.org/vuls/id/703189 US-CERT http://www.kb.cert.org/vuls/id/703189 Wed, 04 Aug 2010 06:04:54 -0700 Conti and Easterly on Cyber Warriors http://taosecurity.blogspot.com/2010/08/conti-and-easterly-on-cyber-warriors.html Richard Bejtlich tag:blogger.com,1999:blog-4088979.post-5995978725204439871 Wed, 04 Aug 2010 04:34:00 -0700 August 2010 Digital Forensics Magazine Published http://taosecurity.blogspot.com/2010/08/august-2010-digital-forensics-magazine.html Richard Bejtlich tag:blogger.com,1999:blog-4088979.post-8660322326815851823 Wed, 04 Aug 2010 04:14:00 -0700 July 2010 Hakin9 Magazine Published http://taosecurity.blogspot.com/2010/08/july-2010-hakin9-magazine-published.html Richard Bejtlich tag:blogger.com,1999:blog-4088979.post-8243396984843642942 Wed, 04 Aug 2010 04:04:00 -0700 Project Vigilant Is a Publicity Stunt http://taosecurity.blogspot.com/2010/08/project-vigilant-is-publicity-stunt.html Richard Bejtlich tag:blogger.com,1999:blog-4088979.post-7330841877166382248 Tue, 03 Aug 2010 06:37:00 -0700 VU#362332: Wind River Systems VxWorks debug service enabled by default http://www.kb.cert.org/vuls/id/362332 US-CERT http://www.kb.cert.org/vuls/id/362332 Mon, 02 Aug 2010 08:27:15 -0700 Time Issues in Libpcap Traces http://taosecurity.blogspot.com/2010/07/time-issues-in-libpcap-traces.html Richard Bejtlich tag:blogger.com,1999:blog-4088979.post-8058607654974765302 Tue, 27 Jul 2010 17:08:00 -0700 Review of Digital Forensics for Network, Internet, and Cloud Computing Posted http://taosecurity.blogspot.com/2010/07/review-of-digital-forensics-for-network.html Richard Bejtlich tag:blogger.com,1999:blog-4088979.post-4236359772089954711 Mon, 26 Jul 2010 19:20:00 -0700 Review of Virtualization and Forensics Posted http://taosecurity.blogspot.com/2010/07/review-of-virtualization-and-forensics.html Richard Bejtlich tag:blogger.com,1999:blog-4088979.post-266425191619108851 Mon, 26 Jul 2010 18:18:00 -0700 Review of Digital Triage Forensics Posted http://taosecurity.blogspot.com/2010/07/review-of-digital-triage-forensics.html Richard Bejtlich tag:blogger.com,1999:blog-4088979.post-8992992602317352827 Mon, 26 Jul 2010 17:11:00 -0700 Review of The Watchman Posted http://taosecurity.blogspot.com/2010/07/review-of-watchman-posted.html Richard Bejtlich tag:blogger.com,1999:blog-4088979.post-7876661634800662101 Sat, 17 Jul 2010 18:24:00 -0700 VU#940193: Microsoft Windows automatically executes code specified in shortcut files http://www.kb.cert.org/vuls/id/940193 US-CERT http://www.kb.cert.org/vuls/id/940193 Thu, 15 Jul 2010 07:21:01 -0700 VU#541921: ISC DHCP server fails to handle zero-length client identifier http://www.kb.cert.org/vuls/id/541921 US-CERT http://www.kb.cert.org/vuls/id/541921 Wed, 14 Jul 2010 07:06:06 -0700 VU#732671: Cisco Industrial Ethernet 3000 Series switches have hardcoded SNMP community strings http://www.kb.cert.org/vuls/id/732671 US-CERT http://www.kb.cert.org/vuls/id/732671 Mon, 12 Jul 2010 08:34:04 -0700 VU#173009: Snare Agent web interface cross-site request forgery vulnerabilities http://www.kb.cert.org/vuls/id/173009 US-CERT http://www.kb.cert.org/vuls/id/173009 Tue, 29 Jun 2010 08:24:52 -0700 VU#251133: S2 NetBox allows unauthenticated HTTP access to node logs, backups, and employee photographs http://www.kb.cert.org/vuls/id/251133 US-CERT http://www.kb.cert.org/vuls/id/251133 Thu, 24 Jun 2010 08:33:52 -0700 VU#221257: Symantec AppStream and Workspace Streaming vulnerable to arbitrary code download and execution http://www.kb.cert.org/vuls/id/221257 US-CERT http://www.kb.cert.org/vuls/id/221257 Thu, 17 Jun 2010 02:09:28 -0700 VU#578319: Microsoft Windows Help and Support Center URI processing vulnerability http://www.kb.cert.org/vuls/id/578319 US-CERT http://www.kb.cert.org/vuls/id/578319 Thu, 10 Jun 2010 08:02:32 -0700 VU#486225: Adobe Flash ActionScript AVM2 newfunction vulnerability http://www.kb.cert.org/vuls/id/486225 US-CERT http://www.kb.cert.org/vuls/id/486225 Mon, 07 Jun 2010 09:46:27 -0700 VU#757804: Cisco Network Building Mediator products contain multiple vulnerabilities http://www.kb.cert.org/vuls/id/757804 US-CERT http://www.kb.cert.org/vuls/id/757804 Wed, 02 Jun 2010 10:35:04 -0700 VU#245081: Accoria Rock Web Server contains multiple vulnerabilities http://www.kb.cert.org/vuls/id/245081 US-CERT http://www.kb.cert.org/vuls/id/245081 Tue, 01 Jun 2010 07:42:59 -0700 VU#943165: Apple Safari window object invalid pointer vulnerability http://www.kb.cert.org/vuls/id/943165 US-CERT http://www.kb.cert.org/vuls/id/943165 Mon, 10 May 2010 01:22:40 -0700 VU#886582: Java Deployment Toolkit insufficient argument validation http://www.kb.cert.org/vuls/id/886582 US-CERT http://www.kb.cert.org/vuls/id/886582 Mon, 12 Apr 2010 10:53:01 -0700 VU#902793: IntelliCom NetBiter devices have default HICP passwords http://www.kb.cert.org/vuls/id/902793 US-CERT http://www.kb.cert.org/vuls/id/902793 Mon, 05 Apr 2010 05:37:14 -0700 VU#507652: Oracle Sun Java fails to properly validate Java applet signatures http://www.kb.cert.org/vuls/id/507652 US-CERT http://www.kb.cert.org/vuls/id/507652 Fri, 02 Apr 2010 05:05:52 -0700 VU#570177: Foxit Reader vulnerable to arbitrary command execution http://www.kb.cert.org/vuls/id/570177 US-CERT http://www.kb.cert.org/vuls/id/570177 Fri, 02 Apr 2010 03:37:44 -0700 VU#512705: Broadcom NetXtreme management firmware ASF buffer overflow http://www.kb.cert.org/vuls/id/512705 US-CERT http://www.kb.cert.org/vuls/id/512705 Thu, 25 Mar 2010 01:34:28 -0700 Escape. Evade. Vici. http://sonofsamy.wordpress.com/2009/03/31/escape-evade-vici/ http://sonofsamy.wordpress.com/?p=3 Tue, 31 Mar 2009 16:26:44 -0700 sonofsamy Sweet The MySpace Worm http://sonofsamy.wordpress.com/2005/10/04/the-myspace-worm/ http://sonofsamy.wordpress.com/?p=7 Mon, 03 Oct 2005 17:15:07 -0700 sonofsamy Sweet A Ticket to Fight http://sonofsamy.wordpress.com/2005/10/01/a-ticket-to-ride/ http://sonofsamy.wordpress.com/?p=18 Fri, 30 Sep 2005 17:52:08 -0700 sonofsamy Sweet Cry Me a River http://sonofsamy.wordpress.com/2005/03/22/cry-me-a-river/ http://sonofsamy.wordpress.com/?p=15 Mon, 21 Mar 2005 16:48:39 -0800 sonofsamy Sweet A Ticket to Ride http://sonofsamy.wordpress.com/2005/02/01/a-ticket-to-ride-2/ http://sonofsamy.wordpress.com/?p=22 Mon, 31 Jan 2005 16:54:38 -0800 sonofsamy Sweet TA10-131A: Microsoft Updates for Multiple Vulnerabilities http://www.us-cert.gov/cas/techalerts/TA10-131A.html 5f1dcd4397142867d586ae88e192f796_84572cc179dedf93c59573a685ed42f7 TA10-159A: Adobe Flash, Reader, and Acrobat Vulnerability http://www.us-cert.gov/cas/techalerts/TA10-159A.html 5f1dcd4397142867d586ae88e192f796_e3039d5329ce46b18f2297f3ad01e9f3 TA10-159B: Microsoft Updates for Multiple Vulnerabilities http://www.us-cert.gov/cas/techalerts/TA10-159B.html 5f1dcd4397142867d586ae88e192f796_7b654977fb4b429b3ab98dd09ec453bf TA10-162A: Adobe Flash and AIR Vulnerabilities http://www.us-cert.gov/cas/techalerts/TA10-162A.html 5f1dcd4397142867d586ae88e192f796_88d1e7bf65fad710a8d4dbf3bbc91608 TA10-194A: Microsoft Updates for Multiple Vulnerabilities http://www.us-cert.gov/cas/techalerts/TA10-194A.html 5f1dcd4397142867d586ae88e192f796_c1a31b81ccbc888711ee98fcb5e693eb TA10-194B: Oracle Updates for Multiple Vulnerabilities http://www.us-cert.gov/cas/techalerts/TA10-194B.html 5f1dcd4397142867d586ae88e192f796_8dbfa564a4eec9b0c937973eb3717606 TA10-222A: Microsoft Updates for Multiple Vulnerabilities http://www.us-cert.gov/cas/techalerts/TA10-222A.html 5f1dcd4397142867d586ae88e192f796_b5418f2cc1899de5f01240d3f7e69e67 TA10-223A: Adobe Flash and AIR Vulnerabilities http://www.us-cert.gov/cas/techalerts/TA10-223A.html 5f1dcd4397142867d586ae88e192f796_d31e1f05ffb9ef02934670be2c23ac6f TA10-231A: Adobe Reader and Acrobat Vulnerabilities http://www.us-cert.gov/cas/techalerts/TA10-231A.html 5f1dcd4397142867d586ae88e192f796_75017bfded9d8e6e1637f2f4770f7ec1 TA10-238A: Microsoft Windows Insecurely Loads Dynamic Libraries http://www.us-cert.gov/cas/techalerts/TA10-238A.html 5f1dcd4397142867d586ae88e192f796_1d4ca745cde1ec7782389ab6c5dae53c Bugtraq: [ GLSA 201009-03 ] sudo: Privilege Escalation http://www.securityfocus.com/archive/1/513516 Bugtraq: [TEHTRI-Security Training + 0days] "Hunting Web Attackers" at HITBSecConf http://www.securityfocus.com/archive/1/513514 Bugtraq: Security problems in Zenphoto version 1.3 http://www.securityfocus.com/archive/1/513525 Bugtraq: [USN-983-1] Sudo vulnerability http://www.securityfocus.com/archive/1/513519 SA10-103C: Adobe Reader and Acrobat Vulnerabilities http://www.us-cert.gov/cas/alerts/SA10-103C.html 5f1dcd4397142867d586ae88e192f796_5f5266946aaef26c4de0edbec742ec22 SA10-131A: Microsoft Updates for Multiple Vulnerabilities http://www.us-cert.gov/cas/alerts/SA10-131A.html 5f1dcd4397142867d586ae88e192f796_d60be0401c506c6b2bc51fd2e36a0a6f SA10-159A: Adobe Flash, Reader, and Acrobat Vulnerability http://www.us-cert.gov/cas/alerts/SA10-159A.html 5f1dcd4397142867d586ae88e192f796_231e40b85d36b7efb7619a756d269f5c SA10-159B: Microsoft Updates for Multiple Vulnerabilities http://www.us-cert.gov/cas/alerts/SA10-159B.html 5f1dcd4397142867d586ae88e192f796_d45ce540ed2eb49c0c9a479da48bfde4 SA10-162A: Adobe Flash and AIR Vulnerabilities http://www.us-cert.gov/cas/alerts/SA10-162A.html 5f1dcd4397142867d586ae88e192f796_44bdcd9bb5bf518a2d151c3724b87a85 SA10-194A: Microsoft Updates for Multiple Vulnerabilities http://www.us-cert.gov/cas/alerts/SA10-194A.html 5f1dcd4397142867d586ae88e192f796_d4d3a8965b60ce0ac12321221cab02b2 SA10-222A: Microsoft Updates for Multiple Vulnerabilities http://www.us-cert.gov/cas/alerts/SA10-222A.html 5f1dcd4397142867d586ae88e192f796_b346fb16014e4e93f77eeb12113d972f SA10-223A: Adobe Flash and AIR Vulnerabilities http://www.us-cert.gov/cas/alerts/SA10-223A.html 5f1dcd4397142867d586ae88e192f796_54e47b86d48552cb7288a25bf25df787 SA10-224A: Apple Updates iOS for Multiple Vulnerabilities http://www.us-cert.gov/cas/alerts/SA10-224A.html 5f1dcd4397142867d586ae88e192f796_e37f1cf375afde6e7f14c2b16cdf1b49 SA10-231A: Adobe Reader and Acrobat Vulnerabilities http://www.us-cert.gov/cas/alerts/SA10-231A.html 5f1dcd4397142867d586ae88e192f796_e93b07ac1467fcd7e7f754ce1fd17fbe 10.35.24 PHP City Portal "login.php" Multiple SQL Injection Issues http://www.sans.org/newsletters/risk/display.php?v=9&i=35&rss=Y#10.35.24 http://www.sans.org/newsletters/risk/display.php?v=9&i=35&rss=Y#10.35.24 10.35.23 phpMyAdmin Multiple Cross-Site Scripting Vulnerabilities http://www.sans.org/newsletters/risk/display.php?v=9&i=35&rss=Y#10.35.23 http://www.sans.org/newsletters/risk/display.php?v=9&i=35&rss=Y#10.35.23 10.35.22 ViArt Helpdesk Multiple Cross-Site Scripting Vulnerabilities http://www.sans.org/newsletters/risk/display.php?v=9&i=35&rss=Y#10.35.22 http://www.sans.org/newsletters/risk/display.php?v=9&i=35&rss=Y#10.35.22 10.35.21 Drupal Simplenews Content Selection Module Cross-Site Scripting Issue http://www.sans.org/newsletters/risk/display.php?v=9&i=35&rss=Y#10.35.21 http://www.sans.org/newsletters/risk/display.php?v=9&i=35&rss=Y#10.35.21 10.35.20 Online Work Order Suite Lite Edition Multiple Cross-Site Scripting Vulnerabilities http://www.sans.org/newsletters/risk/display.php?v=9&i=35&rss=Y#10.35.20 http://www.sans.org/newsletters/risk/display.php?v=9&i=35&rss=Y#10.35.20 10.35.19 ACCESSGUARDIAN Unspecified Cross-Site Scripting Issue http://www.sans.org/newsletters/risk/display.php?v=9&i=35&rss=Y#10.35.19 http://www.sans.org/newsletters/risk/display.php?v=9&i=35&rss=Y#10.35.19 10.35.18 LXR Cross Referencer TITLE Element Cross-Site Scripting Issue http://www.sans.org/newsletters/risk/display.php?v=9&i=35&rss=Y#10.35.18 http://www.sans.org/newsletters/risk/display.php?v=9&i=35&rss=Y#10.35.18 10.35.31 phpMyAdmin Configuration File PHP Code Injection http://www.sans.org/newsletters/risk/display.php?v=9&i=35&rss=Y#10.35.31 http://www.sans.org/newsletters/risk/display.php?v=9&i=35&rss=Y#10.35.31 10.35.30 In-Portal CMS "index.php" Local File Include http://www.sans.org/newsletters/risk/display.php?v=9&i=35&rss=Y#10.35.30 http://www.sans.org/newsletters/risk/display.php?v=9&i=35&rss=Y#10.35.30 10.35.29 Netpet CMS "confirm.php" Local File Include http://www.sans.org/newsletters/risk/display.php?v=9&i=35&rss=Y#10.35.29 http://www.sans.org/newsletters/risk/display.php?v=9&i=35&rss=Y#10.35.29 10.35.28 DotNetNuke Syndication Handler Remote Denial of Service Issue http://www.sans.org/newsletters/risk/display.php?v=9&i=35&rss=Y#10.35.28 http://www.sans.org/newsletters/risk/display.php?v=9&i=35&rss=Y#10.35.28 10.35.27 MAXcms Multiple Remote File Include Issues http://www.sans.org/newsletters/risk/display.php?v=9&i=35&rss=Y#10.35.27 http://www.sans.org/newsletters/risk/display.php?v=9&i=35&rss=Y#10.35.27 10.35.26 Mollify Authentication Bypass Vulnerability and Multiple Information Disclosure Weaknesses http://www.sans.org/newsletters/risk/display.php?v=9&i=35&rss=Y#10.35.26 http://www.sans.org/newsletters/risk/display.php?v=9&i=35&rss=Y#10.35.26 10.35.25 PHPCMS2008 "download.php" Information Disclosure Issue http://www.sans.org/newsletters/risk/display.php?v=9&i=35&rss=Y#10.35.25 http://www.sans.org/newsletters/risk/display.php?v=9&i=35&rss=Y#10.35.25 10.35.3 Tuniac ".m3u" File Buffer Overflow http://www.sans.org/newsletters/risk/display.php?v=9&i=35&rss=Y#10.35.3 http://www.sans.org/newsletters/risk/display.php?v=9&i=35&rss=Y#10.35.3 10.35.2 UiPlayer "UiCheck.dll" ActiveX Buffer Overflow http://www.sans.org/newsletters/risk/display.php?v=9&i=35&rss=Y#10.35.2 http://www.sans.org/newsletters/risk/display.php?v=9&i=35&rss=Y#10.35.2 10.35.1 Adersoft VbsEdit ".vbs" File Denial Of Service Issue http://www.sans.org/newsletters/risk/display.php?v=9&i=35&rss=Y#10.35.1 http://www.sans.org/newsletters/risk/display.php?v=9&i=35&rss=Y#10.35.1 10.35.33 SonicWALL E-Class SSL-VPN Format String Issue http://www.sans.org/newsletters/risk/display.php?v=9&i=35&rss=Y#10.35.33 http://www.sans.org/newsletters/risk/display.php?v=9&i=35&rss=Y#10.35.33 10.35.32 Blue Coat ProxySG Read Only Administrator Security Bypass Issue http://www.sans.org/newsletters/risk/display.php?v=9&i=35&rss=Y#10.35.32 http://www.sans.org/newsletters/risk/display.php?v=9&i=35&rss=Y#10.35.32 10.35.7 Linux Kernel JFS xattr Namespace Rules Security Bypass Issue http://www.sans.org/newsletters/risk/display.php?v=9&i=35&rss=Y#10.35.7 http://www.sans.org/newsletters/risk/display.php?v=9&i=35&rss=Y#10.35.7 10.35.6 Linux Kernel Controller Area Network Protocol Local Privilege Escalation http://www.sans.org/newsletters/risk/display.php?v=9&i=35&rss=Y#10.35.6 http://www.sans.org/newsletters/risk/display.php?v=9&i=35&rss=Y#10.35.6 10.35.5 Linux Kernel KVM Intel VT-x Extension NULL Pointer Denial of Service http://www.sans.org/newsletters/risk/display.php?v=9&i=35&rss=Y#10.35.5 http://www.sans.org/newsletters/risk/display.php?v=9&i=35&rss=Y#10.35.5 10.35.4 Red Hat VDSM Module SSL Connection Denial of Service Issue http://www.sans.org/newsletters/risk/display.php?v=9&i=35&rss=Y#10.35.4 http://www.sans.org/newsletters/risk/display.php?v=9&i=35&rss=Y#10.35.4 10.35.17 Oracle MySQL "TEMPORARY InnoDB" Tables Denial of Service http://www.sans.org/newsletters/risk/display.php?v=9&i=35&rss=Y#10.35.17 http://www.sans.org/newsletters/risk/display.php?v=9&i=35&rss=Y#10.35.17 10.35.16 libHX "HX_split()" Remote Heap-Based Buffer Overflow Issue http://www.sans.org/newsletters/risk/display.php?v=9&i=35&rss=Y#10.35.16 http://www.sans.org/newsletters/risk/display.php?v=9&i=35&rss=Y#10.35.16 10.35.15 QEMU KVM Multiple Issues http://www.sans.org/newsletters/risk/display.php?v=9&i=35&rss=Y#10.35.15 http://www.sans.org/newsletters/risk/display.php?v=9&i=35&rss=Y#10.35.15 10.35.14 Novell iPrint Client Multiple Security Vulnerabilities http://www.sans.org/newsletters/risk/display.php?v=9&i=35&rss=Y#10.35.14 http://www.sans.org/newsletters/risk/display.php?v=9&i=35&rss=Y#10.35.14 10.35.13 Google Chrome Multiple Security Vulnerabilities http://www.sans.org/newsletters/risk/display.php?v=9&i=35&rss=Y#10.35.13 http://www.sans.org/newsletters/risk/display.php?v=9&i=35&rss=Y#10.35.13 10.35.12 IBM Tivoli Storage Manager FastBack Remote Code Execution and Denial of Service Vulnerabilities http://www.sans.org/newsletters/risk/display.php?v=9&i=35&rss=Y#10.35.12 http://www.sans.org/newsletters/risk/display.php?v=9&i=35&rss=Y#10.35.12 10.35.11 Apple iTunes Log File Insecure File Operation Local Privilege Escalation http://www.sans.org/newsletters/risk/display.php?v=9&i=35&rss=Y#10.35.11 http://www.sans.org/newsletters/risk/display.php?v=9&i=35&rss=Y#10.35.11 10.35.10 Serv-U Denial of Service and Security Bypass Vulnerabilities http://www.sans.org/newsletters/risk/display.php?v=9&i=35&rss=Y#10.35.10 http://www.sans.org/newsletters/risk/display.php?v=9&i=35&rss=Y#10.35.10 10.35.9 PHP "ibase_gen_id()" Function off-by-one Buffer Overflow http://www.sans.org/newsletters/risk/display.php?v=9&i=35&rss=Y#10.35.9 http://www.sans.org/newsletters/risk/display.php?v=9&i=35&rss=Y#10.35.9 10.35.8 FreeBSD "setusercontext()" Local Security Bypass Issue http://www.sans.org/newsletters/risk/display.php?v=9&i=35&rss=Y#10.35.8 http://www.sans.org/newsletters/risk/display.php?v=9&i=35&rss=Y#10.35.8 (2) HIGH: Adobe Shockwave Player Code Execution Vulnerabilities http://www.sans.org/newsletters/risk/display.php?v=9&i=35&rss=Y#widely2 http://www.sans.org/newsletters/risk/display.php?v=9&i=35&rss=Y#widely2 (1) HIGH: Google Chrome Multiple Vulnerabilities http://www.sans.org/newsletters/risk/display.php?v=9&i=35&rss=Y#widely1 http://www.sans.org/newsletters/risk/display.php?v=9&i=35&rss=Y#widely1 SANS Network Security 2010 http://www.sans.org/network-security-2010/ http://www.sans.org/network-security-2010/ Aardvertiser Component for Joomla! index.php cat_name Parameter SQL Injection http://osvdb.org/show/osvdb/67837 MySource Matrix char_map.php Multiple Parameter XSS http://osvdb.org/show/osvdb/67838 Horde Application Framework util/icon_browser.php subdir Parameter XSS http://osvdb.org/show/osvdb/67839 Weborf Unspecified Traversal Arbitrary File Access http://osvdb.org/show/osvdb/67840 DynPage content/dynpage_load.php file Parameter Traversal Arbitrary File Access http://osvdb.org/show/osvdb/67841 sudo Runas Group Handling Local Privilege Escalation http://osvdb.org/show/osvdb/67842 openSUSE LXDE lxsession lxsession-logout Screen Lock Weakness Resume Action Bypass http://osvdb.org/show/osvdb/67843 Apple Mac OS X Mail Parental Controls Unspecified Unauthorized Sender Whitelist http://osvdb.org/show/osvdb/67844 SUSE Linux Enterprise yast2-webclient WebYaST Appliance Fixed Secret Key Session Cookie Spoofing Weakness http://osvdb.org/show/osvdb/67845 SUSE Lifecycle Management Server on SUSE Linux Enterprise apache2-slms Parameter Quoting CSRF http://osvdb.org/show/osvdb/67846 Apple Safari Bugs Let Remote Users Execute Arbitrary Code http://www.securitytracker.com/id?1024400 Mozilla Firefox Bugs Let Remote Users Conduct Cross-Site Scripting Attacks, Obtain Potentially Sensitive Information, and Execute Arbitrary Code http://www.securitytracker.com/id?1024401 Mozilla Thunderbird Bugs Let Remote Users Conduct Cross-Site Scripting Attacks, Obtain Potentially Sensitive Information, and Execute Arbitrary Code http://www.securitytracker.com/id?1024403 Mozilla Firefox DLL Loading Error Lets Remote Users Execute Arbitrary Code http://www.securitytracker.com/id?1024406 Mozilla Thunderbird DLL Loading Error Lets Remote Users Execute Arbitrary Code http://www.securitytracker.com/id?1024407 Google Chrome memory corruption http://securityvulns.com/news/Google/Chrome/Focus.html 11116.Google/Chrome/Focus.05.09.2010. client barnowl uninitialized memory reference http://securityvulns.com/news/barnowl/libzephyr.html 11117.barnowl/libzephyr.06.09.2010. remote HP Operations Agent security vulnerabilities http://securityvulns.com/news/HP/OperationsAgent/1009.html 11119.HP/OperationsAgent/1009.06.09.2010. remote Novell Netware SSH buffer overflow http://securityvulns.com/news/Novell/Netware/SSH.html 11118.Novell/Netware/SSH.06.09.2010. remote