Last updated:
Sat Aug 1 10:07:26 2015 GMT
  2014 FIRST Annual Conference in Boston - Register now


Recent bugs
via SecurityFocus,
Debian OpenJDK CVE-2014-8873 Remote Code Execution Vulnerability
cURL/libcURL NTLM connection CVE-2015-3143 Remote Security Bypass Vulnerability
Libxml2 CVE-2015-1819 Denial of Service Vulnerability
Oracle MySQL Server CVE-2015-4771 Remote Security Vulnerability
Oracle MySQL Server CVE-2015-4752 Remote Security Vulnerability
Mozilla Firefox/Thunderbird CVE-2014-1565 Out of Bounds Memory Corruption Vulnerability
Oracle Java SE CVE-2015-2613 Remote Security Vulnerability
Oracle Java SE CVE-2015-0403 Local Java SE Vulnerability
Adobe Flash Player ActionScript 3 BitmapData Use After Free Remote Memory Corruption Vulnerability
Tidy 'tmbstr.c' Heap Based Buffer Overflow Vulnerability
Recent advisories
via Secunia, US-CERT,
TA12-073A: Microsoft Updates for Multiple Vulnerabilities
TA12-045A: Microsoft Updates for Multiple Vulnerabilities
TA12-024A: "Anonymous" DDoS Activity
TA12-010A: Microsoft Updates for Multiple Vulnerabilities
TA12-006A: Wi-Fi Protected Setup (WPS) Vulnerable to Brute-Force Attack
TA11-350A: Adobe Updates for Multiple Vulnerabilities
TA11-347A: Microsoft Updates for Multiple Vulnerabilities
TA11-312A: Microsoft Updates for Multiple Vulnerabilities
TA11-286A: Apple Updates for Multiple Vulnerabilities
TA11-284A: Microsoft Updates for Multiple Vulnerabilities
TA11-256A: Microsoft Updates for Multiple Vulnerabilities
TA11-222A: Adobe Updates for Multiple Vulnerabilities
TA11-221A: Microsoft Updates for Multiple Vulnerabilities
TA11-201A: Oracle Updates for Multiple Vulnerabilities
TA11-200A: Security Recommendations to Prevent Cyber Intrusions
TA11-193A: Microsoft Updates for Multiple Vulnerabilities
TA11-165A: Microsoft Updates for Multiple Vulnerabilities
TA11-166A: Adobe Updates for Multiple Vulnerabilities
TA11-130A: Microsoft Updates for Multiple Vulnerabilities
TA11-102A: Microsoft Updates for Multiple Vulnerabilities
Bugtraq Topics
via SecurityFocus,
phpFileManager 0.9.8 Remote Command Execution
[SECURITY] [DSA 3321-1] xmltooling security update
HP ArcSight Logger provides incorrect/invalid/incomplete results for queries with boolean operators
Cisco Security Advisory: Cisco ASR 1000 Series Aggregation Services Routers Fragmented Packet Denial of Service Vulnerability
[SECURITY] [DSA 3320-1] openafs security update
viagra generic singapore
Dell Netvault Backup Remote Denial of Service
FreeBSD Security Advisory FreeBSD-SA-15:16.openssh [REVISED]
[security bulletin] HPSBGN03367 rev.1 - HP TransactionVision with RC4 Stream Cipher, Remote Disclosure of Information
Cross-Site Scripting (XSS) in qTranslate WordPress Plugin
Top Worms and Viruses
via Sophos,
Latest MS bulletins
via Microsoft,
MS11-703 - Important: Test MNP bulletin #3 (test0703)
MS11-702 - Moderate: Test MNP bulletin #2 (test0702)
MS11-701 - Low: Test MNP bulletin #1 (test0701)
MS11-069 - Moderate: Vulnerability in .NET Framework Could Allow Information Disclosure (2567951)
MS11-068 - Moderate: Vulnerability in Windows Kernel Could Allow Denial of Service (2556532)
MS11-067 - Important: Vulnerability in Microsoft Report Viewer Could Allow Information Disclosure (2578230)
MS11-066 - Important: Vulnerability in Microsoft Chart Control Could Allow Information Disclosure (2567943)
MS11-065 - Important: Vulnerability in Remote Desktop Protocol Could Allow Denial of Service (2570222)
MS11-064 - Important: Vulnerabilities in TCP/IP Stack Could Allow Denial of Service (2563894)
MS11-063 - Important: Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2567680)
Stock Watch
via Yahoo! Finance
Updated 7/31/2015
^ixic 5128.28 -0.50
jnpr 28.42 +0.46
symc 22.74 -0.05
csco 28.42 +0.12
ckp 8.74 +0.14
msft 46.70 -0.18
ibm 161.99 +1.03
intc 28.95 +0.04
amd 1.93 +0.00
cic.to 10.23 +0.07
ca 29.135 -0.285
bcsi N/A N/A
vrsn 70.94 -0.09
intc 28.95 +0.04
CUDA 27.44 +0.32
splk 69.94 +0.69
feye 44.49 -3.27
qlys 36.96 -0.32
panw 185.83 +0.64
hpq 30.52 -0.10
impv 65.70 +1.14
pfpt 64.70 +0.49

 

Recent News

Vigil@nce - Eclipse Jetty: three vulnerabilities, analyzed on 01/06/2015
Vigil@nce - public vulnerabilities
An attacker can use several vulnerabilities of Eclipse Jetty.

Vigil@nce - IBM Domino: Cross Site Scripting, analyzed on 01/06/2015
Vigil@nce - public vulnerabilities
An attacker can trigger a Cross Site Scripting of IBM Domino, in order to execute JavaScript code in the context of the web site.

Vigil@nce - Cisco Unified MeetingPlace: external XML entity injection, analyzed on 01/06/2015
Vigil@nce - public vulnerabilities
An attacker can transmit malicious XML data to Cisco Unified MeetingPlace, in order to read a file, scan sites, or trigger a denial of service.

Vigil@nce - Cisco AnyConnect Secure Mobility Client: privilege escalation via Identity Services Engine, analyzed on 01/06/2015
Vigil@nce - public vulnerabilities
An attacker can use Identity Services Engine of Cisco AnyConnect Secure Mobility Client, in order to escalate his privileges.

Leaked NSA slides: Chinese hackers have been wreaking havoc on corporate America
Yahoo! News: Security News
NBC News this week obtained leaked slides from a February 2014 NSA presentation which highlight in specific detail the extent to which China has successfully hacked U.S. corporations and individuals. As indicated by the map above, each red dot represents

Former CEO of collapsed Mt.Gox bitcoin exchange arrested in Japan: reports
Yahoo! News: Security News

Car hacking risk may be broader than Fiat Chrysler: U.S. regulator
Yahoo! News: Security News

FDA says hospitals should stop using Hospira pump
Yahoo! News: Security News
The federal government says health care facilities should stop using Hospira's Symbiq medication infusion pump because of its vulnerability to hacking. The Food and Drug Administration said Friday it's ...

Citing hacking risk, FDA says Hospira pump shouldn't be used
Yahoo! News: Security News
The federal government says health care facilities should stop using Hospira's Symbiq medication infusion pump because of its vulnerability to hacking. The Food and Drug Administration said Friday it's ...

Researchers warn of bogus emails offering Windows 10
Yahoo! News: Security News
Some hackers are exploiting Microsoft's offer of free upgrades to its new Windows 10 operating system. Security researchers are warning about a wave of bogus spam emails with malicious attachments, labeled ...

University of Connecticut says hit by hackers from China
Yahoo! News: Security News
By Richard Weizel MILFORD, Conn. (Reuters) - The social security numbers and credit card details of up to 6,000 University of Connecticut students, faculty and others may have been stolen by cyberhackers from China, the university said on Friday. Official

FDA warns of security flaw in Hospira infusion pumps
Yahoo! News: Security News
By Jim Finkle BOSTON (Reuters) - The U.S. Food and Drug Administration on Friday advised hospitals not to use Hospira Inc's Symbiq infusion system, saying a security vulnerability could allow cyber attackers to take remote control of the system. The agenc

Car hacking risk may be broader than Fiat Chrysler - U.S. regulator
Yahoo! News: Security News

NY village makes ransom payments to keep computers running
Yahoo! News: Security News
ALBANY, N.Y. (AP) A village in central New York made ransom payments of $300 and $500 last year to keep its computers running after two official-looking emails released malware throughout its system, state auditors said.

Clinton email disclosure slowed by security concerns
Yahoo! News: Security News

Botnet takedowns: are they worth it?
LinuxSecurity.com - Latest News
LinuxSecurity.com: The number of botnets has grown rapidly over the last decade. From Gameover Zeus leveraging encrypted peer-to-peer command and control servers, to Conflicker, infecting millions of computers across the world - botnets are continu

Tor connection vulnerability uncloaks hidden web services
LinuxSecurity.com - Latest News
LinuxSecurity.com: MIT researchers have developed digital attacks which can unmask Tor services in the Deep Web with a high degree of accuracy.

Hackers Could Heist Semis by Exploiting This Satellite Flaw
LinuxSecurity.com - Latest News
LinuxSecurity.com: Remember the opening scene of the first Fast and Furious film when bandits hijacked a truck to steal its cargo? Or consider the recent real-life theft of $4 million in gold from a truck transiting from Miami to Massachusetts. Hei

Ahead of the Bell: FireEye shares fall on CFO departure
Yahoo! News: Security News
Shares of cybersecurity firm FireEye Inc. fell in premarket trading Friday, the morning after the company's chief financial officer said he was leaving. Michael Sheridan had been CFO since 2011. The company ...

What's considered 'classified' is a judgment call
Yahoo! News: Security News

Zhone GPON 2520 Denial Of Service Vulnerabilities
SecuriTeam.com
Zhone GPON 2520 with firmware R4.0.2.566b allows remote attackers to cause a denial of service via a long string in the oldpassword parameter.

Zeuscart Multiple Security Vulnerabilities
SecuriTeam.com
Multiple cross-site scripting (XSS) vulnerabilities in ZeusCart 4 allow remote attackers to inject arbitrary web script or HTML via the (1) schltr parameter in a brands action or (2) brand parameter in a viewbrands action to index.php

WordPress Survey And Poll 1.1.7 Blind SQL Injection Vulnerabilities
SecuriTeam.com
SQL injection vulnerability in the ajax_survey function in settings.php in the WordPress Survey and Poll plugin 1.1.7 for Wordpress allows remote attackers to execute arbitrary SQL commands via the survey_id parameter in an ajax_survey action to wp-admin/

WordPress Google Captcha (ReCAPTCHA) By BestWebSoft Plugin Authentication Bypass Vulnerabilities
SecuriTeam.com
The BestWebSoft Google Captcha (aka reCAPTCHA) plugin before 1.13 for WordPress allows remote attackers to bypass the CAPTCHA protection mechanism and obtain administrative access

Webshop Hun Index.php SQL Injection Vulnerabilities
SecuriTeam.com
Multiple SQL injection vulnerabilities in Webshop hun 1.062S allow remote attackers to execute arbitrary SQL commands via the (1) termid or (2) nyelv_id parameter to index.php.

Websense TRITON AP-EMAIL Cross-Site Scripting Vulnerabilities
SecuriTeam.com
Multiple cross-site scripting (XSS) vulnerabilities in Websense TRITON AP-WEB before 8.0.0 and V-Series 7.7 appliances allow remote attackers to inject arbitrary web script or HTML via the (1) ws-userip in the ws-encdata parameter to cve-bin/moreBlockInfo

TYPO3 Neos Extension Remote Privilege Escalation Vulnerabilities
SecuriTeam.com
TYPO3 Neos 1.1.x before 1.1.3 and 1.2.x before 1.2.3 allows remote editors to access, create, and modify content nodes in the workspace of other editors

SSL/TLS RC4 Information Disclosure Vulnerabilities
SecuriTeam.com
The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes

Schneider Electric DTM Stack Buffer Overflow Vulnerabilities
SecuriTeam.com
Stack-based buffer overflow in Device Type Manager (DTM) 3.1.6 and earlier for Schneider Electric Invensys SRD Control Valve Positioner devices 960 and 991 allows local users to gain privileges via a malformed DLL file.

Potrace Multiple Integer Overflows Vulnerabilities
SecuriTeam.com
Multiple integer overflows in potrace 1.11 allow remote attackers to cause a denial of service (crash) via large dimensions in a BMP image, which triggers a buffer overflow.

Php GetCode_ Function Buffer Over-Read And Application Crash Vulnerabilities
SecuriTeam.com
The GetCode_ function in gd_gif_in.c in GD 2.1.1 and earlier, as used in PHP before 5.5.21 and 5.6.x before 5.6.5, allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted GIF image that is improperly han

Multiple Fortinet Single Sign On Products Stack Buffer Overflow Vulnerabilities
SecuriTeam.com
Stack-based buffer overflow in collectoragent.exe in Fortinet Single Sign On (FSSO) before build 164 allows remote attackers to execute arbitrary code via a large PROCESS_HELLO message to the Message Dispatcher on TCP port 8000.

Movable Type Security Bypass Vulnerabilities
SecuriTeam.com
Movable Type before 5.2.6 does not properly use the Storable::thaw function, which allows remote attackers to execute arbitrary code via the comment_state parameter

Linux Kernel Local Slab Corruption And Panic Vulnerabilities
SecuriTeam.com
Use-after-free vulnerability in the sctp_assoc_update function in net/sctp/associola.c in the Linux kernel before 3.18.8 allows remote attackers to cause a denial of service (slab corruption and panic) or possibly have other impact by triggering an INIT c

IBM PowerVC Obtain Sensitive Information Vulnerabilities
SecuriTeam.com
powervc-iso-import in IBM PowerVC 1.2.0.x before 1.2.0.4 and 1.2.1.x before 1.2.2 places an access token on the command line during IVM and PowerKVM management, which allows local users to obtain sensitive information by listing the process.

Google Chrome Multiple Use-After-Free Vulnerabilities
SecuriTeam.com
Multiple use-after-free vulnerabilities in the ServiceWorkerScriptCacheMap implementation in content/browser/service_worker/service_worker_script_cache_map.cc in Google Chrome before 41.0.2272.76 allow remote attackers to cause a denial of service or poss

Elastix 2.5.0 SQL Injection Vulnerabilities
SecuriTeam.com
SQL injection vulnerability in a2billing/customer/iridium_threed.php in Elastix 2.5.0 and earlier allows remote attackers to execute arbitrary SQL commands via the transactionID parameter.

Cisco IOS Software Common Industrial Protocol Device Reload Vulnerabilities
SecuriTeam.com
Cisco IOS 12.2, 12.4, 15.0, 15.2, and 15.3 allows remote attackers to cause a denial of service (device reload) via malformed Common Industrial Protocol (CIP) TCP packets

Google Promises Fix For Recently Discovered Stagefright Android Flaw
Hack In The Box

PeopleSoft p0wnage possible with a day of GPU brute-forcing
Hack In The Box
Google Promises Fix For Recently Discovered Stagefright Android Flaw
Hack In The Box
The case against SSDs
Hack In The Box
Microsoft announces which Lumia handsets will get upgraded to Windows 10 Mobile at launch
Hack In The Box
GitHub lands $250 million in funding and is now worth $2 billion
Hack In The Box
Russian hackers use Twitter to cover their tracks
Hack In The Box
Older News

Researchers Unveiled a New, Serious Vulnerability In Tor
Hack In The Box

IT worker who used law firm job for insider trades gets 2 years in prison
Hack In The Box

Apple seeds second OS X 10.10.5 Yosemite beta to developers with minor changes
Hack In The Box

OwnStar gadget hacks GMs OnStar to unlock, start cars
Hack In The Box

Hacker claims he can use GMs OnStar app to remotely open and start your car
Yahoo! News: Security News

Airfares will soon be the cheapest theyve been in four years
Yahoo! News: Security News

FireEye reports 2Q loss
Yahoo! News: Security News

Vigil@nce - Junos: privilege escalation via Console Insecure, analyzed on 15/07/2015
Vigil@nce - public vulnerabilities

MIT researchers can break Tor anonymity without even touching encryption
Yahoo! News: Security News

Researcher says can hack GM's OnStar app, open vehicle, start engine
Yahoo! News: Security News

Yes! Amazon snags Jeremy Clarkson for a new Top Gear-like show
Yahoo! News: Security News

Warning: Crazy new Android security flaw can render your phone completely lifeless
Yahoo! News: Security News

New Nexus 5 leak: This might be our first look at the phones case
Yahoo! News: Security News

Rackspace cooking up security-secret-sharing cloud cabal
LinuxSecurity.com - Latest News

Groups urge Obama to oppose cyberthreat sharing bills
LinuxSecurity.com - Latest News

Remote denial of service vulnerability exposes BIND servers
LinuxSecurity.com - Latest News

New vulnerability can put Android phones into permanent vegetative state
LinuxSecurity.com - Latest News

Nokia, Alcatel-Lucent post strong results as merger approaches
Yahoo! News: Security News

Planned Parenthood reports second website hack in a week
Yahoo! News: Security News

Samsung Electronics cautious on second-half; capital returns disappoint
Yahoo! News: Security News

Average US vehicle age hits record 11.5 years
Yahoo! News: Security News

Ex-software engineer gets 2 years prison for insider trading
Yahoo! News: Security News

Wireshark LLDP Dissector Denial Of Service Vulnerabilities
SecuriTeam.com

Websense TRITON AP-EMAIL Message Log In The Email Security Gateway Cross-Site Scripting Vulnerabilities
SecuriTeam.com

Ultimate PHP Board HTML Injection And Cross Site Scripting Vulnerabilities
SecuriTeam.com

SuperWebMailer 'defaultnewsletter.php' Cross Site Scripting Vulnerabilities
SecuriTeam.com

Serendipity Input Validation Cross-Site Scripting Vulnerabilities
SecuriTeam.com

Puppet Labs Facter Potential Sensitive Information Leakage Vulnerabilities
SecuriTeam.com

OpenStack Compute Security Bypass Vulnerabilities
SecuriTeam.com

Multiple IBM Rational Products Information Disclosure Vulnerabilities
SecuriTeam.com

Mozilla Firefox Multiple Type Confusion Use After Free Memory Corruption Vulnerabilities
SecuriTeam.com

Microsoft Adobe Font Driver Denial Of Service Vulnerabilities
SecuriTeam.com

InfoBlox NetMRI/Network Automation Remote Command Injection Vulnerabilities
SecuriTeam.com

HP Point Of Sale PC POS Keyboards With MSR Vulnerabilities
SecuriTeam.com

Exchange Error Message Cross Site Scripting Vulnerabilities
SecuriTeam.com

Drupal Core Access Bypass And Open Redirection Vulnerabilities
SecuriTeam.com

Cisco Unity Connection 'SIP Trunk Integration' Multiple Core Dump Vulnerabilities
SecuriTeam.com

Apache Standard Taglibs XML External Entity Injection Vulnerabilities
SecuriTeam.com

Schneider Electric DS-NVs 'Rvctl.RVControl.1' ActiveX Stack Buffer Overflow Vulnerabilities
SecuriTeam.com

SCADA Engine BACnet OPC Server Remote Security Bypass Vulnerabilities
SecuriTeam.com

SAP KERNEL Buffer Overflow Vulnerabilities
SecuriTeam.com

Request Tracker Remote Denial Of Service Vulnerabilities
SecuriTeam.com

OWA Modified Canary Parameter Cross Site Scripting Vulnerabilities
SecuriTeam.com

Mozilla Firefox Thunderbird Memory Corruption Vulnerabilities
SecuriTeam.com

Mod-Gnutls Denial Of Service Vulnerabilities
SecuriTeam.com

Maroyaka CGI Maroyaka Relay Novel Cross-Site Scripting Vulnerabilities
SecuriTeam.com

IBM Tivoli Storage Manager Client Buffer Overflow Vulnerabilities
SecuriTeam.com


all content is copyright its respective owner or owners. the tools and components behind this page are copyright © 2003-2010 jose nazario, all rights reserved. this page is available as RSS 2.0.