Blogs / US-CERT Vulnerability Notes

Latest posts

1. VU#596268: Wonderware SuiteLink null pointer deference

   http://www.kb.cert.org/vuls/id/596268

   Vulnerability Note VU#596268 Wonderware SuiteLink null pointer deference OverviewA vulnerability in the way Wonderware SuiteLink handles malformed TCP packets could result in a denial of service. I. Description Wonderware SuiteLink is a protocol based on TCP/IP that runs as a service listening for connections on port 5413/tcp on Microsoft Windows operating systems. …

   60 days ago

2. VU#147027: PHP path translation vulnerability

   http://www.kb.cert.org/vuls/id/147027

   Vulnerability Note VU#147027 PHP path translation vulnerability OverviewPHP contains a path translation vulnerability that may allow an attacker to execute arbitrary code. I. DescriptionPHP is a scripting language that is designed for web-based applications and can be imbedded directly into HTML. …

   60 days ago

3. VU#929656: Multiple BGP implementations do not properly handle UPDATE messages

   http://www.kb.cert.org/vuls/id/929656

   Vulnerability Note VU#929656 Multiple BGP implementations do not properly handle UPDATE messages OverviewBGP implementations from multiple vendors including Juniper may not properly handle specially crafted BGP UPDATE messages. These vulnerabilities could allow an unauthenticated, remote attacker to cause a denial of service. …

   60 days ago

835 blog reactions

1. 

   Adobe Flash Player - Update, Update, Update

   http://djtechnocrat.blogspot.com/2008/07/adobe-flash-player-...

   30% of my blog visitors are still running Adobe Flash Player 9.0.115. While 54.70% are generally running versions older than Adobe Flash Player 9.0.124. If you aren't running Adobe Flash Player 9.0.124, then you are vulnerable to several very serious security vulnerabilities which can be exploited via your browser. Not sure what version of Flash Player you have installed? Use Adobe's Version Checker. Remember to check each browser seperately...as IE uses ActiveX and other browsers do not. Also, I would highly running

   1 day ago in Thoughts of a Technocrat by capboy118 · Authority: 29
2. 

   Internet Explorer User aufgepasst! Speicherung von Tastatureingaben Seitenübergreifend möglich

   http://www.pcbeirat.de/browser/internet-explorer/internet-ex...

   Wie geht sowas? Ohne detailliert auf die Vorgehensweise eingehen zu wollen, möchte ich hier das United States Computer Emergency Readiness Team zitieren. "By convincing a user to view a specially crafted HTML document (e.g., a web page or an HTML email message), an attacker may be able to access non-domain-specific elements from a web page that exists in a different domain. For example, the

   2 days ago in PcBeirat.de - Anwendungen, Browser, Internet-News, Office und Wordpress! · Authority: 13
3. 

   Уязвимость в Internet Explorer

   http://sumy.biz/node/5556

   продуктов Microsoft планирует выпустить в следующий вторник, 8 июля. Возможно, в состав этих апдейтов будет включена и заплатка для дыры в IE. Сообщение об уязвимости

   2 days ago in Сумы.biz · Authority: 1
4. 

   Information Security Log

   http://www.islog.ru

   Организация US-CERT, созданная при участии Министерства внутренней безопасности США, предупреждает об обнаружении очередной уязвимости в браузерах Microsoft Internet Explorer последних версий. Как сообщается, проблема связана с особенностями

   3 days ago in Information Security Log · No authority yet
5. 

   Hacker Alerts and Security

   http://backdoor-hunters.blogspot.com

   VU#607267: Mozilla Firefox code execution vulnerability VU#361043: Apple Safari contains a memory corruption issue in the handling of JavaScript arrays by WebKit VU#516627: Microsoft Internet Explorer fails to properly restrict access to frames

   3 days ago in Hacker Alerts and Security by Gillis57 · Authority: 1
6. 

   セキュリティ関連情報

   http://sky.higashiosaka.ac.jp/~center/weblog/index.php?e=128

   http://www.kb.cert.org/vuls/id/788019

   3 days ago in 東大阪大学情報教育センターBLOG · Authority: 4
7. 

   Security News from the net

   http://securitynewsfromthenet.blogspot.com

   be exploited by tricking users into visiting a maliciously crafted web site or opening malicious email. Users are urged to disable active scripting until a fix is available. Microsoft is investigating the issue. http://www.kb.cert.org/vuls/id/516627 http://www.informationweek.com/news/internet/browsers/showArticle.jhtml?articleID=208801757 ATTACKS, INTRUSIONS, DATA THEFT & LOSS --Bank Issues New Cards to All Affected by Hannaford Data Breach

   4 days ago in Security News from the net by xsnorz · Authority: 2
8. 

   セキュリティ関連情報

   http://sky.higashiosaka.ac.jp/~center/weblog/index.php?e=127

   http://www.kb.cert.org/vuls/id/516627

   4 days ago in 東大阪大学情報教育センターBLOG · Authority: 4
9. 

   Уязвимость в Internet Explorer

   http://sumy.biz/node/5477

   продуктов Microsoft планирует выпустить в следующий вторник, 8 июля. Возможно, в состав этих апдейтов будет включена и заплатка для дыры в IE. Сообщение об уязвимости

   4 days ago in Сумы.biz · Authority: 1
10. 

    Уязвимость в Internet Explorer

    http://grape.southbridge.ru/node/838

    продуктов Microsoft планирует выпустить в следующий вторник, 8 июля. Возможно, в состав этих апдейтов будет включена и заплатка для дыры в IE. Сообщение об уязвимости

    4 days ago in Grape · Authority: 1

Top Tags

What this blog is about

1. buffer overflow
2. com
3. dos
4. internet explorer
5. juniper
6. microsoft
7. music jukebox
8. php
9. scada
10. yahoo!
11. zone
12. activex
13. arbitrary code execution
14. bgp update
15. cgi_main.c
16. denial of service
17. exp00-a
18. ie
19. junos
20. mit
21. msn games
22. path_translated
23. privilege escalation
24. psn-2007-12-008
25. route flapping
26. slssvc.exe
27. stack-based buffer overflow
28. suitelink
29. unknown impact
30. wonderware