"In the project took part 33 search engines (30 web engines and 3 local engines) of 19 vendors, some vendors have several engines. The list of project’s participants (in order of appearance): Meta, Yahoo, HotBot, Gigablast, MSN, Clusty, Yandex, Yandex.Server (local engine), Search Europe, Rambler, Ask.com, Ezilon, AltaVista, AltaVista local (local engine), MetaCrawler, Mamma, Google,…

"A buffer overflow vulnerability in the image parsing code in the Java Runtime Environment may allow an untrusted applet or application to elevate its privileges. For example, an applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet." Article Link:…

I just found out about this myself and hadn’t seen any news on it so posting it here (better late than never!). A vulnerability has been discovered in IIS5 that Microsoft apparently isn’t going to fix allowing an attacker to gain accesses to resources behind NTLM and Basic Auth. Microsoft is suggesting upgrading to IIS6…

Thor Larholm writes "Firefox 2.0.0.4 fixed a directory traversal vulnerability that allowed you to read local files. However, the patch only works for the Windows version of Firefox and actually re-introduces a previously fixed input validation flaw." More information at http://larholm.com/2007/06/04/unpatched-input-validation-flaw-in-firefox-2004/ Link to this Story: Unpatched input validation flaw in Firefox 2.0.0.4

A vulnerability in google has been released on http://www.0x000000.com/index.php. "A large hole has been found inside Google’s service: "the removal of websites tool" Earlofgrey reported about it today. There was not much info available, so I decided to check it out myself before it is plugged. Apparently it is a simple directory that wasn’t protected,…

Thor Larholm writes "We can expect a Firefox 2.0.0.4 release anyday now, as there is a publicly known 0day local file reading vulnerability in Firefox – see http://larholm.com/2007/05/25/firefox-0day-local-file-reading/

"Two vulnerabilities open to remote exploitation by hackers have been found in Java Development Kit, one of which could be used to take over a compromised system." "One flaw is caused by an integer overflow error in the image parser when processing ICC profiles embedded within JPEG images, according to FrSIRT researchers." Article Link: http://www.eweek.com/article2/0,1895,2132409,00.asp

Here is another status update for the month of PHP Bugs. Here are the latest vulnerabilities. * MOPB-11-2007:PHP WDDX Session Deserialization Information Leak Vulnerability * MOPB-10-2007:PHP php_binary Session Deserialization Information Leak Vulnerability * MOPB-09-2007:PHP wddx_deserialize() String Append Buffer Overflow Vulnerability * MOPB-08-2007:PHP 4 phpinfo() XSS Vulnerability (Deja-vu) * BONUS-07-2007:Zend Platform ini_modifier Local Root Vulnerability *…

The month of PHP Bugs has started. Here are the current vulnerabilities disclosed. * MOPB-01-2007:PHP 4 Userland ZVAL Reference Counter Overflow Vulnerability * MOPB-02-2007:PHP Executor Deep Recursion Stack Overflow * MOPB-03-2007:PHP Variable Destructor Deep Recursion Stack Overflow * MOPB-04-2007:PHP 4 unserialize() ZVAL Reference Counter Overflow * MOPB-05-2007:PHP unserialize() 64 bit Array Creation Denial of Service…

"The PHP development team is proud to announce the immediate release of PHP 5.2.0. This release is a major improvement in the 5.X series, which includes a large number of new features, bug fixes and security enhancements. Further details about this release can be found in the release announcement 5.2.0, the full list of changes…

"Microsoft today issued a record-breaking number of security updates, fixing at least 26 separate security holes in its Windows operating system and other products, including 16 vulnerabilities in Microsoft Office and Office components. By my count, this is the largest number of flaws Microsoft has fixed in one go outside of a Service Pack. Among…