GNUCitizen has discovered an RSS reader vulnerability in Sage (a firefox plugin). "I turned off HTML tags and continued on as normal. However, something odd happened. When rendering my whitepaper “Awakening the Sleeping Giant” an insert of JavaScript was executed in my browser. How bazaar I thought. The security enabled feature makes me vulnerable. Sage…

"Security problems found in the ICQ Toolbar v1.3 may allow attackers to control and change configuration settings and to inject scripting code in RSS feed contents and execute it in the contetxt of the feed interface (IE's Local Zone)" I released a paper and gave a presentation at blackhat this year about these sorts of…

"We're still hard at work on Rails 1.2, which features all the new dandy REST stuff and more, but a serious security concern has come to our attention that needed to be addressed sooner than the release of 1.2 would allow. So here's Rails 1.1.5! This is a MANDATORY upgrade for anyone not running on…

PHP 4.3.8 and 5.0.0RC3 were released today to address a few security problems. Users running older versions are urged to upgrade (bla bla bla). PHP Download Page PHP Changelog

Microsoft has released 7 different advisories today. One of the vulnerabilities disclosed was a remote overflow in IIS 4.0.

First off sorry for the lag on site updates. I'll be gone all next week and I've been busy. A chunked encoding overflow has been discovered in fp30reg.dll which can allow a remote attacker to execute commands. More importantly this took 11 months to get fixed. Rele vant information from the advisory. "Public disclosure on…

"Oracle's RDBMS, a leading database server package, supports stored packages and procedures through the use of PL/SQL. These packages and procedures can be accessed through Oracle's Application Server's Portal module. Oracle Application Server is a web server designed for Oracle applications. Many of the PL/SQL packages and procedures are vulnerable to SQL Injection. Using these…

Four security issues have been discovered in Openssl. Below are the relevant snippets from the advisory below. "1. Certain ASN.1 encodings that are rejected as invalid by the parser can trigger a bug in the deallocation of the corresponding data structure, corrupting the stack. This can be used as a denial of service attack. It…

SPI Labs and NSFocus have discovered multiple holes in IIS. Two denial of service conditions exist that can allow an attacker to cause IIS to stop responding. One Cross site scripting issue exists in the 302 redirection pages, and one buffer overflow that allows command execution as the webserver user. The buffer overflow requires the…

Below is a snippet from the apache advisory. Apache 2.0.46 Major changes Security vulnerabilities closed since Apache 2.0.45 *) SECURITY [CAN-2003-0245]: Fixed a bug that could be triggered remotely through mod_dav and possibly other mechanisms, causing an Apache child process to crash. The crash was first reported by David Endler and was researched and fixed…

SPI Labs Has identified four issues in the popular Sun One application server. They range from Source code theft, Log evasion, Cross site scripting, and plaintext administrative password storage. Sun One Multiple Issues