maybe
by
jaqui
·
about 18 years, 1 month ago
In reply to Why do I learn about exploits
but do you spend all day reading security notices for the software you use?
[ the only way with open source to find out about an exploit before it’s patched. ]
You could sign up for free newsletter from sans.org the @Risk is a listing and description of exploits.
it’s to long to forward it through peer contact. 🙁
but here is a listing of the new vulnerabilities just the listing / toc
Part II — Comprehensive List of Newly Discovered Vulnerabilities from
Qualys (www.qualys.com)
— Windows
06.5.1 – Microsoft Internet Explorer Flash ActionScript JScript Handling Denial of Service
— Other Microsoft Products
06.5.2 – Microsoft Internet Explorer ActiveX Control Kill Bit Bypass
06.5.3 – Microsoft Internet Explorer URLMon.DLL Denial of Service
— Third Party Windows Apps
06.5.4 – Nullsoft Winamp Malformed Playlist File Handling Remote Buffer Overflow
06.5.5 – Adobe Multiple Unspecified Local Privilege Escalation Vulnerabilities
06.5.6 – MailEnable Professional EXAMINE Command Remote Denial of Service
06.5.7 – Nullsoft Winamp Malformed Playlist File WMA Extension Remote Buffer Overflow
— Linux
06.5.8 – Linux Kernel Multiple Security Vulnerabilities
06.5.9 – GIT Remote Buffer Overflow
06.5.10 – Fcron Convert-FCronTab Local Buffer Overflow
— BSD
06.5.11 – FreeBSD TCP SACK Remote Denial of Service
— Solaris
06.5.12 – Sun Solaris Unspecified x86 64 Bit Local Denial of Service
— Tru64
06.5.13 – HP Tru64 DNS BIND Unspecified Remote Unauthorized Access
— Unix
06.5.14 – GNOME Evolution Inline XML File Attachment Buffer Overflow
06.5.15 – MyDNS DNS Query Denial of Service
— Cross Platform
06.5.16 – Communigate Pro Server LDAP Denial of Service
06.5.17 – Firefox XBL -MOZ-BINDING Property Cross-Domain Scripting
06.5.18 – Pioneers Chat Buffer Denial of Service
06.5.19 – Sun Grid Engine Local Privilege Escalation
06.5.20 – Mail-Audit Insecure Temporary File Creation
06.5.21 – AOL Client Software Unspecified Local Privilege Escalation
06.5.22 – Autodesk Multiple Products Remote Unauthorized Access
06.5.23 – Sun Java System Access Manager Local Authentication Bypass
06.5.24 – Computer Associates Multiple Message Queuing Denial of Service
06.5.25 – Multiple Mozilla Products Memory Corruption/Code
Injection/Access Restriction Bypass Vulnerabilities
— Web Application – Cross Site Scripting
06.5.26 – PunctWeb MyCO Name Field Cross-Site Scripting
06.5.27 – ASPThai Forums Login.ASP SQL Injection
06.5.28 – sPaiz-Nuke Modules.PHP Cross-Site Scripting
06.5.29 – MyBB UserCP2.PHP Referer Header HTML Injection
06.5.30 – Nuked-klaN Index.PHP Cross-Site Scripting
06.5.31 – Ashwebstudio Ashnews Cross-Site Scripting
06.5.32 – MiniGal MG2 Image Gallery Name Field Cross-Site Scripting
06.5.33 – EasyCMS Multiple Cross-Site Scripting Vulnerabilities
06.5.34 – BrowserCRM Results.PHP Cross-Site Scripting
06.5.35 – Cerberus Helpdesk Clients.PHP Cross-Site Scripting
06.5.36 – phpBB Rlink Module Rlink.PHP Cross-Site Scripting
06.5.37 – SPIP Index.PHP3 Cross-Site Scripting
06.5.38 – Tachyondecay Vanilla Guestbook Multiple Input Validation Vulnerabilities
06.5.39 – SoftMaker Shop Multiple Cross-Site Scripting Vulnerabilities
06.5.40 – CyberShop Ultimate E-commerce Multiple Cross-Site Scripting Vulnerabilities
06.5.41 – Community Server Multiple Cross-Site Scripting Vulnerabilities
— Web Application – SQL Injection
06.5.42 – MyBB Index.PHP Referrer Cookie SQL Injection
06.5.43 – Invision Power Board Portal Plugin Index.PHP SQL Injection
06.5.44 – ZixForum Multiple SQL Injection Vulnerabilities
06.5.45 – Daffodil CRM Userlogin.ASP SQL Injection
06.5.46 – SZUserMgnt Username Parameter SQL Injection
06.5.47 – Calendarix Multiple SQL Injection Vulnerabilities
06.5.48 – Symantec Sygate Management Server SMS Authentication Servlet SQL Injection
06.5.49 – SPIP Multiple SQL Injection Vulnerabilities
— Web Application
06.5.50 – UebiMiau HTML Email HTML Injection
06.5.51 – CRE Loaded Files.PHP Access Validation
06.5.52 – PmWiki Multiple Input Validation Vulnerabilities
06.5.53 – AshWebStudio AshNews Remote File Include
06.5.54 – Blackboard Learning System Access Validation
06.5.55 – FarsiNews Loginout.PHP Remote File Include
06.5.56 – @Mail Compose.PL Directory Traversal
— Network Device
06.5.57 – CipherTrust IronMail Remote Denial Of Service
— Hardware
06.5.58 – Powersave Unspecified Local Privilege Escalation