Diaries by Keyword: CVE

DateAuthorTitle
2014-04-08Guy BruneauOpenSSL CVE-2014-0160 Fixed
2014-03-24Johannes UllrichNew Microsoft Advisory: Unpatched Word Flaw used in Targeted Attacks
2014-03-02Stephen HallSymantec goes yellow
2013-10-01John Bambenek*Metaspoit Releases Module to Exploit Unpatched IE Vuln CVE-2013-3893
2013-09-20Russ McReeThreat Level Yellow: Protection recommendations regarding Internet Explorer exploits in the wild
2013-08-16Kevin ListonCVE-2013-2251 Apache Struts 2.X OGNL Vulnerability
2013-06-01Guy BruneauExploit Sample for Win32/CVE-2012-0158
2013-05-20Guy BruneauSafe - Tools, Tactics and Techniques
2013-05-09Johannes UllrichMicrosoft released a Fix-it for the Internet Explorer 8 Vulnerability http://support.microsoft.com/kb/2847140
2013-02-11John BambenekOpenSSL 1.0.1e Released with Corrected fix for CVE-2013-1069, more here: http://www.openssl.org/
2013-01-19Guy BruneauJava 7 Update 11 Still has a Flaw
2013-01-04Guy Bruneau"FixIt" Patch for CVE-2012-4792 Bypassed
2012-09-23Tony CarothersUpdate for CVE-2012-3132
2012-06-20Raul SilesCVE-2012-0217 (from MS12-042) applies to other environments too
2012-06-18Guy BruneauCVE-2012-1875 exploit is now available
2012-05-25Guy BruneauTechnical Analysis of Flash Player CVE-2012-0779
2012-04-19Kevin ShorttOpenSSL Security Advisory - CVE-2012-2110
2012-02-09Richard PorterDNS Ghost Domains, How I loath you so!
2012-01-12Rob VandenBrinkPHP 5.39 was release on the 10th, amongst other things, it addresses CVE-2011-4885 (prevents attacks based on hash collisions) and CVE-2011-4566 (integer overflow when parsing invalid exif header)
2011-10-06Rob VandenBrinkApache HTTP Server mod_proxy reverse proxy issue
2011-05-27Kevin ListonManaging CVE-0
2011-04-28Chris MohanGathering and use of location information fears - or is it all a bit too late
2011-02-23Manuel Humberto Santander PelaezBind DOS vulnerability (CVE-2011-0414)
2010-11-16Guy Bruneau OpenSSL TLS Extension Parsing Race Condition
2010-10-30Guy BruneauSecurity Update for Shockwave Player
2010-10-28Manuel Humberto Santander PelaezCVE-2010-3654 - New dangerous 0-day authplay library adobe products vulnerability
2010-09-17Robert DanfordCirca 2007 Linux Kernel Vulnerability Resurfaces (Was CVE-2007-4573, Now CVE-2010-3301)
2010-09-13Manuel Humberto Santander PelaezAdobe SING table parsing exploit (CVE-2010-2883) in the wild
2010-09-12Manuel Humberto Santander PelaezAdobe Acrobat pushstring Memory Corruption paper
2010-09-08John BambenekAdobe Acrobat/Reader 0-day in Wild, Adobe Issues Advisory
2010-08-25Pedro BuenoAdobe released security update for Shockwave player that fix several CVEs: APSB1020
2010-07-20Manuel Humberto Santander PelaeziTunes buffer overflow vulnerability
2010-06-15Manuel Humberto Santander PelaezMicrosoft Windows Help and Support Center vulnerability (CVE 2010-1885) exploit in the wild
2010-01-19Jim ClausingThe IE saga continues, out-of-cycle patch coming soon
2010-01-15Kevin ListonExploit code available for CVE-2010-0249
2010-01-12Adrien de BeauprePoC for CVE-2009-0689 MacOS X 10.5/10.6 vulnerability
2010-01-04Bojan ZdrnjaSophisticated, targeted malicious PDF documents exploiting CVE-2009-4324
2009-05-28Stephen HallMicrosoft DirectShow vulnerability