News & Resources

This area contains information on recent events, security advisories, technical publications, and released tools.

---

2013-06-19
IBM WebSphere Commerce: Encrypted URL Parameter Vulnerable to POA

2012-10-23
Timothy D. Morgan presents No Crack Required: Cryptanalysis in Real-World Applications at OWASP AppSecUSA 2012.

2012-07-29
Michael Coppola presents Owning the Network: Adventures in Router Rootkits at DEF CON 20 [slides].

2012-04-20
HTC IQRD Android Permission Leakage

2012-03-24
libraptor - XXE in RDF/XML File Interpretation

2012-01-22
Dan Rosenberg presents A Heap of Trouble: Breaking the Linux Kernel SLOB Allocator.

2011-08-05
Dan Rosenberg presents Owned Over Amateur Radio: Remote Kernel Exploitation in 2011 at DEF CON 19.

2011-06-03
VMware Tools Multiple Vulnerabilities

2011-03-22
Apple HFS+ Information Disclosure Vulnerability

2011-01-26
OpenOffice.org Multiple Memory Corruption Vulnerabilities

2010-12-21
Citrix Access Gateway Command Injection Vulnerability

2010-10-19
Linux RDS Protocol Local Privilege Escalation

2010-08-16
Coda Filesystem Kernel Memory Disclosure

2010-07-13
WebLogic Plugin HTTP Injection via Encoded URLs

2010-07-02
Cisco CSS & ACE Certificate Spoofing and Header Manipulation

2010-04-09
TANDBERG VCS Arbitrary File Retrieval

2010-04-09
TANDBERG VCS Static SSH Host Keys

2010-04-09
TANDBERG VCS Authentication Bypass

2010-02-15
Chrome Password Manager Cross Origin Weakness

2008-12-03
Sun JRE : Java Web Start File Inclusion via System Properties Override

2007-04-27
AFFLIB™ Multiple Buffer Overflows

2007-04-27
AFFLIB™ Multiple Shell Metacharacter Injections

2007-04-27
AFFLIB™ Multiple Format String Injection

2006-05-23
PDF Tools AG PDF Form Filling and Flattening Tool: Buffer Overflow

2006-05-08
WebSense Enterprise / Cisco Filtering Devices: Websense content filter bypass (Websense bypass proxy tool)

2006-02-03
IBM TAM: Remote Directory Traversal and File Retrieval via web server plug-in.