Month: December 2006

  • [product] (script.php) Remote File Include [exploit|vulnerability]

    [This was originally published on the OSVDB blog.] Somewhere out there is a point-and-click web application that allows neophyte “security researchers” (yes, that is a joke) to quickly whip up their very own Bugtraq or Full-Disclosure post. I’m sure others have noticed this as well? More and more of the disclosures have too much in…

  • January Set As ‘Month Of Apple Bugs’

    [This was originally published on the OSVDB blog.] January Set As ‘Month Of Apple Bugs’http://www.informationweek.com/news/showArticle.jhtml;?articleID=196701178 The “Month of Apple Bugs” project, which will be similar to November’s “Month of Kernel Bugs” campaign, will be hosted by the kernel bug poster who goes by the initials “LMH,” and his partner, Kevin Finisterre, a researcher who has…

  • These two weeks of Word flaws – can we survive?

    [This was originally published on the OSVDB blog.] Courtesy of Juha-Matti Laurio at the Securiteam Blogs: http://blogs.securiteam.com/?p=764 Since 5th December we have seen three separate, serious vulnerabilities in Microsoft Word: [Disclosed – original reference – CVE nameAffected products and product versions] Tue 5th Dec – MS Security Advisory #929433 – CVE-2006-5994 and FAQWord 2003/2002/2000, Word…

  • McAfee: Microsoft patches 133 Critical/Important Vulns in 2006

    [This was originally published on the OSVDB blog.] http://www.avertlabs.com/research/blog/?p=153 McAfee is reporting that Microsoft patched 133 Critical / Important vulnerabilities in 2006. They also compare this number against previous years to presumably demonstrate that security isn’t getting better at Microsoft.