• Bogus RFI Reports Getting Out of Hand

    [This was originally published on the OSVDB blog.] I know we’re all getting tired of the Remote File Inclusion (RFI) vulnerabilities being disclosed that end up being debunked, but this one takes the cake so far (yes I’m behind on e-mail). Fri Jun 16 2006http://archives.neohapsis.com/archives/bugtraq/2006-06/0321.html(1) path/action.php, and to files in path/nucleus including (2) media.php, (3)…

  • [product] (script.php) Remote File Include [exploit|vulnerability]

    [This was originally published on the OSVDB blog.] Somewhere out there is a point-and-click web application that allows neophyte “security researchers” (yes, that is a joke) to quickly whip up their very own Bugtraq or Full-Disclosure post. I’m sure others have noticed this as well? More and more of the disclosures have too much in…

  • January Set As ‘Month Of Apple Bugs’

    [This was originally published on the OSVDB blog.] January Set As ‘Month Of Apple Bugs’http://www.informationweek.com/news/showArticle.jhtml;?articleID=196701178 The “Month of Apple Bugs” project, which will be similar to November’s “Month of Kernel Bugs” campaign, will be hosted by the kernel bug poster who goes by the initials “LMH,” and his partner, Kevin Finisterre, a researcher who has…

  • These two weeks of Word flaws – can we survive?

    [This was originally published on the OSVDB blog.] Courtesy of Juha-Matti Laurio at the Securiteam Blogs: http://blogs.securiteam.com/?p=764 Since 5th December we have seen three separate, serious vulnerabilities in Microsoft Word: [Disclosed – original reference – CVE nameAffected products and product versions] Tue 5th Dec – MS Security Advisory #929433 – CVE-2006-5994 and FAQWord 2003/2002/2000, Word…

  • McAfee: Microsoft patches 133 Critical/Important Vulns in 2006

    [This was originally published on the OSVDB blog.] http://www.avertlabs.com/research/blog/?p=153 McAfee is reporting that Microsoft patched 133 Critical / Important vulnerabilities in 2006. They also compare this number against previous years to presumably demonstrate that security isn’t getting better at Microsoft.

  • Weak of Oracle Bugs

    [This was originally published on the OSVDB blog.] No, not a typo. A couple weeks back, Argeniss “was proud to announce that we are starting on December the “Week of Oracle Database Bugs” (WoODB).” A couple days ago they abruptly called off the WoODB with the following message: We are sad to announce that due…

  • SANS Top 20 Report – Deja Vu

    [This was originally published on the OSVDB blog.] I previously blogged about the SANS Top 20 List in a pretty negative fashion. The list started off as the “Top 10 Vulnerabilities” and quickly expanded into the Top 20 Vulnerabilities. Even last year (2005), they were still calling it a “Top 20 Vulnerabilities” list when it…

  • Month of Kernel Bugs (MoKB)

    [This was originally published on the OSVDB blog.] First it was the Month of Browser Bugs (MoBB), now it is the Month of Kernel Bugs (MoKB). When I first read about it, I immediately thought of thirty odd entries about Linux Kernel Local DoS conditions. My pessimism is born out of the numerous local DoS…

  • CVE Commentary

    [This was originally published on the OSVDB blog.] http://cve.mitre.org/cve/edcommentary.html#community_issues CVE editor Steven Christey has begun to post commentary related to CVE and VDBs. [2013-07-07 Update: This effort didn’t last long. The last update was 2006-02-16, 4 days after this blog post. =(]

  • Insert a classy pun.

    [This was originally published on the OSVDB blog.] This entry should have been published days ago. On top of being overly busy and spread thin, I ran into a big problem related to finding a reference I wanted to include, which will lead to this being a little more ranty than intended. How is it…