PHP SPLOBJECTSTORAGE POC VULNERABILITY |
| 2010-07-04 | Manuel Humberto Santander Pelaez | Interesting analysis of the PHP SplObjectStorage Vulnerability |
PHP |
| 2024-12-17/a> | Guy Bruneau | Command Injection Exploit For PHPUnit before 4.8.28 and 5.x before 5.6.3 [Guest Diary] |
| 2024-11-06/a> | Jesse La Grew | [Guest Diary] Insights from August Web Traffic Surge |
| 2024-03-29/a> | Xavier Mertens | Quick Forensics Analysis of Apache logs |
| 2023-09-23/a> | Guy Bruneau | Scanning for Laravel - a PHP Framework for Web Artisants |
| 2022-09-07/a> | Johannes Ullrich | PHP Deserialization Exploit attempt |
| 2022-02-02/a> | Johannes Ullrich | Finding elFinder: Who is looking for your files? |
| 2021-11-30/a> | Johannes Ullrich | Hunting for PHPUnit Installed via Composer |
| 2020-06-05/a> | Remco Verhoef | Not so FastCGI! |
| 2019-07-18/a> | Xavier Mertens | Malicious PHP Script Back on Stage? |
| 2019-04-04/a> | Xavier Mertens | New Waves of Scans Detected by an Old Rule |
| 2018-11-16/a> | Xavier Mertens | Basic Obfuscation With Permissive Languages |
| 2018-07-11/a> | Remco Verhoef | Well, Hello Again Peppa! |
| 2018-07-02/a> | Guy Bruneau | Hello Peppa! - PHP Scans |
| 2018-06-13/a> | Xavier Mertens | A Bunch of Compromized Wordpress Sites |
| 2018-05-06/a> | Guy Bruneau | Scans Attempting to use PowerShell to Download PHP Script |
| 2017-09-14/a> | Xavier Mertens | Another webshell, another backdoor! |
| 2017-08-07/a> | Xavier Mertens | Increase of phpMyAdmin scans |
| 2017-02-28/a> | Xavier Mertens | Analysis of a Simple PHP Backdoor |
| 2016-12-26/a> | Russ McRee | Critical security update: PHPMailer 5.2.20 (CVE-2016-10045) |
| 2016-07-13/a> | Xavier Mertens | Drupal: Patch released today to fix a highly critical RCE in contributed modules |
| 2015-07-12/a> | Guy Bruneau | PHP 5.x Security Updates |
| 2014-09-19/a> | Guy Bruneau | PHP Fixes Several Bugs in Version 5.4 and 5.5 |
| 2014-08-22/a> | Richard Porter | PHP 5.4.32 Released http://www.php.net/ChangeLog-5.php#5.4.32 |
| 2014-08-22/a> | Richard Porter | PHP 5.5.16 is available http://www.php.net/ChangeLog-5.php#5.5.16 |
| 2014-08-16/a> | Lenny Zeltser | Web Server Attack Investigation - Installing a Bot and Reverse Shell via a PHP Vulnerability |
| 2014-04-04/a> | Stephen Hall | PHP 5.4.27 released |
| 2014-03-27/a> | Alex Stanford | Mass XSSodus in PHP |
| 2013-10-25/a> | Johannes Ullrich | PHP.net compromise aftermath: Why Code Signing Beats Hashes |
| 2013-10-24/a> | Johannes Ullrich | False Positive: php.net Malware Alert |
| 2013-09-19/a> | Bojan Zdrnja | Arrays in requests, PHP and DedeCMS |
| 2013-08-11/a> | Bojan Zdrnja | XATattacks (attacks on xat.com) |
| 2013-08-04/a> | Johannes Ullrich | BBCode tag "[php]" used to inject php code |
| 2013-06-07/a> | Daniel Wesemann | PHP patches - see http://www.php.net/ChangeLog-5.php - fixes CVE2013-2110 |
| 2013-02-22/a> | Chris Mohan | PHP 5.4.12 and PHP 5.3.22 released http://www.php.net/ChangeLog-5.php |
| 2013-01-17/a> | Russ McRee | PHP 5.4.11 and PHP 5.3.21 released |
| 2012-09-19/a> | Russ McRee | Script kiddie scavenging with Shellbot.S |
| 2012-06-14/a> | Johannes Ullrich | PHP 5.4.4 and 5.3.14 released with fixes for DES crypt issue and phar heap overflow |
| 2012-05-08/a> | Kevin Liston | PHP 5.4.3 and PHP 5.3.13 Released |
| 2012-04-05/a> | Johannes Ullrich | Evil hides everywhere: Web Application Exploits in Headers |
| 2012-03-07/a> | Johannes Ullrich | What happened to RFI attacks? |
| 2012-02-07/a> | Johannes Ullrich | Secure E-Mail Access |
| 2012-02-03/a> | Guy Bruneau | PHP 5.3.10 Released, Fixes CVE-2012-0830 available for download http://www.php.net/archive/2012.php#id2012-02-02-1 |
| 2012-02-03/a> | Johannes Ullrich | Critical PHP bug patched |
| 2012-01-16/a> | Kevin Shortt | php 5.3.9 released -Jan-10-2011 |
| 2012-01-12/a> | Rob VandenBrink | PHP 5.39 was release on the 10th, amongst other things, it addresses CVE-2011-4885 (prevents attacks based on hash collisions) and CVE-2011-4566 (integer overflow when parsing invalid exif header) |
| 2011-08-22/a> | Jim Clausing | DO NOT upgrade to PHP 5.3.7, significant bug in crypt() function, see http://www.php.net/ |
| 2011-08-18/a> | Rob VandenBrink | PHP 5.37 release. Some security updates, plus lots of bug fixes ==> http://www.php.net/archive/2011.php#id2011-08-18-1 |
| 2010-08-31/a> | Bojan Zdrnja | Interesting PHP injection |
| 2010-08-10/a> | Daniel Wesemann | SSH - new brute force tool? |
| 2010-07-04/a> | Manuel Humberto Santander Pelaez | Interesting analysis of the PHP SplObjectStorage Vulnerability |
| 2010-06-14/a> | Manuel Humberto Santander Pelaez | Another way to get protection for application-level attacks |
| 2010-05-23/a> | Manuel Humberto Santander Pelaez | e-mail scam announcing Fidel Castro's funeral ... and nasty malware to your computer. |
| 2010-02-27/a> | Guy Bruneau | PHP 5.2.13 Security Update |
| 2010-01-29/a> | Johannes Ullrich | Analyzing isc.sans.org weblogs, part 2, RFI attacks |
| 2009-12-28/a> | Johannes Ullrich | 8 Basic Rules to Implement Secure File Uploads http://jbu.me/48 (inspired by IIS ; bug) |
| 2009-11-20/a> | Mark Hofman | PHP 5.3.1 is released. With many of the websites on the net relying on PHP and the number of attacks we see, consider upgrading. This release has over 100 bug fixes, some of which are security related. |
| 2009-08-01/a> | Deborah Hale | Website Warnings |
| 2009-06-26/a> | Mark Hofman | PHPMYADMIN scans |
| 2009-06-24/a> | Kyle Haugsness | Exploit tools are publicly available for phpMyAdmin |
| 2009-06-21/a> | Scott Fendley | phpMyAdmin Scans |
| 2009-04-07/a> | Johannes Ullrich | Common Apache Misconception |
| 2009-02-03/a> | Swa Frantzen | On the importance of patching fast |
| 2008-12-10/a> | Stephen Hall | PHP Group has released PHP version 5.2.8 |
| 2008-09-09/a> | Swa Frantzen | wordpress upgrade |
| 2008-08-19/a> | Johannes Ullrich | A morning stroll through my web logs |
| 2008-05-05/a> | John Bambenek | PHP 5.2.6 out w/ security updates |
| 2006-12-24/a> | Swa Frantzen | phpBB 2.0.22 - upgrade time |
| 2006-11-29/a> | Toby Kohlenberg | New Vulnerability Announcement and patches from Apple |
| 2006-09-13/a> | Swa Frantzen | PHP - shared hosters, take note. |
SPLOBJECTSTORAGE |
| 2010-07-04/a> | Manuel Humberto Santander Pelaez | Interesting analysis of the PHP SplObjectStorage Vulnerability |
POC |
| 2022-11-09/a> | Xavier Mertens | Another Script-Based Ransomware |
| 2018-07-21/a> | Didier Stevens | BTC pickpockets are back |
| 2010-07-04/a> | Manuel Humberto Santander Pelaez | Interesting analysis of the PHP SplObjectStorage Vulnerability |
| 2010-06-09/a> | Deborah Hale | Adobe POC in the Wild |
| 2010-05-23/a> | Manuel Humberto Santander Pelaez | Oracle Java SE and Java for Business 'MixerSequencer' Remote Code Execution Vulnerability |
| 2010-01-12/a> | Adrien de Beaupre | PoC for CVE-2009-0689 MacOS X 10.5/10.6 vulnerability |
VULNERABILITY |
| 2024-12-11/a> | Guy Bruneau | Vulnerability Symbiosis: vSphere?s CVE-2024-38812 and CVE-2024-38813 [Guest Diary] |
| 2023-06-28/a> | Jan Kopriva | Kazakhstan - the world's last SSLv2 superpower... and a country with potentially vulnerable last-mile internet infrastructure |
| 2023-06-15/a> | Yee Ching Tok | Supervision and Verification in Vulnerability Management |
| 2023-03-25/a> | Guy Bruneau | Microsoft Released an Update for Windows Snipping Tool Vulnerability |
| 2022-10-07/a> | Xavier Mertens | Critical Fortinet Vulnerability Ahead |
| 2022-07-05/a> | Jan Kopriva | EternalBlue 5 years after WannaCry and NotPetya |
| 2022-05-31/a> | Xavier Mertens | First Exploitation of Follina Seen in the Wild |
| 2022-01-26/a> | Jan Kopriva | Over 20 thousand servers have their iLO interfaces exposed to the internet, many with outdated and vulnerable versions of FW |
| 2021-08-09/a> | Jan Kopriva | ProxyShell - how many Exchange servers are affected and where are they? |
| 2021-04-22/a> | Xavier Mertens | How Safe Are Your Docker Images? |
| 2020-11-16/a> | Jan Kopriva | Heartbleed, BlueKeep and other vulnerabilities that didn't disappear just because we don't talk about them anymore |
| 2020-05-28/a> | Xavier Mertens | Flashback on CVE-2019-19781 |
| 2020-05-08/a> | Xavier Mertens | Using Nmap As a Lightweight Vulnerability Scanner |
| 2020-03-16/a> | Jan Kopriva | Desktop.ini as a post-exploitation tool |
| 2020-03-12/a> | Xavier Mertens | Critical SMBv3 Vulnerability: Remote Code Execution |
| 2019-12-31/a> | Johannes Ullrich | Some Thoughts About the Critical Citrix ADC/Gateway Vulnerability (CVE-2019-19781) |
| 2019-05-16/a> | Xavier Mertens | The Risk of Authenticated Vulnerability Scans |
| 2019-04-04/a> | Xavier Mertens | New Waves of Scans Detected by an Old Rule |
| 2018-08-20/a> | Didier Stevens | OpenSSH user enumeration (CVE-2018-15473) |
| 2018-07-02/a> | Guy Bruneau | VMware ESXi, Workstation, and Fusion address multiple out-of-bounds read vulnerabilities https://www.vmware.com/security/advisories/VMSA-2018-0016.html |
| 2018-05-22/a> | Xavier Mertens | VMware Workstation and Fusion updates address signature bypass and multiple denial-of-service vulnerabilities https://www.vmware.com/security/advisories/VMSA-2018-0013.html |
| 2018-04-30/a> | Remco Verhoef | Another approach to webapplication fingerprinting |
| 2018-01-13/a> | Rick Wanner | Flaw in Intel's Active Management Technology (AMT) |
| 2017-05-25/a> | Xavier Mertens | Critical Vulnerability in Samba from 3.5.0 onwards |
| 2017-05-18/a> | Xavier Mertens | My Little CVE Bot |
| 2017-02-04/a> | Xavier Mertens | Detecting Undisclosed Vulnerabilities with Security Tools & Features |
| 2016-12-26/a> | Russ McRee | Critical security update: PHPMailer 5.2.20 (CVE-2016-10045) |
| 2016-08-14/a> | Guy Bruneau | vRealize Log Insight directory traversal vulnerability - http://www.vmware.com/security/advisories/VMSA-2016-0011.html |
| 2016-07-27/a> | Xavier Mertens | Critical Xen PV guests vulnerabilities |
| 2016-07-13/a> | Xavier Mertens | Drupal: Patch released today to fix a highly critical RCE in contributed modules |
| 2016-06-23/a> | Russell Eubanks | An Approach to Vulnerability Management |
| 2016-05-12/a> | Xavier Mertens | Adobe Released Updates to Fix Critical Vulnerability |
| 2016-02-03/a> | Xavier Mertens | Automating Vulnerability Scans |
| 2015-11-09/a> | John Bambenek | ICYMI: Widespread Unserialize Vulnerability in Java |
| 2015-04-23/a> | Bojan Zdrnja | When automation does not help |
| 2014-11-25/a> | Adrien de Beaupre | Less is, umm, less? |
| 2014-08-16/a> | Lenny Zeltser | Web Server Attack Investigation - Installing a Bot and Reverse Shell via a PHP Vulnerability |
| 2014-02-27/a> | Richard Porter | Cisco Prime Infrastructure Command Execution Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140226-pi |
| 2014-02-07/a> | Rob VandenBrink | New ISO Standards on Vulnerability Handling and Disclosure |
| 2014-01-24/a> | Chris Mohan | Security Update for OS X for CVE-2014-1252 http://support.apple.com/kb/HT6117 |
| 2014-01-17/a> | Russ McRee | Massive RFI scans likely a free web app vuln scanner rather than bots |
| 2013-11-05/a> | Daniel Wesemann | TIFF images in MS-Office documents used in targeted attacks |
| 2013-07-01/a> | Manuel Humberto Santander Pelaez | Using nmap scripts to enhance vulnerability asessment results |
| 2013-05-22/a> | Adrien de Beaupre | Privilege escalation, why should I care? |
| 2013-04-19/a> | Russ McRee | Java 8 release schedule delayed for renewed focus on security |
| 2013-01-19/a> | Guy Bruneau | Java 7 Update 11 Still has a Flaw |
| 2013-01-05/a> | Guy Bruneau | Adobe ColdFusion Security Advisory |
| 2012-12-03/a> | John Bambenek | John McAfee Exposes His Location in Photo About His Being on Run |
| 2012-11-29/a> | Kevin Shortt | New Apple Security Update: APPLE-SA-2012-11-29-1 Apple TV 5.1.1 |
| 2012-11-28/a> | Mark Hofman | McAfee releases extraDAT for W32/Autorun.worm.aaeb-h |
| 2012-11-28/a> | Mark Hofman | New version of wireshark is available (1.8.4), some security fixes included. |
| 2012-11-27/a> | Chris Mohan | Can users' phish emails be a security admin's catch of the day? |
| 2012-11-26/a> | John Bambenek | Online Shopping for the Holidays? Tips, News and a Fair Warning |
| 2012-11-20/a> | John Bambenek | Behind the Random NTP Bizarreness of Incorrect Year Being Set |
| 2012-11-20/a> | John Bambenek | Firefox v 17.0 just released, more here: http://www.mozilla.org/en-US/firefox/17.0/releasenotes/ |
| 2012-11-19/a> | John Bambenek | MoneyGram fined $100 million for aiding wire fraud - http://krebsonsecurity.com/2012/11/moneygram-fined-100-million-for-wire-fraud/ |
| 2012-11-19/a> | John Bambenek | New Poll: Top 5 Unresolved Security Problems of 2012 |
| 2012-11-17/a> | Manuel Humberto Santander Pelaez | New Sysinternal Updates: AdExplorer v1.44, Contig v1.7, Coreinfo v3.2, Procdump v5.1. See http://blogs.technet.com/b/sysinternals/archive/2012/11/16/updates-adexplorer-v1-44-contig-v1-7-coreinfo-v3-2-procdump-v5-1.aspx?Redirected=true |
| 2012-11-12/a> | John Bambenek | Request for info: Robocall Phishing Against Local/Regional Banks |
| 2012-11-09/a> | Mark Baggett | Fresh batch of Microsoft patches next week |
| 2012-11-09/a> | Mark Baggett | Remote Diagnostics with PSR |
| 2012-11-07/a> | Mark Baggett | Help eliminate unquoted path vulnerabilities |
| 2012-11-07/a> | Mark Baggett | Multiple 0-Days Reported! |
| 2012-11-07/a> | Mark Baggett | Cisco TACACS+ Authentication Bypass |
| 2012-11-05/a> | Johannes Ullrich | Reminder: Ongoing SMTP Brute Forcing Attacks |
| 2012-11-05/a> | Johannes Ullrich | Possible Fake-AV Ads from Doubleclick Servers |
| 2012-11-04/a> | Lorna Hutcheson | What's important on your network? |
| 2012-10-31/a> | Johannes Ullrich | Cyber Security Awareness Month - Day 31 - Business Continuity and Disaster Recovery |
| 2012-10-30/a> | Johannes Ullrich | Hurricane Sandy Update |
| 2012-10-30/a> | Richard Porter | Splunk 5.0 SP-CAAAHB4 http://www.splunk.com/view/SP-CAAAHB4 |
| 2012-10-28/a> | Tony Carothers | Firefox 16.02 Released |
| 2012-10-26/a> | Russ McRee | Cyber Security Awareness Month - Day 26 - Attackers use trusted domain to propagate Citadel Zeus variant |
| 2012-10-25/a> | Richard Porter | Cyber Security Awareness Month - Day 25 - Pro Audio & Video Packets on the Wire |
| 2012-10-24/a> | Russ McRee | Ongoing Windstream outage in the midwest - https://twitter.com/search?q=windstream |
| 2012-10-21/a> | Johannes Ullrich | Cyber Security Awareness Month - Day 22: Connectors |
| 2012-10-21/a> | Lorna Hutcheson | Potential Phish for Regular Webmail Accounts |
| 2012-10-19/a> | Johannes Ullrich | Cyber Security Awareness Month - Day 19: Standard log formats and CEE. |
| 2012-10-18/a> | Rob VandenBrink | Cyber Security Awareness Month - Day 18 - Vendor Standards: The vSphere Hardening Guide |
| 2012-10-17/a> | Mark Hofman | New Acrobat release (including reader) available. Version 11. Some security improvements more here -->http://blogs.adobe.com/adobereader/ |
| 2012-10-16/a> | Richard Porter | CyberAwareness Month - Day 15, Standards Body Soup (pt2), Same Soup Different Cook. |
| 2012-10-16/a> | Johannes Ullrich | Cyber Security Awareness Month - Day 16: W3C and HTML |
| 2012-10-14/a> | Pedro Bueno | Cyber Security Awareness Month - Day 14 - Poor Man's File Analysis System - Part 1 |
| 2012-10-09/a> | Johannes Ullrich | Microsoft October 2012 Black Tuesday Update - Overview |
| 2012-10-07/a> | Tony Carothers | Cyber Security Awareness Month - Day 7 - Rollup Review of CSAM Week 1 |
| 2012-10-05/a> | Johannes Ullrich | Cyber Security Awareness Month - Day 5: Standards Body Soup, So many Flavors in the bowl. |
| 2012-10-05/a> | Richard Porter | VMWare Security Advisory: VMSA-2012-0014 - http://www.vmware.com/security/advisories/VMSA-2012-0014.html |
| 2012-10-05/a> | Richard Porter | Reports of a Distributed Injection Scan |
| 2012-10-04/a> | Mark Hofman | And the SHA-3 title goes to .....Keccak |
| 2012-10-02/a> | Russ McRee | Cyber Security Awareness Month - Day 2 - PCI Security Standard: Mobile Payment Acceptance Security Guidelines |
| 2012-10-01/a> | Johannes Ullrich | Cyber Security Awareness Month |
| 2012-09-28/a> | Joel Esler | Adobe certification revocation for October 4th |
| 2012-09-26/a> | Johannes Ullrich | More Java Woes |
| 2012-09-26/a> | Johannes Ullrich | Some Android phones can be reset to factory default by clicking on links |
| 2012-09-21/a> | Johannes Ullrich | iOS 6 Security Roundup |
| 2012-09-20/a> | Russ McRee | Flash Player update but no announcement, check your version http://www.adobe.com/software/flash/about/ |
| 2012-09-20/a> | Russ McRee | Apple and Cisco Security Advisories 19 SEP 2012 |
| 2012-09-20/a> | Russ McRee | Financial sector advisory: attacks and threats against financial institutions |
| 2012-09-19/a> | Russ McRee | Script kiddie scavenging with Shellbot.S |
| 2012-09-17/a> | Rob VandenBrink | What's on your iPad? |
| 2012-09-14/a> | Lenny Zeltser | Scam Report - Fake Voice Mail Email Notification Redirects to Malicious Site |
| 2012-09-13/a> | Mark Baggett | Microsoft disrupts traffic associated with the Nitol botnet |
| 2012-09-13/a> | Mark Baggett | More SSL trouble |
| 2012-09-10/a> | Johannes Ullrich | Microsoft Patch Tuesday Pre-Release |
| 2012-09-10/a> | Johannes Ullrich | Godaddy DDoS Attack |
| 2012-09-06/a> | Johannes Ullrich | SSL Requests sent to port 80 (request for help/input) |
| 2012-09-04/a> | Johannes Ullrich | Another round of "Spot the Exploit E-Mail" |
| 2012-09-02/a> | Lorna Hutcheson | Demonstrating the value of your Intrusion Detection Program and Analysts |
| 2012-09-01/a> | Russ McRee | Blackhole targeting Java vulnerability via fake Microsoft Services Agreement email phish |
| 2012-08-31/a> | Russ McRee | Not so fast: Java 7 Update 7 critical vulnerability discovered in less than 24 hours |
| 2012-08-30/a> | Johannes Ullrich | Editorial: The Slumlord Approach to Network Security http://isc.sans.edu/j/editorial |
| 2012-08-29/a> | Johannes Ullrich | "Data" URLs used for in-URL phishing |
| 2012-08-27/a> | Johannes Ullrich | The Good, Bad and Ugly about Assigning IPv6 Addresses |
| 2012-08-27/a> | Johannes Ullrich | Malware Spam harvesting Facebook Information |
| 2012-08-26/a> | Lorna Hutcheson | Who ya gonna contact? |
| 2012-08-22/a> | Adrien de Beaupre | Apple Remote Desktop update fixes no encryption issue |
| 2012-08-21/a> | Adrien de Beaupre | YYABCAFU - Yes Yet Another Bleeping Critical Adobe Flash Update |
| 2012-08-21/a> | Adrien de Beaupre | RuggedCom fails key management 101 on Rugged Operating System (ROS) |
| 2012-08-20/a> | Manuel Humberto Santander Pelaez | Do we need test procedures in our companies before implementing Antivirus signatures? |
| 2012-08-19/a> | Manuel Humberto Santander Pelaez | Authentication Issues between entities during protocol message exchange in SCADA Systems |
| 2012-08-12/a> | Tony Carothers | Layers of the Defense-in-Depth Onion |
| 2012-08-12/a> | Tony Carothers | Oracle Security Alert for CVE-2012-3132 |
| 2012-08-09/a> | Mark Hofman | Zeus/Citadel variant causing issues in the Netherlands |
| 2012-08-09/a> | Mark Hofman | SQL Injection Lilupophilupop style, Part 2 |
| 2012-08-07/a> | Adrien de Beaupre | Who protects small business? |
| 2012-08-05/a> | Daniel Wesemann | Phishing for Payroll with unpatched Java |
| 2012-08-04/a> | Kevin Liston | Vendors: More Patch-Release Options Please |
| 2012-07-27/a> | Daniel Wesemann | Cuckoo 0.4 is out - cool new features for malware analysis http://www.cuckoosandbox.org/ |
| 2012-07-24/a> | Richard Porter | Wireshark 1.8.1 Released http://www.wireshark.org/ |
| 2012-07-24/a> | Richard Porter | Report of spike in DNS Queries gd21.net |
| 2012-07-20/a> | Mark Baggett | Syria Internet connection cut? |
| 2012-07-19/a> | Mark Baggett | Diagnosing Malware with Resource Monitor |
| 2012-07-19/a> | Mark Baggett | A Heap of Overflows? |
| 2012-07-16/a> | Richard Porter | Sysinternals Update @ http://blogs.technet.com/b/sysinternals/archive/2012/07/16/updates-handle-v3-5-process-explorer-v15-22-process-monitor-v3-03-rammap-v1-21-zoomit-v4-3.aspx |
| 2012-07-13/a> | Richard Porter | Yesterday (not as on the ball as Rob) at SANSFire |
| 2012-07-13/a> | Russ McRee | 2 for 1: SANSFIRE & MSRA presentations |
| 2012-07-13/a> | Russ McRee | VMWare Security Advisory 12 JUL 2012 |
| 2012-07-13/a> | Russ McRee | Yahoo service SQL injection vuln leads to account exposure |
| 2012-07-12/a> | Rick Wanner | Cisco Security Advisory: Multiple Vulnerabilities in Cisco TelePresence Recording Server - http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120711-ctrs |
| 2012-07-12/a> | Rick Wanner | Cisco Security Advisory: Multiple Vulnerabilities in Cisco TelePresence Immersive Endpoint Devices - http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120711-cts |
| 2012-07-12/a> | Rick Wanner | Cisco Security Advisory: Multiple Vulnerabilities in Cisco TelePresence Manager - http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120711-ctsman |
| 2012-07-12/a> | Rick Wanner | Cisco Security Advisory: Multiple Vulnerabilities in Cisco TelePresence Multipoint Switch - http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120711-ctms |
| 2012-07-09/a> | Johannes Ullrich | The FBI will turn off the Internet on Monday (or not) |
| 2012-07-09/a> | Manuel Humberto Santander Pelaez | Internet Storm Center panel tonight at SANSFIRE 2012! |
| 2012-07-05/a> | Adrien de Beaupre | Microsoft advanced notification for July 2012 patch Tuesday |
| 2012-07-02/a> | Joel Esler | A rough guide to keeping your website up |
| 2012-07-02/a> | Joel Esler | Linux & Java leap second bug |
| 2012-06-29/a> | Jim Clausing | Updated SysInternals tools - Autoruns, Process Explorer, Process Monitor, PSKill -- http://blogs.technet.com/b/sysinternals/archive/2012/06/28/updates-autoruns-v11-32-process-explorer-v15-21-process-monitor-v3-02-pskill-v1-15-rammap-v1-2.aspx |
| 2012-06-22/a> | Kevin Liston | Updated Poll: Which Patch Delivery Schedule Works the Best for You? |
| 2012-06-21/a> | Russ McRee | Analysis of drive-by attack sample set |
| 2012-06-21/a> | Russ McRee | Wireshark 1.8.0 released 21 JUN 2012 http://www.wireshark.org/download.html |
| 2012-06-19/a> | Daniel Wesemann | Vulnerabilityqueerprocessbrittleness |
| 2012-05-05/a> | Tony Carothers | Vulnerability Assessment Program - Discussions |
| 2011-12-28/a> | Daniel Wesemann | Hash collisions vulnerability in web servers |
| 2011-12-08/a> | Adrien de Beaupre | Newest Adobe Flash 11.1.102.55 and Previous 0 Day Exploit |
| 2011-05-09/a> | Rick Wanner | Serious flaw in OpenID |
| 2010-12-24/a> | Daniel Wesemann | A question of class |
| 2010-12-10/a> | Mark Hofman | EXIM MTA vulnerability |
| 2010-09-14/a> | Adrien de Beaupre | Adobe Flash v10.1.82.76 and earlier vulnerability in-the-wild |
| 2010-09-08/a> | John Bambenek | Adobe Acrobat/Reader 0-day in Wild, Adobe Issues Advisory |
| 2010-08-30/a> | Adrien de Beaupre | Apple QuickTime potential vulnerability/backdoor |
| 2010-08-05/a> | Manuel Humberto Santander Pelaez | Adobe Acrobat Font Parsing Integer Overflow Vulnerability |
| 2010-07-20/a> | Manuel Humberto Santander Pelaez | LNK vulnerability now with Metasploit module implementing the WebDAV method |
| 2010-07-20/a> | Manuel Humberto Santander Pelaez | iTunes buffer overflow vulnerability |
| 2010-07-20/a> | Manuel Humberto Santander Pelaez | Lowering infocon back to green |
| 2010-07-04/a> | Manuel Humberto Santander Pelaez | Interesting analysis of the PHP SplObjectStorage Vulnerability |
| 2010-06-24/a> | Jason Lam | Help your competitor - Advise them of vulnerability |
| 2010-06-15/a> | Manuel Humberto Santander Pelaez | Apple releases advisory for Mac OS X - Multiple vulnerabilities discovered |
| 2010-05-23/a> | Manuel Humberto Santander Pelaez | Oracle Java SE and Java for Business 'MixerSequencer' Remote Code Execution Vulnerability |
| 2010-01-21/a> | Johannes Ullrich | New Microsoft Advisory: Vulnerability in Windows Kernel Privilege Escalation (CVE-2010-0232) |
| 2010-01-17/a> | Rick Wanner | Buffer overflow in Quicktime |
| 2009-12-24/a> | Guy Bruneau | Microsoft IIS File Parsing Extension Vulnerability |
| 2009-11-24/a> | Rick Wanner | Microsoft Security Advisory 977981 - IE 6 and IE 7 |
| 2009-11-16/a> | G. N. White | Reports of a successful exploit of the SSL Renegotiation Vulnerability? |
| 2009-11-13/a> | Adrien de Beaupre | TLS & SSLv3 renegotiation vulnerability explained |
| 2009-11-13/a> | Adrien de Beaupre | Flash Origin Policy Attack |
| 2009-11-05/a> | Swa Frantzen | TLS Man-in-the-middle on renegotiation vulnerability made public |
| 2009-10-08/a> | Johannes Ullrich | New Adobe Vulnerability Exploited in Targeted Attacks |
| 2009-09-08/a> | Adrien de Beaupre | Microsoft Security Advisory 975191 Revised |
| 2009-09-04/a> | Adrien de Beaupre | Vulnerabilities (plural) in MS IIS FTP Service 5.0, 5.1. 6.0, 7.0 |
| 2009-07-13/a> | Adrien de Beaupre | Vulnerability in Microsoft Office Web Components Control Could Allow Remote Code Execution |
| 2009-07-13/a> | Adrien de Beaupre | Security Update available for Wyse Device Manager |
| 2009-05-29/a> | Lorna Hutcheson | VMWare Patches Released |
| 2009-05-10/a> | Mari Nichols | Is your Symantec Antivirus Alerting working correctly? |
| 2009-05-04/a> | Tom Liston | Adobe Reader/Acrobat Critical Vulnerability |
| 2009-02-11/a> | Robert Danford | ProFTPd SQL Authentication Vulnerability exploit activity |
| 2008-12-23/a> | Patrick Nolan | MS ACK's Vulnerability in SQL Server which Could Allow Remote Code Execution |
| 2008-12-10/a> | Mark Hofman | Microsoft wordpad text converter issue |
| 2008-09-29/a> | Daniel Wesemann | Patchbag: WinZip / MPlayer / RealWin SCADA vuln |
| 2008-08-02/a> | Maarten Van Horenbeeck | A little of that human touch |
| 2008-07-17/a> | Mari Nichols | Firefox Releases 3.0.1 and fixes 3 security vulnerabilities |
| 2008-07-16/a> | Maarten Van Horenbeeck | Firefox 2.0.0.16 fixes two security vulnerabilities |
| 2008-07-15/a> | Maarten Van Horenbeeck | Oracle (and BEA, Hyperion and TimesTen) critical patch update July 15th, 2008 |
| 2008-07-15/a> | Maarten Van Horenbeeck | BlackBerry PDF parsing vulnerability |
| 2008-06-19/a> | William Stearns | Firefox vunerability |
| 2008-05-27/a> | Adrien de Beaupre | Adobe flash player vuln |
| 2008-05-06/a> | Marcus Sachs | Industrial Control Systems Vulnerability |
| 2007-01-03/a> | Toby Kohlenberg | VLC Media Player udp URL handler Format String Vulnerability |
| 2006-10-05/a> | John Bambenek | There are no more Passive Exploits |
