Critical Vulnerability in Apple’s iTunes for Windows

August 10th, 2006 I have never seen them so concerned about computer vulnerability from Microsoft Windows software. Everyone knows Windows OS is vulnerable by default.

November 14th, 2005 A vulnerability has been reported in Macromedia Flash Player 7, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to missing validation of the frame type identifier that is read from a SWF file.

July 18th, 2006 Naveed has discovered a vulnerability in Microsoft PowerPoint, which potentially can be exploited to compromise any user's system. The vulnerability has been confirmed on Windows XP SP2 with a fully patched PowerPoint 2003.

July 18th, 2006 Bipin Gautam has reported a vulnerability in Outpost Firewall Pro, which can be exploited by local users to cause a DoS (Denial of Service). The vulnerability is caused due to an unspecified error in the Virtual Firewall driver (filtnt.sys) and can be exploited to crash the system by e.g.

December 5th, 2008 When its about iTunes I prefer stats talking over me. With over 9 million songs in the database and more than that in user database, iTunes is unarguably the most popular and comprehensive music store in this universe.

November 23rd, 2004 I was just looking at the IE vulnerabilities vis-a-vis Firefox compiled by Secunia. Before going further you have to understand that IE has been much longer than Firefox and hence have been more extensively looked at for vulnerabilities.

June 21st, 2006 While Microsoft developers are scrambling to patch a security hole in Excel, a hacker has now posted code that exploits a second vulnerability in the popular spreadsheet software. Microsoft says that criminals are not yet using this code in attacks, but the software could be used to run unauthorised programs on a PC, according to Marc Maiffret, chief hacking officer at security software vendor eEye Digital Security.

December 16th, 2005 A cross-site scripting (XSS) vulnerability has been discovered in the Apache httpd server's mod_imap module which allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps. Input passed to the image map "Referer" directive in "mod_imap" isn't properly sanitised before being returned to the user.

June 29th, 2006 KeyCoder has discovered a vulnerability in the MyAds module for Xoops, which can be exploited by malicious people to conduct SQL injection attacks. Input passed to the "lid" parameter in annonces-p-f.php isn't properly sanitised before being used in a SQL query.

November 18th, 2004 Please see my post on XP at Critical Commentary : Weblog This is another weblog by yours truly. It will focus on critical commentaries on products & technologies.

June 19th, 2006 rgod has discovered a vulnerability in Mambo & Joomla, which can be exploited to conduct SQL injection attacks. Input passed to the "Name" field when submitting a web link isn't properly sanitised before being used in a SQL query.

November 9th, 2005 There are few reports of an attack by a new Linux worm called Lupper which exploits a well known PHP XMLRPC implementation vulnerability. PHP XMLRPC implementation is used in a large number of popular web applications such as PostNuke, Drupal, b2evolution, Xoops, PHPGroupWare, TikiWiki etc.

June 29th, 2006 Kw3[R]Ln has discovered a vulnerability in the MOD_CBSMS module for Mambo, which can be exploited to compromise a machine serving Mambo CMS. Input passed to the "mosConfig_absolute_path" parameter in mod_cbsms_messages.php isn't properly verified, before it is used to include files.

April 13th, 2006 This is primarily a security fix release patching 5 critical defects and one high priority defect. Couple of them are regression defects (introduced in 1.5).

July 6th, 2009 SAN JOSE, Calif. — Microsoft Corp.