IBM Shows Off Way to Hide Confidential Data Online

From Network World Michael Cooney Researchers at IBM have developed software that uses optical character recognition and screen scraping to identify and cover up confidential data. According to IBM the driving idea behind the MAGEN Masking Gateway for Enterprises system is to prevent data leakage...

The Berkeley breach: Is SaaS the answer?

One recent Friday afternoon I took time off to visit two new health providers: a new dentist nearer my home and an orthopedic to look at my lateral epicondylitis. In both cases, as a new patient, I filled in page after page of medical history and personal information, including my Social Security...

CVE-2009-1334

Cross-site scripting XSS vulnerability in login/FilepathLogin.html in IBM Tivoli Continuous Data Protection CDP for Files 3.1.4.0 allows remote attackers to inject arbitrary web script or HTML via the reason parameter...

CVE-2009-1334

IBM Tivoli CDP for Files 3.1.4.0 has a cross-site scripting (XSS) vulnerability in the login/FilepathLogin.html page, exploitable via the reason parameter. This could allow remote attackers to inject arbitrary web script or HTML. The PT-2009-3866 entry confirms the affected version and suggests a...

IBM Tivoli Continuous Data Protection for Files 3.1.4.0 - Cross-Site Scripting

IBM Tivoli Continuous Data Protection for Files 3.1.4.0 - Cross-Site Scripting source: https://www.securityfocus.com/bid/34513/info IBM Tivoli Continuous Data Protection for Files is prone to a cross-site scripting vulnerability. An attacker may leverage this issue to execute arbitrary script cod...

IBM Tivoli Continuous Data Protection for Files 3.1.4.0 - Cross-Site Scripting

source: https://www.securityfocus.com/bid/34513/info IBM Tivoli Continuous Data Protection for Files is prone to a cross-site scripting vulnerability. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site an...

Data security: Whose job is it really?

By Andrew Jaquith Despite years of investments in technology and processes, protecting enterprise-wide data remains a maddeningly elusive goal for chief information security officers CISOs. Software-as-a-service SaaS, Web 2.0 technologies, and consumerized hardware increase the number of escape...

RedHat Update for seamonkey RHSA-2008:0104-01

Check for the Version of seamonkey OpenVAS Vulnerability Test RedHat Update for seamonkey RHSA-2008:0104-01 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under t...

Update Protections against Recent Malware Threats (1-Mar-09)

Malware is a software designed to infiltrate or damage a computer system without the owner's informed consent. It is a general name for a variety of forms of hostile, intrusive, or annoying programs like Viruses, worms, Adware, Trojans, and spyware that exploit unprotected clients, using network...

Fedora Update for pam_mount FEDORA-2008-7973

Check for the Version of pammount OpenVAS Vulnerability Test Fedora Update for pammount FEDORA-2008-7973 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

Update Protections against Recent Malware Threats (2-Feb-09)

Malware is a software designed to infiltrate or damage a computer system without the owner's informed consent. It is a general name for a variety of forms of hostile, intrusive, or annoying programs like Viruses, worms, Adware, Trojans, and spyware that exploit unprotected clients, using network...

Oracle Secure Backup 10g Remote Code Execution

Oracle Secure Backup 10g Remote Code Execution ============================================== Product Description =================== Oracle Secure Backup is a centralized tape backup management software providing secure data protection for heterogeneous file systems and the Oracle Database...

Microsoft Security Bulletin MS09-001 - Critical Vulnerabilities in SMB Could Allow Remote Code Execution (958687)

Microsoft Security Bulletin MS09-001 - Critical Vulnerabilities in SMB Could Allow Remote Code Execution 958687 Published: January 13, 2009 Version: 1.0 General Information Executive Summary This security update resolves several privately reported vulnerabilities in Microsoft Server Message Block...

CVE-2008-4801

Heap-based buffer overflow in the Data Protection for SQL CAD service aka dsmcat.exe in the Client Acceptor Daemon CAD and the scheduler in the Backup-Archive client 5.1.0.0 through 5.1.8.1, 5.2.0.0 through 5.2.5.2, 5.3.0.0 through 5.3.6.1, 5.4.0.0 through 5.4.2.2, and 5.5.0.0 through 5.5.0.91 in...

Heap overflow

Heap-based buffer overflow in the Data Protection for SQL CAD service aka dsmcat.exe in the Client Acceptor Daemon CAD and the scheduler in the Backup-Archive client 5.1.0.0 through 5.1.8.1, 5.2.0.0 through 5.2.5.2, 5.3.0.0 through 5.3.6.1, 5.4.0.0 through 5.4.2.2, and 5.5.0.0 through 5.5.0.91 in...

CVE-2008-4801

Heap-based buffer overflow in the Data Protection for SQL CAD service aka dsmcat.exe in the Client Acceptor Daemon CAD and the scheduler in the Backup-Archive client 5.1.0.0 through 5.1.8.1, 5.2.0.0 through 5.2.5.2, 5.3.0.0 through 5.3.6.1, 5.4.0.0 through 5.4.2.2, and 5.5.0.0 through 5.5.0.91 in...

plogger-sql.txt

GulfTech Security Research August 05, 2008 Vendor : Mike Johnson URL : http://www.plogger.org/ Version : Plogger addfile$filecontents, $row"path";...

moziloCMS 1.10.1 (download.php) Arbitrary Download File Exploit

No description provided by source. !/usr/bin/perl moziloCMS 1.10.1 Perl exploit discovered & written by Ams ax330d doggy gmail dot com DESCRIPTION: Vulnerability hides in "download.php", which we can use to download any file we want to. Here, for example, "admin/conf/logindata.conf". Btw, not ver...

Microsoft Security Bulletin MS08-040 – Important Vulnerabilities in Microsoft SQL Server Could Allow Elevation of Privilege (941203)

Microsoft Security Bulletin MS08-040 – Important Vulnerabilities in Microsoft SQL Server Could Allow Elevation of Privilege 941203 Published: July 8, 2008 Version: 1.0 General Information Executive Summary This security update resolves four privately disclosed vulnerabilities. The more serious of...

Update Protections against Recent Malware Threats (30-Apr-08)

Malware is a software designed to infiltrate or damage a computer system without the owner's informed consent. It is a general name for a variety of forms of hostile, intrusive, or annoying programs like Viruses, worms, Adware, Trojans, and spyware that exploit unprotected clients, using network...