Update Protections against Recent Malware Threats (30-Dec-07)

Malware is a software designed to infiltrate or damage a computer system without the owner's informed consent. It is a general name for a variety of forms of hostile, intrusive, or annoying programs like Viruses, worms, Adware, Trojans, and spyware that exploit unprotected clients, using network...

Windows平台下的Symantec Backup Exec存在未明远程漏洞

BUGTRAQ ID: 26837 CNCAN ID:CNCAN-2007121405 Symantec Backup Exec是一款集中式管理功能的网络数据保护解决方案。 Window平台下的Symantec Backup Exec存在未明安全问题，远程攻击者可以利用漏洞以应用程序进程权限执行任意指令。 目前没有详细漏洞细节提供。 Symantec Backup Exec for Windows Servers 11d 目前没有详细解决方案提供： http://www.symantec.com/backupexec/index.jsp...

CVE-2007-5819

IBM Tivoli Continuous Data Protection for Files CDP 3.1.0 uses weak permissions unrestricted write for the Central Admin Global download directory, which allows local users to place arbitrary files into a location used for updating CDP clients...

CVE-2002-2342

The CVE-2002-2342 entry describes Bannermatic 1, 2, and 3 failing to protect files (ban.log, ban.bak, ban.dat, banmat.pwd) under the web document root. The vulnerability arises from insufficient access control, allowing direct requests to these files and resulting in exposure of sensitive informa...

IBM Spectrum Protect / Tivoli Storage Manager Service Detection

The remote host is running IBM Spectrum Protect, formerly known as Tivoli Storage Manager, a backup and data protection server. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid25656; scriptversion"1.14"; scriptsetattributeattribute:"pluginmodificationdate",...

CVE-2007-2883

Credant Mobile Guardian Shield (CMG) for Windows prior to 5.2.1 SP1 stores account names and passwords in memory in plaintext, permitting local attackers to recover credentials by reading the paging file or from a dumped memory image. The CERT note confirms credentials may be written to disk due ...

CA Products Discovery Service Remote Buffer Overflow (CVE-2006-6379)

Computer Associates CA BrightStor ARCserve Backup and Business Protection Suite provide data protection and integrated backup and recovery solution for Windows, NetWare, Linux and UNIX environments. The vulnerability is due to a flaw in the Discovery Service component of the affected products. An...

Let IRIS Sniffer can be in the Win2003 SP1 running on-vulnerability warning-the black bar safety net

IRIS Sniffer is a famous network security eeye company of a network for the diagnosis of the Sniffer program with the Sniffer Pro compared with the interface refreshing, easy-to-use features, especially its features of HTTP, FTP, MAIL Protocol the ability to decode powerful, and therefore the...

Is backup required?

Do you need Backup? Introduction. Main features of backup. Risks. RAID. cluster systems. Shadow copy. Version control systems. Application level recovery. Backup security. Cluster systems A cluster is several computers nodes functioning as a single system that can work even if one of the nodes...

Clever use of WinRAR will be confidential camouflage was imperceptible-vulnerability warning-the black bar safety net

WinRAR is everyone commonly used compression/decompression program, in addition to this we also often put WinRAR as encryption software to use, in the compressed file when the Set password can protect the data of the object. But specifically for WinRAR password hack software very much, although...

A small prank:clever uninstall public PC screensavers-vulnerability warning-the black bar safety net

The school computer laboratory is a plurality of classes of common, one class of students in class when specifying a screen saver and set a password, the next class of students in the class, if at the specified time, the minimum time is 1 minute without using a computer, i.e. run the screen saver...

PHP Doc System index.php show Parameter Local File Inclusion

The remote host is running PHP Doc System, a modular, PHP-based system for creating documentation. The version of PHP Doc System installed on the remote host fails to sanitize user input to the 'show' parameter of the 'index.php' script before using it in a PHP 'include' function. An...

DCP - portal XSS & SQL attacks

Web Site: http://www.dcp-portal.org/ DCP Portal = v6 This script is possibly vulnerable to SQL Injection attacks AND Cross Site Scripting XSS attacks The script has been tested with these query variables: XSS : http://target/index.php?page=send&cid=scriptalertdocument.cookie;/script XSS - only PO...

CVE-2005-2664

CVE-2005-2664 affects Whisper 32 1.16 (and possibly earlier) where passwords are stored in plaintext in memory. The underlying cause is unencrypted password storage in the process, enabling local users to read memory via a debugger or similar tool. The impact is information disclosure of password...

CVE-2005-0694

This CVE affects Hosting Controller 6.1 Hotfix 1.7 and earlier, where log files are stored under the web root. An attacker can directly request HCDiskQuotaService.csv to disclose sensitive information, specifically the list of hosted domains. The issue is an information disclosure flaw in the HCD...

CVE-2004-1709

CVE-2004-1709 concerns the Datakey Rainbow iKey2032 USB token when used with the CIP client package. The vulnerability is that communications between the token and the driver are not encrypted, which could allow local users to obtain the PINs of other users. The referenced records assign a low im...

Hydra: MS SQL

This plugin runs Hydra to find MS SQL passwords by brute force. To use this plugin, enter the 'Logins file' and the 'Passwords file' under the 'Hydra NASL wrappers options' advanced settings block. TRUSTED...

ATA-186 Password Disclosure Vulnerability

...

[Full-Disclosure] Cross Site Java applets

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cross-Site Java breaks Sandbox Isolation for Unsigned Applets ============================================================= Product : Java Plugin Version : 1.4.201 OS : Win32 should apply for other OSs too URL : http://java.sun.com Found by : Marc...

NFS Exported Share Information Disclosure

At least one of the NFS shares exported by the remote server could be mounted by the scanning host. An attacker may be able to leverage this to read and possibly write files on remote host. Note: Shares protected by an ACL that includes the IP of the Nessus host will not be tested. C Tenable...