5427 matches found
Vulnerability: be wary of“help and Support Center”uninvited-vulnerability warning-the black bar safety net
Microsoft has just released 6 months patch, Windows XP it also exposed a new HCP Protocol vulnerabilities. After 3 6 0 Security Center to verify, when the Windows XP users use IE series browsers open hung it to the web, or playing“the infected”of the music file, the PC will automatically...
CVE-2010-2306
The default installation of Sourcefire 3D Sensor 1000, 2000, and 9900; and Defense Center 1000; uses the same static, private SSL keys for multiple devices and installations, which allows remote attackers to decrypt SSL traffic via a man-in-the-middle MITM attack...
Default configuration
The default installation of Sourcefire 3D Sensor 1000, 2000, and 9900; and Defense Center 1000; uses the same static, private SSL keys for multiple devices and installations, which allows remote attackers to decrypt SSL traffic via a man-in-the-middle MITM attack...
CVE-2010-2306
The CVE-2010-2306 entry concerns the default installations of Sourcefire 3D Sensor 1000/2000/9900 and Defense Center 1000 sharing the same static private SSL keys across devices/installations. This key reuse enables a remote attacker to perform a man-in-the-middle and decrypt SSL traffic. The pro...
java security update
CentOS Errata and Security Advisory CESA-2010:0339 Updated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring Syst...
Discuz! 7.x/6.x论坛绕过全局变量防御漏洞
Discuz!是一款华人地区非常流行的Web论坛程序。 由于php5.3.x版本php.ini的设置中requestorder默认值为GP,导致Discuz! 6.x/7.x中可以绕过全局变量防御。 在include/global.func.php代码中: function daddslashes$string, $force = 0 !defined'MAGICQUOTESGPC' && define'MAGICQUOTESGPC', getmagicquotesgpc; if!MAGICQUOTESGPC || $force ifisarray$string foreach$stri...
Discuz! 6. x/7. x a global variable Defense bypass vulnerability-vulnerability warning-the black bar safety net
Due to php5. 3. x version php. ini settings requestorder the default value for the GP, resulting in Discuz! 6. x/7. x a global variable Defense bypass vulnerability include/global. func. php code: function daddslashes$string, $force = 0 ! defined'MAGICQUOTESGPC' && define'MAGICQUOTESGPC',...
RHEL 5 : java-1.6.0-openjdk (RHSA-2010:0339)
Updated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...
ECShop V2.7.2 category.php SQL Injection Vulnerability
漏洞代码分析 /category.php .. $filterattrstr = isset$REQUEST'filterattr' ? trim$REQUEST'filterattr' : '0'; //变量 $filterattrstr 是以“.” 分开的数组 $filterattr = empty$filterattrstr ? '' : explode'.', trim$filterattrstr; .. / 扩展商品查询条件 / if !empty$filterattr $extsql = "SELECT DISTINCTb.goodsid FROM "...
Kaspersky Antivirus Code Injection
Hello Bugtraq. I write to notify a vulnerability in Kaspersky Antivirus that allows the code injection in the process that is executed in user's context, allowing: 1. The modification, creation and elimination of the values and keys in the Registration with respect to the configuration of the...
Top 20 'Critical Controls' from SANS Institute
The SANS Institute has released critical security controls for cyber defense agreed to by a consortium of agencies including: “NSA, US Cert, DoD, DoD JTF-GNO, the Department of Energy Nuclear Laboratories, Department of State, DoD Cyber Crime Center plus the top commercial forensics experts and p...
Micropoint Proactive Denfense privilege escalation
User-controlled kernel memory access on IOCTL processing...
New Clickjacking Techniques to Be Revealed
At Black Hat Europe a researcher will demonstrate a new, powerful breed of clickjacking attacks he devised that can bypass newly constructed defenses in browsers and Websites. Read the full article. Dark Readiing...
Micropoint ProActive Denfense 'Mp110013.sys' 1.3.10123.0 - Local Privilege Escalation
/ Micropoint Proactive Denfense Mp110013.sys = 1.3.10123.0 Local Privilege Escalation Exploit VULNERABLE PRODUCTS Micropoint Proactive Denfense = 100323.1.2.10581.0285.r1 mp110013.sys = 1.3.10123.0 DETAILS: mp110013.sys handles DeviceIoControl request which tells driver...
Oriental micro-point active Defense software 9 0-day hack methods-vulnerability warning-the black bar safety net
In addition to the Oriental micro-point ninety-day limit of the method:initial free trial 9 0 days of principle:installation of micro-point,he is using the installation package comes with the serial number:HPXJAL-NBX9GU-8NF367 - 97VL7H ,into the installation,and then use this serial number to the...
Internet Explorer information disclosure vulnerability
Overview Internet Explorer contains an information disclosure vulnerability. Internet Explorer contains an issue when handling content using specific encoding strings that may lead to an information disclosure vulnerability. Daiki Fukumori of Cyber Defense Institute Inc. reported this vulnerabili...
Researcher Releases 'Qubes' Hardened OS
Joanna Rutkowska, a security researcher known for her work on virtualization security and low-level rootkits, has released a new open-source operating system meant to provide isolation of the OS’s components for better security. The OS, called Qubes, is based on Xen, X and Linux and is in a basic...
Researchers Can Keep Web Servers Up During Attack
MIT researchers funded by DARPA U.S. Defense Department’s Defense Advanced Research Projects Agency have developed a system to keep web servers — or, for that matter, any Internet-connected computers — running even when they’re under attack. Read the full article. MIT News...
Mudge to Work For Uncle Sam at DARPA
Peiter Zatko — a respected hacker known as “Mudge” — has been tapped to be a program manager at DARPA, where he will be in charge of funding research designed to help give the U.S. government tools needed to protect against cyberattacks. Read the full article. cnet...
DDIVRT-2009-27 F2L-3000 files2links SQL Injection Vulnerability
Title ----- DDIVRT-2009-27 F2L-3000 files2links SQL Injection Vulnerability Severity -------- Medium Date Discovered --------------- November 19, 2009 Discovered By ------------- Digital Defense, Inc. Vulnerability Research Team Credit: Rob Kraus, Chris Graham and r@b13$ Vulnerability Description...