Lucene search
K

5427 matches found

myhack58
myhack58
added 2010/06/17 12:0 a.m.13 views

Vulnerability: be wary of“help and Support Center”uninvited-vulnerability warning-the black bar safety net

Microsoft has just released 6 months patch, Windows XP it also exposed a new HCP Protocol vulnerabilities. After 3 6 0 Security Center to verify, when the Windows XP users use IE series browsers open hung it to the web, or playing“the infected”of the music file, the PC will automatically...

0.7AI score
Exploits0
NVD
NVD
added 2010/06/16 8:30 p.m.31 views

CVE-2010-2306

The default installation of Sourcefire 3D Sensor 1000, 2000, and 9900; and Defense Center 1000; uses the same static, private SSL keys for multiple devices and installations, which allows remote attackers to decrypt SSL traffic via a man-in-the-middle MITM attack...

4.3CVSS6.7AI score0.0146EPSS
Exploits0References8
Prion
Prion
added 2010/06/16 8:30 p.m.24 views

Default configuration

The default installation of Sourcefire 3D Sensor 1000, 2000, and 9900; and Defense Center 1000; uses the same static, private SSL keys for multiple devices and installations, which allows remote attackers to decrypt SSL traffic via a man-in-the-middle MITM attack...

4.3CVSS7.3AI score0.0146EPSS
Exploits0References8
CVE
CVE
added 2010/06/16 8:0 p.m.60 views

CVE-2010-2306

The CVE-2010-2306 entry concerns the default installations of Sourcefire 3D Sensor 1000/2000/9900 and Defense Center 1000 sharing the same static private SSL keys across devices/installations. This key reuse enables a remote attacker to perform a man-in-the-middle and decrypt SSL traffic. The pro...

4.3CVSS7AI score0.0146EPSS
Exploits0References8Affected Software3
Cent OS
Cent OS
added 2010/06/12 3:56 p.m.91 views

java security update

CentOS Errata and Security Advisory CESA-2010:0339 Updated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring Syst...

9.8CVSS7.7AI score0.96319EPSS
Exploits33References7
seebug.org
seebug.org
added 2010/05/24 12:0 a.m.26 views

Discuz! 7.x/6.x论坛绕过全局变量防御漏洞

Discuz!是一款华人地区非常流行的Web论坛程序。 由于php5.3.x版本php.ini的设置中requestorder默认值为GP,导致Discuz! 6.x/7.x中可以绕过全局变量防御。 在include/global.func.php代码中: function daddslashes$string, $force = 0 !defined'MAGICQUOTESGPC' && define'MAGICQUOTESGPC', getmagicquotesgpc; if!MAGICQUOTESGPC || $force ifisarray$string foreach$stri...

7.1AI score
Exploits0
myhack58
myhack58
added 2010/05/18 12:0 a.m.30 views

Discuz! 6. x/7. x a global variable Defense bypass vulnerability-vulnerability warning-the black bar safety net

Due to php5. 3. x version php. ini settings requestorder the default value for the GP, resulting in Discuz! 6. x/7. x a global variable Defense bypass vulnerability include/global. func. php code: function daddslashes$string, $force = 0 ! defined'MAGICQUOTESGPC' && define'MAGICQUOTESGPC',...

7.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2010/05/11 12:0 a.m.59 views

RHEL 5 : java-1.6.0-openjdk (RHSA-2010:0339)

Updated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

9.8CVSS8.7AI score0.96319EPSS
Exploits33References34
seebug.org
seebug.org
added 2010/05/09 12:0 a.m.22 views

ECShop V2.7.2 category.php SQL Injection Vulnerability

漏洞代码分析 /category.php .. $filterattrstr = isset$REQUEST'filterattr' ? trim$REQUEST'filterattr' : '0'; //变量 $filterattrstr 是以“.” 分开的数组 $filterattr = empty$filterattrstr ? '' : explode'.', trim$filterattrstr; .. / 扩展商品查询条件 / if !empty$filterattr $extsql = "SELECT DISTINCTb.goodsid FROM "...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2010/05/03 12:0 a.m.58 views

Kaspersky Antivirus Code Injection

Hello Bugtraq. I write to notify a vulnerability in Kaspersky Antivirus that allows the code injection in the process that is executed in user's context, allowing: 1. The modification, creation and elimination of the values and keys in the Registration with respect to the configuration of the...

0.4AI score
Exploits0
ThreatPost
ThreatPost
added 2010/04/20 6:37 p.m.10 views

Top 20 'Critical Controls' from SANS Institute

The SANS Institute has released critical security controls for cyber defense agreed to by a consortium of agencies including: “NSA, US Cert, DoD, DoD JTF-GNO, the Department of Energy Nuclear Laboratories, Department of State, DoD Cyber Crime Center plus the top commercial forensics experts and p...

1.6AI score
Exploits0References1
securityvulns
securityvulns
added 2010/04/19 12:0 a.m.20 views

Micropoint Proactive Denfense privilege escalation

User-controlled kernel memory access on IOCTL processing...

3.9AI score
Exploits0References1
ThreatPost
ThreatPost
added 2010/04/14 5:11 p.m.9 views

New Clickjacking Techniques to Be Revealed

At Black Hat Europe a researcher will demonstrate a new, powerful breed of clickjacking attacks he devised that can bypass newly constructed defenses in browsers and Websites. Read the full article. Dark Readiing...

3.1AI score
Exploits0References2
Exploit DB
Exploit DB
added 2010/04/14 12:0 a.m.36 views

Micropoint ProActive Denfense 'Mp110013.sys' 1.3.10123.0 - Local Privilege Escalation

/ Micropoint Proactive Denfense Mp110013.sys = 1.3.10123.0 Local Privilege Escalation Exploit VULNERABLE PRODUCTS Micropoint Proactive Denfense = 100323.1.2.10581.0285.r1 mp110013.sys = 1.3.10123.0 DETAILS: mp110013.sys handles DeviceIoControl request which tells driver...

7AI score
Exploits0
myhack58
myhack58
added 2010/04/12 12:0 a.m.10 views

Oriental micro-point active Defense software 9 0-day hack methods-vulnerability warning-the black bar safety net

In addition to the Oriental micro-point ninety-day limit of the method:initial free trial 9 0 days of principle:installation of micro-point,he is using the installation package comes with the serial number:HPXJAL-NBX9GU-8NF367 - 97VL7H ,into the installation,and then use this serial number to the...

1.8AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2010/04/08 8:47 a.m.2 views

Internet Explorer information disclosure vulnerability

Overview Internet Explorer contains an information disclosure vulnerability. Internet Explorer contains an issue when handling content using specific encoding strings that may lead to an information disclosure vulnerability. Daiki Fukumori of Cyber Defense Institute Inc. reported this vulnerabili...

6.5CVSS6.1AI score0.29229EPSS
Exploits1References12
ThreatPost
ThreatPost
added 2010/04/07 1:41 p.m.16 views

Researcher Releases 'Qubes' Hardened OS

Joanna Rutkowska, a security researcher known for her work on virtualization security and low-level rootkits, has released a new open-source operating system meant to provide isolation of the OS’s components for better security. The OS, called Qubes, is based on Xen, X and Linux and is in a basic...

7.4AI score
Exploits0References2
ThreatPost
ThreatPost
added 2010/03/18 6:45 p.m.8 views

Researchers Can Keep Web Servers Up During Attack

MIT researchers funded by DARPA U.S. Defense Department’s Defense Advanced Research Projects Agency have developed a system to keep web servers — or, for that matter, any Internet-connected computers — running even when they’re under attack. Read the full article. MIT News...

3.4AI score
Exploits0References2
ThreatPost
ThreatPost
added 2010/02/10 5:6 p.m.11 views

Mudge to Work For Uncle Sam at DARPA

Peiter Zatko — a respected hacker known as “Mudge” — has been tapped to be a program manager at DARPA, where he will be in charge of funding research designed to help give the U.S. government tools needed to protect against cyberattacks. Read the full article. cnet...

1.5AI score
Exploits0References2
securityvulns
securityvulns
added 2010/01/26 12:0 a.m.41 views

DDIVRT-2009-27 F2L-3000 files2links SQL Injection Vulnerability

Title ----- DDIVRT-2009-27 F2L-3000 files2links SQL Injection Vulnerability Severity -------- Medium Date Discovered --------------- November 19, 2009 Discovered By ------------- Digital Defense, Inc. Vulnerability Research Team Credit: Rob Kraus, Chris Graham and r@b13$ Vulnerability Description...

7.9AI score
Exploits0
Rows per page
Query Builder