Lucene search
K

2240 matches found

MSRC
MSRC
added 2013/11/12 8:0 a.m.12 views

Introducing Enhanced Mitigation Experience Toolkit (EMET) 4.1

In June 2013, we released EMET 4.0 and customer response has been fantastic. Many customers across the world now include EMET as part of their defense-in-depth strategy and appreciate how EMET helps businesses prevent attackers from gaining access to computers systems. Today, we’re releasing a ne...

6.9AI score
Exploits0
RedHat Linux
RedHat Linux
added 2013/10/23 4:26 p.m.5 views

OpenJDK: AWT hardening fixes (AWT, 7163201)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 6 and earlier, and 6 Update 34 and earlier, has no impact and remote attack vectors involving AWT and "a security-in-depth issue that is not directly exploitable but which can be used to aggravate...

7.3AI score0.12471EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2013/10/23 4:26 p.m.5 views

OpenJDK: AWT hardening fixes (AWT, 7163201)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 6 and earlier, and 6 Update 34 and earlier, has no impact and remote attack vectors involving AWT and "a security-in-depth issue that is not directly exploitable but which can be used to aggravate...

7.3AI score0.12471EPSS
Exploits1References4
ICS
ICS
added 2013/10/15 6:0 a.m.29 views

SpecView Directory Traversal

Overview This advisory is a follow up to the original alert titled ICS-ALERT-12-214-01 SpecView Directory Traversal that was published August 01, 2012, on the ICS-CERT Web. This advisory provides mitigation details for a vulnerability, which impacts SpecView products. Independent researcher Luigi...

5CVSS6.5AI score0.04813EPSS
Exploits1References10
ThreatPost
ThreatPost
added 2013/10/02 7:32 a.m.14 views

Zero Days Are Not the Bugs You're Looking For

BERLIN–The technology industry often is used by politicians, executives and others as an example of how to adapt quickly and shift gears in the face of disruptive changes. But the security community has been doing defense in basically the same way for several decades now, despite the fact that th...

7.6AI score
Exploits0References1
Packet Storm
Packet Storm
added 2013/09/17 12:0 a.m.16 views

Agnitum Outpost Internet Security Local Privilege Escalation

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'rex' require 'msf/core/post/common' require...

0.7AI score
Exploits0
ICS
ICS
added 2013/08/28 12:0 p.m.22 views

Ecava IntegraXor DLL Hijacking (Update B)

Overview This advisory is a follow-up to ICS-ALERT-10-362-01—Ecava IntegraXor DLL Hijacking. ICS-CERT has become aware of a Uncontrolled Search Path Element vulnerability, commonly referred to as DLL Hijacking, in the Ecava IntegraXor supervisory control and data acquisition SCADA product. ICS-CE...

8.1AI score
Exploits0References22
Tenable Nessus
Tenable Nessus
added 2013/08/14 12:0 a.m.32 views

MS KB2861855: Updates to Improve Remote Desktop Protocol Network-Level Authentication

The remote host is missing Microsoft KB2861855. This update provides defense-in-depth measures for Remote Desktop Protocol Network Level Authentication. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid69333; scriptversion"1.5"; scriptcvsdate"Date: 2018/11/15 20:50:28"...

5.5AI score
Exploits0References1
MSRC
MSRC
added 2013/08/12 7:0 a.m.8 views

Mitigating the LdrHotPatchRoutine DEP/ASLR bypass with MS13-063

Today we released MS13-063 which includes a defense in depth change to address an exploitation technique that could be used to bypass two important platform mitigations: Address Space Layout Randomization ASLR and Data Execution Prevention DEP. As we’ve described in the past, these mitigations pl...

7.1AI score
Exploits0
RedHat Linux
RedHat Linux
added 2013/07/15 8:30 p.m.3 views

php: xml_parse_into_struct buffer overflow when parsing deeply nested XML

ext/xml/xml.c in PHP before 5.3.27 does not properly consider parsing depth, which allows remote attackers to cause a denial of service heap memory corruption or possibly have unspecified other impact via a crafted document that is processed by the xmlparseintostruct function...

6.8CVSS7.5AI score0.05186EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2013/07/15 8:20 p.m.5 views

php: xml_parse_into_struct buffer overflow when parsing deeply nested XML

ext/xml/xml.c in PHP before 5.3.27 does not properly consider parsing depth, which allows remote attackers to cause a denial of service heap memory corruption or possibly have unspecified other impact via a crafted document that is processed by the xmlparseintostruct function...

6.8CVSS7.5AI score0.05186EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2013/07/12 8:13 p.m.5 views

php: xml_parse_into_struct buffer overflow when parsing deeply nested XML

ext/xml/xml.c in PHP before 5.3.27 does not properly consider parsing depth, which allows remote attackers to cause a denial of service heap memory corruption or possibly have unspecified other impact via a crafted document that is processed by the xmlparseintostruct function...

6.8CVSS7.5AI score0.05186EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2013/07/12 8:9 p.m.9 views

php: xml_parse_into_struct buffer overflow when parsing deeply nested XML

ext/xml/xml.c in PHP before 5.3.27 does not properly consider parsing depth, which allows remote attackers to cause a denial of service heap memory corruption or possibly have unspecified other impact via a crafted document that is processed by the xmlparseintostruct function...

6.8CVSS7.5AI score0.05186EPSS
Exploits0References4
OSV
OSV
added 2013/06/15 8:55 p.m.3 views

DEBIAN-CVE-2013-2004

The 1 GetDatabase and 2 XimParseStringFile functions in X.org libX11 1.5.99.901 1.6 RC1 and earlier do not restrict the recursion depth when processing directives to include files, which allows X servers to cause a denial of service stack consumption via a crafted file...

6.8CVSS8.5AI score0.01576EPSS
Exploits0References1
OSV
OSV
added 2013/06/15 8:55 p.m.8 views

CVE-2013-2004

The 1 GetDatabase and 2 XimParseStringFile functions in X.org libX11 1.5.99.901 1.6 RC1 and earlier do not restrict the recursion depth when processing directives to include files, which allows X servers to cause a denial of service stack consumption via a crafted file...

6AI score
Exploits0References4
Cvelist
Cvelist
added 2013/06/15 8:0 p.m.20 views

CVE-2013-2004

The 1 GetDatabase and 2 XimParseStringFile functions in X.org libX11 1.5.99.901 1.6 RC1 and earlier do not restrict the recursion depth when processing directives to include files, which allows X servers to cause a denial of service stack consumption via a crafted file...

8.7AI score0.01576EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2013/06/15 8:0 p.m.28 views

CVE-2013-2004

The 1 GetDatabase and 2 XimParseStringFile functions in X.org libX11 1.5.99.901 1.6 RC1 and earlier do not restrict the recursion depth when processing directives to include files, which allows X servers to cause a denial of service stack consumption via a crafted file...

6.8CVSS9AI score0.01576EPSS
Exploits0
w3af
w3af
added 2013/06/10 11:2 p.m.17 views

archive_dot_org

This plugin does a search in archive.org and parses the results. It then uses the results to find new URLs in the target site. This plugin is a time machine ! Plugin type Crawl Options Name | Type | Default Value | Description | Help ---|---|---|---|--- maxdepth | integer | 3 | Maximum recursion...

Exploits0
securityvulns
securityvulns
added 2013/06/03 12:0 a.m.47 views

Vulnerable Microsoft VC++ 2005 RTM runtime libraries installed with "Microsoft Security Essentials" (and numerous other Microsoft products)

Hi @ll, this is part 2 of "Defense in depth -- the Microsoft way", see http://seclists.org/fulldisclosure/2013/May/107 On Windows NT 5.x the current "Microsoft Security Essentials" v4.2 available from http://www.microsoft.com/securityessentials, and offered as optional update KB2804527 via...

0.4AI score
Exploits0
ICS
ICS
added 2013/04/22 12:0 p.m.56 views

Inductive Automation Ignition Information Disclosure Vulnerability

Overview ICS-CERT has received a report from Rubén Santamarta concerning a vulnerability in Inductive Automation’s Ignition software. Ignition is an updated version of FactoryPMI Plant Management Interface, offered by Inductive Automation. This vulnerability allows unauthorized users to download...

7.1AI score
Exploits0References18
Rows per page
Query Builder