2240 matches found
Introducing Enhanced Mitigation Experience Toolkit (EMET) 4.1
In June 2013, we released EMET 4.0 and customer response has been fantastic. Many customers across the world now include EMET as part of their defense-in-depth strategy and appreciate how EMET helps businesses prevent attackers from gaining access to computers systems. Today, we’re releasing a ne...
OpenJDK: AWT hardening fixes (AWT, 7163201)
Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 6 and earlier, and 6 Update 34 and earlier, has no impact and remote attack vectors involving AWT and "a security-in-depth issue that is not directly exploitable but which can be used to aggravate...
OpenJDK: AWT hardening fixes (AWT, 7163201)
Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 6 and earlier, and 6 Update 34 and earlier, has no impact and remote attack vectors involving AWT and "a security-in-depth issue that is not directly exploitable but which can be used to aggravate...
SpecView Directory Traversal
Overview This advisory is a follow up to the original alert titled ICS-ALERT-12-214-01 SpecView Directory Traversal that was published August 01, 2012, on the ICS-CERT Web. This advisory provides mitigation details for a vulnerability, which impacts SpecView products. Independent researcher Luigi...
Zero Days Are Not the Bugs You're Looking For
BERLIN–The technology industry often is used by politicians, executives and others as an example of how to adapt quickly and shift gears in the face of disruptive changes. But the security community has been doing defense in basically the same way for several decades now, despite the fact that th...
Agnitum Outpost Internet Security Local Privilege Escalation
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'rex' require 'msf/core/post/common' require...
Ecava IntegraXor DLL Hijacking (Update B)
Overview This advisory is a follow-up to ICS-ALERT-10-362-01—Ecava IntegraXor DLL Hijacking. ICS-CERT has become aware of a Uncontrolled Search Path Element vulnerability, commonly referred to as DLL Hijacking, in the Ecava IntegraXor supervisory control and data acquisition SCADA product. ICS-CE...
MS KB2861855: Updates to Improve Remote Desktop Protocol Network-Level Authentication
The remote host is missing Microsoft KB2861855. This update provides defense-in-depth measures for Remote Desktop Protocol Network Level Authentication. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid69333; scriptversion"1.5"; scriptcvsdate"Date: 2018/11/15 20:50:28"...
Mitigating the LdrHotPatchRoutine DEP/ASLR bypass with MS13-063
Today we released MS13-063 which includes a defense in depth change to address an exploitation technique that could be used to bypass two important platform mitigations: Address Space Layout Randomization ASLR and Data Execution Prevention DEP. As we’ve described in the past, these mitigations pl...
php: xml_parse_into_struct buffer overflow when parsing deeply nested XML
ext/xml/xml.c in PHP before 5.3.27 does not properly consider parsing depth, which allows remote attackers to cause a denial of service heap memory corruption or possibly have unspecified other impact via a crafted document that is processed by the xmlparseintostruct function...
php: xml_parse_into_struct buffer overflow when parsing deeply nested XML
ext/xml/xml.c in PHP before 5.3.27 does not properly consider parsing depth, which allows remote attackers to cause a denial of service heap memory corruption or possibly have unspecified other impact via a crafted document that is processed by the xmlparseintostruct function...
php: xml_parse_into_struct buffer overflow when parsing deeply nested XML
ext/xml/xml.c in PHP before 5.3.27 does not properly consider parsing depth, which allows remote attackers to cause a denial of service heap memory corruption or possibly have unspecified other impact via a crafted document that is processed by the xmlparseintostruct function...
php: xml_parse_into_struct buffer overflow when parsing deeply nested XML
ext/xml/xml.c in PHP before 5.3.27 does not properly consider parsing depth, which allows remote attackers to cause a denial of service heap memory corruption or possibly have unspecified other impact via a crafted document that is processed by the xmlparseintostruct function...
DEBIAN-CVE-2013-2004
The 1 GetDatabase and 2 XimParseStringFile functions in X.org libX11 1.5.99.901 1.6 RC1 and earlier do not restrict the recursion depth when processing directives to include files, which allows X servers to cause a denial of service stack consumption via a crafted file...
CVE-2013-2004
The 1 GetDatabase and 2 XimParseStringFile functions in X.org libX11 1.5.99.901 1.6 RC1 and earlier do not restrict the recursion depth when processing directives to include files, which allows X servers to cause a denial of service stack consumption via a crafted file...
CVE-2013-2004
The 1 GetDatabase and 2 XimParseStringFile functions in X.org libX11 1.5.99.901 1.6 RC1 and earlier do not restrict the recursion depth when processing directives to include files, which allows X servers to cause a denial of service stack consumption via a crafted file...
CVE-2013-2004
The 1 GetDatabase and 2 XimParseStringFile functions in X.org libX11 1.5.99.901 1.6 RC1 and earlier do not restrict the recursion depth when processing directives to include files, which allows X servers to cause a denial of service stack consumption via a crafted file...
archive_dot_org
This plugin does a search in archive.org and parses the results. It then uses the results to find new URLs in the target site. This plugin is a time machine ! Plugin type Crawl Options Name | Type | Default Value | Description | Help ---|---|---|---|--- maxdepth | integer | 3 | Maximum recursion...
Vulnerable Microsoft VC++ 2005 RTM runtime libraries installed with "Microsoft Security Essentials" (and numerous other Microsoft products)
Hi @ll, this is part 2 of "Defense in depth -- the Microsoft way", see http://seclists.org/fulldisclosure/2013/May/107 On Windows NT 5.x the current "Microsoft Security Essentials" v4.2 available from http://www.microsoft.com/securityessentials, and offered as optional update KB2804527 via...
Inductive Automation Ignition Information Disclosure Vulnerability
Overview ICS-CERT has received a report from Rubén Santamarta concerning a vulnerability in Inductive Automation’s Ignition software. Ignition is an updated version of FactoryPMI Plant Management Interface, offered by Inductive Automation. This vulnerability allows unauthorized users to download...