1704 matches found
JBoss Overlord Runtime Governance for JBossAS MVEL表达式Java代码执行漏洞
CVE ID:CVE-2013-6469 JBoss Overlord Runtime Governance for JBossAS是一款管理JBoss SOA平台的应用。 JBoss Overlord Runtime Governance for JBossAS处理部分MVEL表达式时存在未明错误,允许攻击者提交特制的表达式执行任意Java代码。 0 JBoss Overlord Runtime Governance for JBossAS 1.0 目前没有详细解决方案: https://www.jboss.org/overlord...
CVE-2013-6334
IBM Atlas eDiscovery Process Management 6.0.1.5 and earlier and 6.0.2, Disposal and Governance Management for IT 6.0.1.5 and earlier and 6.0.2, and Global Retention Policy and Schedule Management 6.0.1.5 and earlier and 6.0.2 in IBM Atlas Suite aka Atlas Policy Suite do not properly validate...
CVE-2013-6321
SQL injection vulnerability in IBM Atlas eDiscovery Process Management 6.0.1.5 and earlier and 6.0.2, Disposal and Governance Management for IT 6.0.1.5 and earlier and 6.0.2, and Global Retention Policy and Schedule Management 6.0.1.5 and earlier and 6.0.2 in IBM Atlas Suite aka Atlas Policy Suit...
CVE-2013-6321
SQL injection vulnerability (CVE-2013-6321) affects IBM Atlas Suite components (Atlas eDiscovery Process Management 6.0.1.5 and earlier/6.0.2; Disposal and Governance Management for IT 6.0.1.5 and earlier/6.0.2; Global Retention Policy and Schedule Management 6.0.1.5 and earlier/6.0.2). Root caus...
CVE-2013-6334
CVE-2013-6334 affects IBM Atlas Suite components (Atlas eDiscovery Process Management 6.0.1.5 and earlier, 6.0.2; Disposal and Governance Management for IT 6.0.1.5 and earlier, 6.0.2; Global Retention Policy and Schedule Management 6.0.1.5 and earlier, 6.0.2). The issue is improper session valida...
NIST Publishes Preliminary Cybersecurity Framework
Following an Executive Order issued by U.S. President Barack Obama in February of this year, the National Institute of Standards and Technology NIST yesterday made public a provisional copy of the government’s cybersecurity framework and says it will accept public comment on the draft for the nex...
Who Governs The Internet and whose property is it?
The recent exposes and revelations by Edward Snowden about the Top Secret Internet Snooping program currently run by US National Security Agency NSA have shocked the world. The extent of snooping is even more shocking and what has just stunned the world is the sheer name of top Internet companies...
Information Governance: Get Data Classification Right First
Data classification is one of the most crucial elements of an effective information governance process--yet its also one that many companies fail to implement well. In its simplest terms, data classification is the process of categorizing data based on its level of sensitivity. When done properly...
ENISA Outlines Security Regulations for EU Smart Grid Expansion
The European Union has set a series of ambitious goals for itself: by 2020, the 27 member states expect to collectively use 20 percent renewable energy, reduce CO2 emissions by 20 percent, and increase energy efficiency by 20 percent. In order to accomplish these goals, Europe will need to perfor...
Coalfire Acquires Digital Resources Group in California
We have reached a new milestone at Coalfire and have announced the recent acquisition of privately held Digital Resources Group DRG in Redwood City, California. We are excited about our latest venture as it consolidates our leadership position within the IT Governance Risk and Compliance IT GRC...
90% SSL sites vulnerable to the BEAST SSL attack
90% of the Internet's top 200,000 HTTPS-enabled websites are vulnerable to known types of SSL Secure Sockets Layer attack, according to a report released Thursday by the Trustworthy Internet Movement TIM, a nonprofit organization dedicated to solving Internet security, privacy and reliability...
Chengdu Bureau Of Commerce SQL Injection
Title: ====== Chengdu Bureau of Commerce - SQL Injection Vulnerability Date: ===== 2012-04-23 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=312 VL-ID: ===== 312 Introduction: ============= May 20, by my bureau composed of 10 members, participated in by the Chinese...
Hackers Plan Satellite Network to Fight Internet Censorship
A group of hackers are reportedly declaring war on Internet censorship, and they plan to fight back with their own satellite communications network. Sound like science fiction? According to BBC News, the plan was recently outlined at the Chaos Communication Congress in Berlin. Dubbed the...
CN Academy of Governance NSA - Postgre SQL Injection
Document Title: =============== CN Academy of Governance NSA - Postgre SQL Injection References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=311 CNNVD ID: CNNVD-201111-474 Release Date: ============= 2011-11-25 Vulnerability Laboratory ID VL-ID:...
CN Academy of Governance NSA - Postgre SQL Injection
Document Title: =============== CN Academy of Governance NSA - Postgre SQL Injection References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=311 CNNVD ID: CNNVD-201111-474 Release Date: ============= 2011-11-25 Vulnerability Laboratory ID VL-ID:...
How easy it is to hack AMC's sites !
An 'ethical' hacker demonstrates how one can break into the civic corporation's e-governance site and I P Gautam's official domain to access confidential info. The state government's websites are under threat of being hacked. A BCA student, who calls himself an 'ethical' hacker, demonstrated how ...
Be Aware Hacker - Honeypots now in India trap to lure hackers !
Decoys have been present in each and every culture, to capture the unknown as well as the known defaulters. The honey, which was used in turning the heads of bears that we used to find in jungles, well the same honey, but in a revisited version is being implemented and used here and has already...
CVE-2010-2644
IBM WebSphere Service Registry and Repository WSRR 7.0.0 before FP1 does not properly implement access control, which allows remote attackers to perform governance actions via unspecified API requests to an EJB interface...
Improper access control
IBM WebSphere Service Registry and Repository WSRR 7.0.0 before FP1 does not properly implement access control, which allows remote attackers to perform governance actions via unspecified API requests to an EJB interface...
CVE-2010-2644
IBM WebSphere Service Registry and Repository (WSRR) 7.0.0 before FP1 has an access-control flaw in the EJB interface that could allow remote attackers to perform governance actions via unspecified API requests. Affected product: IBM WSRR 7.0.0 pre-FP1. Root cause: improper access-control impleme...