9528 matches found
Cisco Releases Security Advisory for Prime Infrastructure Command Execution Vulnerability
Cisco has released a security advisory to address a vulnerability in Cisco Prime Infrastructure software versions 1.2, 1.3, 1.4, and 2.0 which could allow an unauthenticated, remote attacker to execute arbitrary commands with root-level privileges. US-CERT encourages users and administrators to...
Second Group Seen Using IE 10 Zero Day
There are at least two different groups running attacks exploiting the recently published zero day vulnerability in Internet Explorer 10, and researchers say one of the groups used the bug to impersonate a French aerospace manufacturer and compromise victims visiting the spoofed Web page. The...
CVE-2014-1965
Cross-site scripting XSS vulnerability in ISpeakAdapter in the Integration Repository in the SAP Exchange Infrastructure BC-XI component 3.0, 7.00 through 7.02, and 7.10 through 7.11 for SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via vectors related to PIP...
Cross site scripting
Cross-site scripting XSS vulnerability in the Integration Repository in the SAP Exchange Infrastructure BC-XI component in SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via vectors related to the ESR application and a DIR error...
Cross site scripting
Cross-site scripting XSS vulnerability in ISpeakAdapter in the Integration Repository in the SAP Exchange Infrastructure BC-XI component 3.0, 7.00 through 7.02, and 7.10 through 7.11 for SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via vectors related to PIP...
CVE-2014-1964
CVE-2014-1964 is an XSS vulnerability in the SAP NetWeaver Integration Repository (BC-XI) component of SAP Exchange Infrastructure. The issue affects the Integration Repository via the ESR application and a DIR error, enabling remote attackers to inject arbitrary web script or HTML. The NVD notes...
CVE-2014-1965
Cross-site scripting XSS vulnerability in ISpeakAdapter in the Integration Repository in the SAP Exchange Infrastructure BC-XI component 3.0, 7.00 through 7.02, and 7.10 through 7.11 for SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via vectors related to PIP...
New IE Zero Day Found Targeting Military Intelligence
Attackers were able to compromise the U.S. Veterans of Foreign Wars’ website this week and serve up a previously unknown zero day exploit in Internet Explorer 10, and while motivation behind the campaign is still unclear, experts are speculating its aim was to procure military intelligence...
Governments Need to Discuss Use of Cyber Weapons
PUNTA CANA–Attacks on critical infrastructure have been grabbing headlines for years now, long before sophisticated operations such as Stuxnet and Flame hit the scene. But we’re probably still in the early stages of the evolution of such attacks, and the use of so-called cyber weapons in these...
Cost of Doing APT Business Dropping
PUNTA CANA–The term APT often is used as a generic descriptor for any group–typically presumed to be government-backed and heavily financed–that is seen attacking high-value targets such as government agencies, critical infrastructure and financial systems. But the range of targets APT groups are...
Poor Patching, Passwords Plague Government Computers
A damning report on the security of government computers paints an unflattering picture of lax or non-existent patching efforts, poor password policies, configuration errors and a general lack of confidence that exposes critical services and systems to attack. The report, “The Federal Government’...
Fedora Update for zabbix FEDORA-2013-22741
Check for the Version of zabbix OpenVAS Vulnerability Test Fedora Update for zabbix FEDORA-2013-22741 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the ter...
[Autopsy] Digital Investigation Analysis
Autopsy® is a digital forensics platform and graphical interface to The Sleuth Kit® and other digital forensics tools. It can be used by law enforcement, military, and corporate examiners to investigate what happened on a computer. You can even use it to recover photos from your camera's memory...
Congress to Consider Critical Infrastructure Protection Bill
The National Cybersecurity and Critical Infrastructure Protection Act of 2013 would amend the Homeland Security Act of 2002 to better protect the country against potentially destructive cyber attacks targeting national utilities and other critical infrastructure systems. The House Subcommittee on...
PYSEC-2014-69
python-keystoneclient before 0.2.4, as used in OpenStack Keystone Folsom, does not properly check expiry for PKI tokens, which allows remote authenticated users to 1 retain use of a token after it has expired, or 2 use a revoked token once it expires...
USB Malware Targeting Siemens Control Software (Update C)
Overview VirusBlokAda, an antivirus vendor based in Belarus, announcedVirusBlokAda, http://www.anti-virus.by/en/tempo.shtml, website last visited July 15, 2010. the discovery of malware that uses a zero-day vulnerability in Microsoft Windows processing of shortcut files. The malware utilizes this...
Solar Magnetic Storm Impact on Control Systems
Overview The sun generates solar flare and coronal mass ejection CME events in an approximate 11-year cycle. The plasma clouds generated from these events have the potential to cause geomagnetic storms that can interfere with terrestrial communications and other electronic systems, posing a risk ...
UK CPNI Releases Spear Phishing Paper
The United Kingdom's Centre for the Protection of National Infrastructure CPNI has recently released a paper titled "Spear Phishing - Understanding the Threat;" this document provides guidance on how spear phishing attacks work, whether you are likely to be a target, and the steps organizations c...
Solaris 10 (x86) : 144222-16 (deprecated)
Vulnerability in the Solaris Cluster component of Oracle and Sun Systems Products Suite subcomponent: Zone Cluster Infrastructure. Supported versions that are affected are 3.2, 3.3 and 4 prior to 4.1 SRU 3. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of...
Solaris 10 (sparc) : 144221-17 (deprecated)
Vulnerability in the Solaris Cluster component of Oracle and Sun Systems Products Suite subcomponent: Zone Cluster Infrastructure. Supported versions that are affected are 3.2, 3.3 and 4 prior to 4.1 SRU 3. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of...