9525 matches found
PHP Finance v1.0 - Multiple Web Vulnerabilities
Document Title: =============== PHP Finance v1.0 - Multiple Web Vulnerabilities Release Date: ============= 2011-07-16 Vulnerability Laboratory ID VL-ID: ==================================== 103 Product & Service Introduction: =============================== PHPFinance is a web based financial...
Pentagon Discloses Massive Data Theft, Lays Out New Security Strategy
A targeted attack on a defense contractor in March of this year resulted in the theft of 24,000 files by an unknown attacker, according to Defense Department officials. The attack, which officials say was the work of a foreign government, would represent one of the more serious known attacks on t...
Replacing the CA System, Millions of Clients at a Time
The Internet was not designed to be a secure network, not by any stretch of the imagination. It was meant to enable giant PDPs and IMPs at one college to talk to their brethren at another college across the country. SSL was an attempt to impose some level of security and trustability on this syst...
Fake IRS Spam Campaign Pushing Zeus Bot
There is a large scale spam campaign underway right now in which attackers are using fairly well-crafted emails that appear to come from the IRS to infect victims with the Zeus bot. The attack has been ongoing for a couple of weeks now, and researchers say that although the attackers have taken...
U.S. Playing Catch Up in Security for Contactless Devices
AMHERST, MASS.– The U.S. may boast the world’s largest economy, richest technology companies and a lion’s share of its top research universities. But when it comes to the subject of security of RFID Radio Frequency ID and other contactless technologies, America is still playing catch-up. The U.S....
Tom Sawyer GET Extension Factory COM Object Instantiation Memory Corruption
Added: 06/19/2011 CVE: CVE-2011-2217 BID: 48099 Background Tom Sawyer Software produces a variety of data visualization, layout, and analysis tools. Problem Certain ActiveX controls in tsgetxu71ex552.dll and tsgetx71ex552.dll in Tom Sawyer GET Extension Factory 5.5.2.237, as used in VI Client...
Tom Sawyer GET Extension Factory COM Object Instantiation Memory Corruption
Added: 06/19/2011 CVE: CVE-2011-2217 BID: 48099 Background Tom Sawyer Software produces a variety of data visualization, layout, and analysis tools. Problem Certain ActiveX controls in tsgetxu71ex552.dll and tsgetx71ex552.dll in Tom Sawyer GET Extension Factory 5.5.2.237, as used in VI Client...
Critical Infrastructure Vulnerable to Holes in Chinese SCADA Software
The U.S. CERT has issued a security advisory firms using industrial control systems software from the Chinese firm Sunway in the U.S. after a researcher discovered remotely exploitable holes that could be used to knock out or take control systems running the company’s software. The ICS-CERT, the...
Time to Focus on Results-Oriented Security
The security industry is full of pernicious problems with no easy solutions. Take spam, for example. The current best defense is filtering out the obvious spam messages. Yet, the countermeasure is not a solution: As anti-spam technology gets better, spammers merely churn out more spam and achieve...
Memory corruption
Certain ActiveX controls in 1 tsgetxu71ex552.dll and 2 tsgetx71ex552.dll in Tom Sawyer GET Extension Factory 5.5.2.237, as used in VI Client aka VMware Infrastructure Client 2.0.2 before Build 230598 and 2.5 before Build 204931 in VMware Infrastructure 3, do not properly handle attempted...
CVE-2011-2217
The CVE-2011-2217 issue affects Tom Sawyer GET Extension Factory ActiveX controls (e.g., tsgetx71ex552/tsgetx71ex553.dll) installed with VMware VI Client and related Embarcadero ER/Studio bundles. The vulnerability stems from incorrect initialization in Internet Explorer, enabling remote attacker...
CVE-2011-2217
Certain ActiveX controls in 1 tsgetxu71ex552.dll and 2 tsgetx71ex552.dll in Tom Sawyer GET Extension Factory 5.5.2.237, as used in VI Client aka VMware Infrastructure Client 2.0.2 before Build 230598 and 2.5 before Build 204931 in VMware Infrastructure 3, do not properly handle attempted...
Fedora Update for libcgroup FEDORA-2011-2570
Check for the Version of libcgroup OpenVAS Vulnerability Test Fedora Update for libcgroup FEDORA-2011-2570 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under th...
China-Based Attacks Targeted Gmail of U.S. Officials, Activists
Search giant Google has again sounded the alarm about sophisticated attacks emanating from mainland China and targeting officials within the U.S. and Asian governments, as well as human rights activists and journalists. Samples of some of the messages posted on an independent researcher’s blog...
Pentagon Adds Cyber-Weapons to List of Arms
The Pentagon is compiling a list of offensive cyber-weapons capable of deliberately crippling or destroying an adversary’s critical infrastructure according to a recent report in the Washington Post. This collection of cyber weapons is part of a broader list of weapons approved by the Pentagon fo...
[SECURITY] Fedora 13 Update: libcgroup-0.35.1-5.fc13
Control groups infrastructure. The tools and library help manipulate, contr ol, administrate and monitor control groups and the associated controllers...
Data Breach Notification Bill Included in New White House Proposal
The White House on Thursday proposed a new federal data breach notification law in an attempt to clarify a mish-mash of laws already on record. The notification comes as part of a much-delayed cybersecurity legislative proposal unveiled on Capitol Hill this week. The sweeping reform comes nearly...
Serious SCADA Security Flaw Affects Critical Infrastructure Firms
The U.S.’s Computer Emergency Response Team CERT issued a warning to critical infrastructure firms on Wednesday about a serious security hole in products from Massachusetts firm Iconics that could leave critical systems vulnerable to remote attacks. U.S. companies in the electricity, oil and gas,...
HP Virtual Server Environment Detection
The remote Windows host contains HP Virtual Server Environment, an application for managing virtual server infrastructures. C Tenable Network Security, Inc. include'compat.inc'; if description scriptid53623; scriptversion"1.10"; scriptsetattributeattribute:"pluginmodificationdate",...
[Onapsis Security Advisory 2011-009] Oracle JD Edwards JDENET SawKernel Remote Password Disclosure
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Onapsis Security Advisory 2011-009: Oracle JD Edwards JDENET SawKernel Remote Password Disclosure This advisory can be downloaded in PDF format from http://www.onapsis.com/. By downloading this advisory from the Onapsis Resource Center, you will gain...