Lucene search
K

9525 matches found

Vulnerability Lab
Vulnerability Lab
added 2011/07/16 12:0 a.m.21 views

PHP Finance v1.0 - Multiple Web Vulnerabilities

Document Title: =============== PHP Finance v1.0 - Multiple Web Vulnerabilities Release Date: ============= 2011-07-16 Vulnerability Laboratory ID VL-ID: ==================================== 103 Product & Service Introduction: =============================== PHPFinance is a web based financial...

7.1AI score
Exploits0
ThreatPost
ThreatPost
added 2011/07/14 7:15 p.m.15 views

Pentagon Discloses Massive Data Theft, Lays Out New Security Strategy

A targeted attack on a defense contractor in March of this year resulted in the theft of 24,000 files by an unknown attacker, according to Defense Department officials. The attack, which officials say was the work of a foreign government, would represent one of the more serious known attacks on t...

7AI score
Exploits0References4
ThreatPost
ThreatPost
added 2011/07/13 6:48 p.m.8 views

Replacing the CA System, Millions of Clients at a Time

The Internet was not designed to be a secure network, not by any stretch of the imagination. It was meant to enable giant PDPs and IMPs at one college to talk to their brethren at another college across the country. SSL was an attempt to impose some level of security and trustability on this syst...

7.1AI score
Exploits0References5
ThreatPost
ThreatPost
added 2011/06/29 3:4 p.m.16 views

Fake IRS Spam Campaign Pushing Zeus Bot

There is a large scale spam campaign underway right now in which attackers are using fairly well-crafted emails that appear to come from the IRS to infect victims with the Zeus bot. The attack has been ongoing for a couple of weeks now, and researchers say that although the attackers have taken...

7.3AI score
Exploits0References3
ThreatPost
ThreatPost
added 2011/06/27 6:40 p.m.9 views

U.S. Playing Catch Up in Security for Contactless Devices

AMHERST, MASS.– The U.S. may boast the world’s largest economy, richest technology companies and a lion’s share of its top research universities. But when it comes to the subject of security of RFID Radio Frequency ID and other contactless technologies, America is still playing catch-up. The U.S....

7.2AI score
Exploits0References4
Saint
Saint
added 2011/06/19 12:0 a.m.39 views

Tom Sawyer GET Extension Factory COM Object Instantiation Memory Corruption

Added: 06/19/2011 CVE: CVE-2011-2217 BID: 48099 Background Tom Sawyer Software produces a variety of data visualization, layout, and analysis tools. Problem Certain ActiveX controls in tsgetxu71ex552.dll and tsgetx71ex552.dll in Tom Sawyer GET Extension Factory 5.5.2.237, as used in VI Client...

9.3CVSS7.1AI score0.41956EPSS
Exploits9
Saint
Saint
added 2011/06/19 12:0 a.m.31 views

Tom Sawyer GET Extension Factory COM Object Instantiation Memory Corruption

Added: 06/19/2011 CVE: CVE-2011-2217 BID: 48099 Background Tom Sawyer Software produces a variety of data visualization, layout, and analysis tools. Problem Certain ActiveX controls in tsgetxu71ex552.dll and tsgetx71ex552.dll in Tom Sawyer GET Extension Factory 5.5.2.237, as used in VI Client...

9.3CVSS7.1AI score0.41956EPSS
Exploits9
ThreatPost
ThreatPost
added 2011/06/17 3:24 p.m.9 views

Critical Infrastructure Vulnerable to Holes in Chinese SCADA Software

The U.S. CERT has issued a security advisory firms using industrial control systems software from the Chinese firm Sunway in the U.S. after a researcher discovered remotely exploitable holes that could be used to knock out or take control systems running the company’s software. The ICS-CERT, the...

1.3AI score
Exploits0References4
ThreatPost
ThreatPost
added 2011/06/08 2:33 p.m.6 views

Time to Focus on Results-Oriented Security

The security industry is full of pernicious problems with no easy solutions. Take spam, for example. The current best defense is filtering out the obvious spam messages. Yet, the countermeasure is not a solution: As anti-spam technology gets better, spammers merely churn out more spam and achieve...

7.2AI score
Exploits0References5
Prion
Prion
added 2011/06/06 7:55 p.m.22 views

Memory corruption

Certain ActiveX controls in 1 tsgetxu71ex552.dll and 2 tsgetx71ex552.dll in Tom Sawyer GET Extension Factory 5.5.2.237, as used in VI Client aka VMware Infrastructure Client 2.0.2 before Build 230598 and 2.5 before Build 204931 in VMware Infrastructure 3, do not properly handle attempted...

9.3CVSS8AI score0.41956EPSS
Exploits9References7Affected Software3
CVE
CVE
added 2011/06/06 7:0 p.m.71 views

CVE-2011-2217

The CVE-2011-2217 issue affects Tom Sawyer GET Extension Factory ActiveX controls (e.g., tsgetx71ex552/tsgetx71ex553.dll) installed with VMware VI Client and related Embarcadero ER/Studio bundles. The vulnerability stems from incorrect initialization in Internet Explorer, enabling remote attacker...

9.3CVSS7.5AI score0.41956EPSS
Exploits9References7Affected Software3
Cvelist
Cvelist
added 2011/06/06 7:0 p.m.38 views

CVE-2011-2217

Certain ActiveX controls in 1 tsgetxu71ex552.dll and 2 tsgetx71ex552.dll in Tom Sawyer GET Extension Factory 5.5.2.237, as used in VI Client aka VMware Infrastructure Client 2.0.2 before Build 230598 and 2.5 before Build 204931 in VMware Infrastructure 3, do not properly handle attempted...

7.4AI score0.41956EPSS
Exploits9References7
OpenVAS
OpenVAS
added 2011/06/03 12:0 a.m.20 views

Fedora Update for libcgroup FEDORA-2011-2570

Check for the Version of libcgroup OpenVAS Vulnerability Test Fedora Update for libcgroup FEDORA-2011-2570 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under th...

7.2CVSS0.2AI score0.00419EPSS
Exploits0References2
ThreatPost
ThreatPost
added 2011/06/01 9:55 p.m.22 views

China-Based Attacks Targeted Gmail of U.S. Officials, Activists

Search giant Google has again sounded the alarm about sophisticated attacks emanating from mainland China and targeting officials within the U.S. and Asian governments, as well as human rights activists and journalists. Samples of some of the messages posted on an independent researcher’s blog...

0.9AI score
Exploits0References6
ThreatPost
ThreatPost
added 2011/06/01 6:0 p.m.8 views

Pentagon Adds Cyber-Weapons to List of Arms

The Pentagon is compiling a list of offensive cyber-weapons capable of deliberately crippling or destroying an adversary’s critical infrastructure according to a recent report in the Washington Post. This collection of cyber weapons is part of a broader list of weapons approved by the Pentagon fo...

1AI score
Exploits0References7
Fedora
Fedora
added 2011/05/26 9:49 p.m.20 views

[SECURITY] Fedora 13 Update: libcgroup-0.35.1-5.fc13

Control groups infrastructure. The tools and library help manipulate, contr ol, administrate and monitor control groups and the associated controllers...

7.2CVSS2.7AI score0.00419EPSS
Exploits0
ThreatPost
ThreatPost
added 2011/05/13 4:29 p.m.9 views

Data Breach Notification Bill Included in New White House Proposal

The White House on Thursday proposed a new federal data breach notification law in an attempt to clarify a mish-mash of laws already on record. The notification comes as part of a much-delayed cybersecurity legislative proposal unveiled on Capitol Hill this week. The sweeping reform comes nearly...

0.3AI score
Exploits0References5
ThreatPost
ThreatPost
added 2011/05/12 3:57 p.m.7 views

Serious SCADA Security Flaw Affects Critical Infrastructure Firms

The U.S.’s Computer Emergency Response Team CERT issued a warning to critical infrastructure firms on Wednesday about a serious security hole in products from Massachusetts firm Iconics that could leave critical systems vulnerable to remote attacks. U.S. companies in the electricity, oil and gas,...

0.4AI score
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2011/05/02 12:0 a.m.21 views

HP Virtual Server Environment Detection

The remote Windows host contains HP Virtual Server Environment, an application for managing virtual server infrastructures. C Tenable Network Security, Inc. include'compat.inc'; if description scriptid53623; scriptversion"1.10"; scriptsetattributeattribute:"pluginmodificationdate",...

5.4AI score
Exploits0References1
securityvulns
securityvulns
added 2011/05/01 12:0 a.m.67 views

[Onapsis Security Advisory 2011-009] Oracle JD Edwards JDENET SawKernel Remote Password Disclosure

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Onapsis Security Advisory 2011-009: Oracle JD Edwards JDENET SawKernel Remote Password Disclosure This advisory can be downloaded in PDF format from http://www.onapsis.com/. By downloading this advisory from the Onapsis Resource Center, you will gain...

0.1AI score
Exploits0
Rows per page
Query Builder