Lucene search
K

9537 matches found

NVD
NVD
added 2009/09/28 10:30 p.m.15 views

CVE-2009-3441

Open Source Security Information Management OSSIM before 2.1.2 allows remote attackers to bypass authentication, and read graphs or infrastructure information, via a direct request to 1 graphs/alarmsevents.php or 2 host/drawtree.php...

5CVSS6.6AI score0.02287EPSS
Exploits1References4
Cvelist
Cvelist
added 2009/09/28 10:0 p.m.21 views

CVE-2009-3441

Open Source Security Information Management OSSIM before 2.1.2 allows remote attackers to bypass authentication, and read graphs or infrastructure information, via a direct request to 1 graphs/alarmsevents.php or 2 host/drawtree.php...

6.6AI score0.02287EPSS
Exploits1References4
CVE
CVE
added 2009/08/18 10:0 p.m.53 views

CVE-2009-2856

Sun Virtual Desktop Infrastructure (VDI) 3.0 is affected when anonymous binding is enabled. The issue arises because the client’s attempt to establish an authenticated and encrypted connection is not properly handled, which might allow remote attackers to read cleartext VDI configuration‑data req...

3.5CVSS6.6AI score0.0132EPSS
Exploits0References4Affected Software1
ThreatPost
ThreatPost
added 2009/08/06 5:26 p.m.15 views

Moxie Marlinspike on SSL Attacks

Dennis Fisher talks with researcher Moxie Marlinspike about the innovative research on attacking the inherent weaknesses in the SSL infrastructure that he presented at Black Hat, and the tools he has released to demonstrate the attacks, SSLSniff and SSLStrip. Download Subscribe to the Digital...

1.9AI score
Exploits0References7
ThreatPost
ThreatPost
added 2009/07/23 1:44 p.m.7 views

How Can We Win a Cyberwar?

Cyberwar is no longer an urban legend. From Estonia to Georgia to Israel, cyberwar has become a regular part of geopolitical struggles around the globe, and it promises to become a growing factor in future international conflicts. Even skeptics have to admit that the economics behind cyber warfar...

0.3AI score
Exploits0References1
ThreatPost
ThreatPost
added 2009/06/11 7:26 p.m.10 views

Short list emerges for cybersecurity czar job

The first reports of the short list for the job of federal cybersecurity coordinator are beginning to trickle out, and while some of the names are all too familiar, many others are quite new to the national scene. The most well-known name on the list, as reported by Reuters, is that of Scott...

7.5AI score
Exploits0References1
ThreatPost
ThreatPost
added 2009/05/29 5:8 p.m.18 views

Obama cybersecurity plan has a familiar ring

President Obama on Friday presented his long-awaited cybersecurity plan, which included the establishment of a new White House office headed by a cybersecurity “coordinator” who would oversee and advise Obama on this issue. He also proposed hiring a separate official dedicated to privacy and civi...

6.9AI score
Exploits0References3
ThreatPost
ThreatPost
added 2009/05/27 6:45 p.m.9 views

Private sector relations should be job one for cyber security czar

Whoever is brave enough to fill the soon-to-be-created cybersecurity czar position will find a rather large pile of challenges waiting. Among them will be dealing with a confused and argumentative Congress, doing a full-scale assessment of the country’s critical infrastructure and reaching out to...

7.3AI score
Exploits0References5
ThreatPost
ThreatPost
added 2009/05/06 3:7 p.m.13 views

Battle brewing over cybersecurity in Washington

There is a good old-fashioned backroom brawl shaping up in Washington over the cybersecurity issue, and the forces are aligning in some interesting ways on a variety of different sides of the debate. The latest installment in this long-running drama involves not just the fight over which, if any,...

7AI score
Exploits0References5
ThreatPost
ThreatPost
added 2009/04/29 2:18 p.m.9 views

Health scares can provide lessons for security

The swine flu outbreak has inspired a flood of comparisons and false analogies to Conficker and other worms, most of which miss the many key differences between the Internet infrastructure and the human population. But there are lessons that security personnel can learn from the ways that health...

Exploits0References4
ThreatPost
ThreatPost
added 2009/04/27 5:13 p.m.9 views

Twitter searching for software security personnel

From ZDNet Zero Day Now that Oprah’s all a twitter, it looks like everyone’s favorite micro-blogging tool is finally taking a hard look at security. According to a job listing posted online, Twitter is searching for software engineers to focus specifically on application and infrastructure...

1.7AI score
Exploits0References3
ThreatPost
ThreatPost
added 2009/04/27 3:48 p.m.14 views

The 5 claims of PCI DSS snake oil salesmen

The Payment Card Industry Data Security Standard PCI DSS is fast becoming the de facto standard for securing critical infrastructure across many industries. This is because a large number of businesses much larger than originally envisioned process credit cards and are, therefore, required to be...

1.1AI score
Exploits0References2
ThreatPost
ThreatPost
added 2009/04/23 7:15 p.m.10 views

Critical infrastructure security still lagging

The interdependencies and interconnections of the networks that run the country’s critical infrastructure assets such as water, power and gas have created a dangerously fragile system in which security is just now becoming a priority, experts say. For years the priorities for these networks have...

0.4AI score
Exploits0References2
ThreatPost
ThreatPost
added 2009/04/22 11:10 p.m.11 views

U.S. Should Play Larger Role in Securing Internet, Hathaway Says

In her much anticipated talk, acting senior director for cyberspace by President Obama, Melissa Hathaway generally reviewed what we already knew, and what has been previously reported when it comes to federal cyber security: The White House should coordinate IT security efforts; private sector...

Exploits0
seebug.org
seebug.org
added 2009/04/22 12:0 a.m.26 views

HP Storage Essentials Secure NaviCLI未明远程特权提升漏洞

BUGTRAQ ID: 34613 CVE ID:CVE-2009-0715 CNCVE ID:CNCVE-20090715 HP Storage Essentials是一款基础设施管理解决方案,消除服务器和存储管理的复杂性。 HP Storage Essentials运行Secure NaviCLI存在安全漏洞,远程攻击者可以利用漏洞获得未授权访问或获得更高的特权。 目前没有详细漏洞细节提供。 HP Storage Essentials SRM Standard 6.0.4 HP Storage Essentials SRM Standard 6.0.3 HP Storage...

6.5CVSS6.4AI score0.01345EPSS
Exploits1
ThreatPost
ThreatPost
added 2009/04/13 2:31 p.m.11 views

Bad outweighs the good in Senate cybersecurity bill

The Senate bill introduced earlier this month that would make sweeping changes to the way that information security is practiced both in the federal government and the private sector has a number of good elements, but the flaws in the proposed legislation outweight the benefits, writes Steve...

7.1AI score
Exploits0References1
ThreatPost
ThreatPost
added 2009/04/09 2:43 p.m.12 views

Electrical grid attacks have been ongoing for years

The supposedly new attacks on the electrical grid and other portions of the country’s critical infrastructure that came to light this week are in fact not new at all and have been ongoing for several years. Attackers have been making serious inroads into U.S. government, utility and military...

7AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2009/04/06 12:0 a.m.2 views

PT-2009-3785 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 2.6.29.1 Description: The issue is related to the "udp seq file infrastructure" in the Linux kernel. It allows local users to cause a denial of service panic by reading zero bytes from the /proc/net/udp file and...

5.5CVSS5.2AI score0.00267EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2009/04/02 12:0 a.m.7 views

PT-2009-3770 · Check Point · Check Point Firewall-1

Name of the Vulnerable Software and Affected Versions: Check Point Firewall-1 PKI Web Service affected versions not specified Description: A buffer overflow issue in the PKI Web Service allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long Authorizati...

10CVSS8.8AI score0.07202EPSS
Exploits1References7
ThreatPost
ThreatPost
added 2009/03/31 5:29 p.m.9 views

U.S. falling far behind on cybersecurity

In the next few weeks President Barack Obama will be handed a report detailing the country’s cybersecurity defenses and laying out what’s needed to protect America’s technology resources from hostile nations and organized crime groups. It will not be a pretty picture. Cybersecurity experts, forme...

6.9AI score
Exploits0References4
Rows per page
Query Builder