867 matches found
I Have Only One Security Prediction for 2010
Instead of the usual top ten lists that are all-too-common with predictions for the new year, I have just one: 2010 will be the year of desktop applications handling untrusted data in sandboxed processes, and it will be about time. Since the release of Windows XP SP2, there have been significantl...
NFS Server Superfluous
The remote NFS server is not exporting any shares. Running an unused service unnecessarily increases the attack surface of the remote host. C Tenable Network Security, Inc. Get the export list of the remote host and warns the user if a NFS share is exported to the world. include 'compat.inc' ;...
Microsoft Says Google Chrome Frame is IE Security Risk
Google’s decision to introduce a plug-in that runs Google Chrome inside Microsoft’s Internet Explorer isn’t sitting well with the folks at Redmond. The Google Chrome Frame, which is presented as a seamless way to bring Google Chrome’s open web technologies and speedy JavaScript engine to Internet...
Vulnerabilities and Attack Surface
From CERT Will Dormann Two recent US-CERT Vulnerability Notes cert.org describe similar issues in the Adobe Reader and Foxit Reader PDF viewing applications. The vulnerabilities, that both applications failed to properly handle JPEG2000 JPX data streams, were discovered as part of our Vulnerabili...
Advisory: Oracle EBusiness Suite Sensitive Information Disclosure Vulnerability
Version Affected: Oracle E-Business Suite Release 12, version 12.0.6 Oracle E-Business Suite Release 11i, version 11.5.10.2 CVE: 2008-5446 Description: The oracle E Business including applications like I-Recruitment etc is vulnerable to flaw which leads to sensitive information disclosure about t...
Code injection
Microsoft Windows Vista establishes a Teredo address without user action upon connection to the Internet, contrary to documentation that Teredo is inactive without user action, which increases the attack surface and allows remote attackers to communicate via Teredo...
WebTrends Reporting Center 6.1 Management Interface - Full Path Disclosure
WebTrends Reporting Center 6.1 Management Interface - Full Path Disclosure source: https://www.securityfocus.com/bid/9460/info The WebTrends Reporting Center management interface discloses installation path information when an invalid argument for an interface URI parameter is requested. This...