Lucene search
K

7133 matches found

Zero Day Initiative
Zero Day Initiative
added 2011/08/09 12:0 a.m.35 views

Microsoft Internet Explorer 9 STYLE Object Parsing Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

9CVSS4.6AI score0.23356EPSS
Exploits1References1
The Hacker News
The Hacker News
added 2011/08/04 10:58 a.m.2 views

GFI SandBox - Powerful automated malware analysis

GFI SandBox - Powerful automated malware analysis GFI SandBox™ formerly CWSandbox is an industry leading dynamic malware analysis tool. It gives you the power to analyze virtually any Windows application or file including infected: Office documents, PDFs, malicious URLs, Flash ads and custom...

7.6AI score
Exploits0
The Hacker News
The Hacker News
added 2011/08/04 10:58 a.m.39 views

GFI SandBox - Powerful automated malware analysis

GFI SandBox - Powerful automated malware analysis GFI SandBox™ formerly CWSandbox is an industry leading dynamic malware analysis tool. It gives you the power to analyze virtually any Windows application or file including infected: Office documents, PDFs, malicious URLs, Flash ads and custom...

7.2AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2011/08/04 12:0 a.m.21 views

SuSE 10 Security Update : coreutils (ZYPP Patch Number 7655)

This update of coreutils fixes the following security issue : - 697897: coreutils: when running 'su -c' to execute commands as different user the target user could inject command back into the calling users terminal via the TIOCSTI ioctl. This update also fixes the following non-security issues :...

5.6AI score
Exploits0
Positive Technologies
Positive Technologies
added 2011/07/20 12:0 a.m.4 views

PT-2011-1121 · Red Hat · Fuse +4

Name of the Vulnerable Software and Affected Versions: fuse versions 2.8.3 through 2.8.5 fuse-devel versions 2.8.3 fuse-libs versions 2.8.3 fuse-debuginfo versions 2.8.3 Description: The issue concerns multiple vulnerabilities in the fuse package of Red Hat Enterprise Linux, which can lead to...

5.8CVSS6.5AI score0.09848EPSS
Exploits1References27
Packet Storm
Packet Storm
added 2011/07/13 12:0 a.m.27 views

Solar FTP 2.1.1 PASV Buffer Overflow

!/usr/bin/python Title: Solar FTP 2.1.1 PASV Command PoC Authors: Craig Freyman @cd1zz and Gerardo Iglesias @iglesiasgg Tested: Windows XP SP3 Vendor Contacted July 11, 2011 Vendor Response: July 12, 2011 - Will fix ASAP, approved release of PoC. Notes: We found different offsets depending on the...

0.6AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2011/07/05 12:0 a.m.26 views

Fedora 15 : feh-1.14.1-1.fc15 (2011-8750)

Changes since 0.10.1 : - Bug fixes Make zoomdefault key work properly with --geometry Only create caption directory when actually writing out a caption. read directory contents sorted by filename instead of 'randomly' as returned by readdir by default. Thanks talisein! Show certain warnings in th...

3.3CVSS5.4AI score0.00333EPSS
Exploits0References13
curl security advisories
curl security advisories
added 2011/06/23 8:0 a.m.8 views

inappropriate GSSAPI delegation

When doing GSSAPI authentication, libcurl unconditionally performs credential delegation. This hands the server a copy of the client's security credentials, allowing the server to impersonate the client to any other using the same GSSAPI mechanism. This is obviously a sensitive operation, which...

4.3CVSS7.8AI score0.02994EPSS
Exploits0Affected Software2
myhack58
myhack58
added 2011/05/17 12:0 a.m.56 views

Win32k. sys keyboard layout file to mention the right vulnerability analysis-vulnerability warning-the black bar safety net

Author: Sebastien Renaud Translator: riusksk(springs brother: the http://riusksk.blogbus.com) This article will give you shed some light on the Stuxnet Virus the technical details, mainly aimed at the about the author is how to use 0day vulnerabilities to achieve code versatility. Discussed below...

6.8AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2011/03/07 12:0 a.m.22 views

Fedora 15 : asterisk-1.8.3-1.fc15 (2011-2360)

The Asterisk Development Team has announced the release of Asterisk 1.8.3. This release is available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk/ The release of Asterisk 1.8.3 resolves several issues reported by the community and would have not been possible...

6.8CVSS5.4AI score0.03525EPSS
Exploits0References14
ThreatPost
ThreatPost
added 2011/02/04 4:19 p.m.15 views

SAUSAGE Con Delves into IT Security's 'Human Problem'

‘Why is security so hard?’ That’s the question that a new conference focused on “useable security” will attempt to answer by bringing together experts on security, software development and human-computer interaction. DEK: ‘Why is security so hard?’ That’s the question that a new conference will...

7.4AI score
Exploits0References1
Debian
Debian
added 2011/01/30 10:41 a.m.45 views

[SECURITY] [DSA-2154-1] exim4 security update

------------------------------------------------------------------------ Debian Security Advisory DSA-2154-1 [email protected] http://www.debian.org/security/ Stefan Fritsch January 30, 2011 http://www.debian.org/security/faq -...

7.8CVSS9.9AI score0.17794EPSS
Exploits4
ThreatPost
ThreatPost
added 2010/12/17 4:55 p.m.13 views

Rootkit Being Used in Attacks on Exim Bug

Attackers have begun using the bug in the Exim mailer that was disclosed earlier this week to install a rootkit on machines running vulnerable versions of the software. The vulnerability in Exim, which is a mail transfer agent used on Unix-based machines, came to light on Monday and can result in...

0.5AI score
Exploits0References3
The Hacker News
The Hacker News
added 2010/12/17 4:20 p.m.9 views

New Trojan Targets User Credentials on Popular Sites

A new information-stealing Trojan, believed to be of Chinese origin, has been identified by Avira researchers. This malware targets usernames and passwords for a variety of popular websites, including YouTube, Google, and PayPal, as well as Chinese sites like Youku, Tudou, Sogou, and Soho. The...

7.3AI score
Exploits0
ThreatPost
ThreatPost
added 2010/12/06 7:35 p.m.21 views

Researcher Releases JavaSnoop Java-Analysis Tool

Java has long been one of the more widely used–and widely criticized–technologies on the Web. It’s used virtually everywhere and roundly panned by security researchers for its security shortcomings. Now, a researcher has released a new tool, called JavaSnoop, that’s designed to help people better...

Exploits0References3
Tenable Nessus
Tenable Nessus
added 2010/12/02 12:0 a.m.41 views

SuSE 11 Security Update : MySQL (SAT Patch Number 2317)

Updated MySQL packages fix the following bugs : - upstream 47320 - checking server certificates. CVE-2009-4028 - upstream 48291 - error handling in subqueries. CVE-2009-4019 - upstream 47780 - preserving nullvalue flag in GeomFromWKB. CVE-2009-4019 - upstream 39277 - symlink behaviour fixed...

6.8CVSS6.7AI score0.16263EPSS
Exploits8References9
ThreatPost
ThreatPost
added 2010/11/29 2:46 p.m.15 views

What is Information Security?

Recently, I’ve heard some bits and pieces about how Information Security InfoSec can be “threat-centric” or “vulnerability-centric”. This stuck me funny for a number of reasons, mainly it showed a basic bias towards what InfoSec is. And to me, InfoSec is too complex to be described as...

7AI score
Exploits0References5
OpenVAS
OpenVAS
added 2010/11/16 12:0 a.m.21 views

Ubuntu Update for libvirt regression USN-1008-4

Ubuntu Update for Linux kernel vulnerabilities USN-1008-4 OpenVAS Vulnerability Test $Id: gbubuntuUSN10084.nasl 7965 2017-12-01 07:38:25Z santu $ Ubuntu Update for libvirt regression USN-1008-4 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH,...

4.4CVSS0.5AI score0.00423EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2010/11/09 12:0 a.m.30 views

Ubuntu 10.04 LTS : libvirt regression (USN-1008-4)

USN-1008-1 fixed vulnerabilities in libvirt. The upstream fixes for CVE-2010-2238 changed the behavior of libvirt such that the domain XML could not specify 'hostdevice' as the qemu sub-type. While libvirt 0.8.3 and later will longer support specifying this sub-type, this update restores the old...

4.4CVSS7.3AI score0.00423EPSS
Exploits0References5
ThreatPost
ThreatPost
added 2010/11/05 12:55 p.m.33 views

Uncovering Covert Command-and-Control Channels

As the line between securely hosted and controlled enterprise applications and cloud-based applications continues to blur, there’s more “legitimate” traffic between corporate networks and the Internet than ever before. This opens up new vectors for attack by hackers and cybercriminals as more...

Exploits0References1
Rows per page
Query Builder