SEC Says Public Companies May Need to Disclose Attacks

The Securities and Exchange Commission has issued new guidance to help public companies determine when they may need to disclose an attack–or even a potential attack–in order to make potential investors aware of possible risks to the company’s business. The guidance, which does not constitute a...

Red Hat Enterprise Linux seunshare Unsafe Implementation

Developers should not rely on the stickiness of /tmp on Red Hat Linux --------------------------------------------------------------------- Recent versions of Red Hat Enterprise Linux and Fedora provide seunshare, a setuid root utility from policycore-utils intended to make new filesystem...

FBI raids on 40 Anonymous hackers !

The FBI would have conducted 40 raids yesterday and seized the computers of members of the loosely organized group of hackers known as Anonymous. Several members have posted their stories in online forums, including images of kicking in doors. The FBI has seized every computer in every house and...

WordPress Viva Thumbs Directory Traversal

http://www.procheckup.com/vulnerabilitymanager/vulnerabilities/pr10-04 PR10-04 Directory traversal limited to file validation within Viva thumbs WordPress add-on Advisory publicly released: Tuesday, 21 December 2010 Vulnerability found: Thursday, 4 February 2010 Vendor informed: Monday, 8 Februar...

Windows Win32k Pointer Dereferencement PoC (MS10-098)

Exploit for windows platform in category dos / poc / MS10-098 CVE-2010-3944 Microsoft Windows Win32k pointer dereferencement -------------------- Affected Software ------------------------ Microsoft Windows 7 / 2008 -------------------- Consequences ----------------------- An unprivileged user ma...

Microsoft Windows - Win32k Pointer Dereferencement (PoC) (MS10-098)

Microsoft Windows - Win32k Pointer Dereferencement PoC MS10-098 / MS10-098 CVE-2010-3944 Microsoft Windows Win32k pointer dereferencement -------------------- Affected Software ------------------------ Microsoft Windows 7 / 2008 -------------------- Consequences ----------------------- An...

Hacker Poses as Graduate, Hacks Student Emails, Faces Legal Consequences

A hacker who posed as a university graduate to access the emails of hundreds of students has been given a suspended prison sentence and ordered to pay more than £20,000 in costs and compensation. Daniel Woo, a 23-year-old Bulgarian national, was sentenced for offenses under the Misuse of Computer...

PR09-16: Juniper Secure Access series (Juniper IVE) Cross-Site Scripting Vulnerability

PR09-16: Juniper Secure Access series Juniper IVE XSS Vulnerability found: 12th October 2009 Severity: Medium Script injection Description: There is a Cross-site Scripting vulnerability on Juniper, IVE web interface. Procheckup has found by making a malformed request to the IVE Web interface...

ProCheckUp Security Advisory 2009.16

PR09-16: Juniper Secure Access series Juniper IVE XSS Vulnerability found: 12th October 2009 Severity: Medium Script injection Description: There is a Cross-site Scripting vulnerability on Juniper, IVE web interface. Procheckup has found by making a malformed request to the IVE Web interface...

ProCheckUp Security Advisory 2010.3

PR10-03: Authenticated XSS within the Apache Axis2 administration console Vulnerability found: 30th January 2010 Vendor informed: 1st February 2010 Vulnerability fixed: Severity: Medium Description: Axis2 is a web services/SOAP/WDSL engine, widely used within many commercial products Procheckup h...

Java Deployment Toolkit Performs Insufficient Validation

Java Deployment Toolkit Performs Insufficient Validation of Parameters ------------------------------------------------------------------------- Java Web Start henceforth, jws provides java developers with a way to let users launch and install their applications using a URL to a Java Networking...

SSL Flaw Has Researchers Hustling to Fix

A flaw in the SSL protocol that could affect company networks, hosting environments and key machines has security researchers scrambling. The flaw, which requires a hack in to a network to launch, has devastating consequences and implications on database and mail servers. Discovered in August by...

LAN of overbearing control ARP deception of experience-vulnerability warning-the black bar safety net

ARP spoofing I believe we are not familiar with it, but someone know the cheat of this 2 words real meaning? Oh, that ARP spoofing hair is some kind of ARP packet? ARP spoofing how to prevent? ARP spoofing on my door what useful value? ARP spoofing on my door what harm? Okay and we talk about it...

About mobile phone SIM card vulnerability-vulnerability warning-the black bar safety net

The SIM card also the presence of vulnerability? Can't believe? This is the mobile giant's products, and today I on the Blog will put this BUG simple a description! One day in order to quickly store a phone number with a simple“!” As the storage name in quotes ignored, dbtel phone storage, but to...

Zen Cart 1.3.8 Remote Code Execution Exploit

No description provided by source. !/usr/bin/php ?php ------- Zen Cart 1.3.8 Remote Code Execution http://www.zen-cart.com/ Zen Cart Ecommerce - putting the dream of server rooting within reach of anyone! A new version 1.3.8a is avaible on http://www.zen-cart.com/ BlackH : errorreportingEALL ^...

Debian DSA-1684-1 : lcms - multiple vulnerabilities

Two vulnerabilities have been found in lcms, a library and set of commandline utilities for image color management. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2008-5316 Inadequate enforcement of fixed-length buffer limits allows an attacker to...

PR07-41: XSS on Juniper Networks Secure Access 2000

PR07-41: XSS on Juniper Networks Secure Access 2000 Vulnerability found: 6th December 2007 Vendor informed: 12th December 2007 Severity: Medium-high Description: Juniper Networks Secure Access 2000 is vulnerable to a vanilla XSS. Vulnerable server-side script: '/dana-na/auth/rdremediate.cgi'...

ProCheckUp Security Advisory 2007.38

PR07-38: XSS on sIFR Vulnerability Found: 12 November 2007 Vendor contacted: 19 November 2007 Vulnerability fixed: The issue remains unfixed. The developer of sIFR was contacted several times but did not respond. Severity: Medium Successfully tested on: sIFR 2.0.2 Description: Sites using sIFR to...

Security testing of Java Web applications website vulnerability-vulnerability warning-the black bar safety net

web application development sites, is currently the most widely used program. But the developers of the level is uneven, resulting in a wide variety of web vulnerabilities. This article standing in a layered architecture perspective, the analysis about how to in a java web program to find the may...

ProCheckUp Security Advisory 2007.14

PR07-14: Cross-site Scripting XSS / HTML injection on F5 FirePass 4100 SSL VPN 'my.activation.php3' server-side script Date Found: 19th June 2007 Successfully tested on: version 5.5.2 F5 Networks has confirmed the following versions to be vulnerable: FirePass versions 5.4.1 - 5.5.2 FirePass...