EUVD-2006-6178

Malware in sbrugna...

EUVD-2006-6179

Malware in sbrugna...

fixit-cleaning.nl Improper Access Control vulnerability OBB-2241541

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Error "There is a problem with this Windows Installer package........ Contact your support personnel or package vendor" when Installing Windows Receiver

This article is intended for Citrix administrators and technical teams only. Non-admin users must contact their company’s Help Desk/IT support team and can refer to CTX297149 for more information. Installation of Receiver fails with the following error, "There is a problem with this Windows...

FixIt Mobile - Base64 encoded String, Dangerous filesystem permissions, Exported ContentProvider vulnerabilities

HackApp vulnerability scanner discovered that application FixIt Mobile published at the 'play' market has multiple vulnerabilities...

Microsoft Plans to Disable SSLv3 in IE, All Online Services

Microsoft is planning to disable support for the weak SSLv3 protocol in Internet Explorer at some undetermined point in the future, and also will remove support for it in the company’s online services soon. The security and utility of SSLv3 has been an issue for a long time, but it came into...

Attackers Exploiting Windows OLE Vulnerability

Attackers are using a zero day vulnerability in nearly all supported versions of Windows in a series of targeted attacks. The flaw is in the OLE technology in Windows and can be used for remote code execution is a targeted user opens a rigged Office file. Microsoft is warning customers that there...

Fixit iDMS Pro Image Gallery showfile.asp fid Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/21282/info Fixit iDMS Pro is prone to multiple input-validation vulnerabilities, including SQL-injection issues and an HTML-injection issue, because the application fails to properly sanitize user-supplied input. Successf...

Fixit iDMS Pro Image Gallery filelist.asp Multiple Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/21282/info Fixit iDMS Pro is prone to multiple input-validation vulnerabilities, including SQL-injection issues and an HTML-injection issue, because the application fails to properly sanitize user-supplied input. Successf...

Microsoft Warns of Targeted Attacks on Windows 0-Day

Microsoft is warning users about targeted attacks against a new vulnerability in several versions of Windows and Office that could allow an attacker to take over a user’s machine. The bug, which is not yet patched, is being used as part of targeted attacks with malicious email attachments, mainly...

Internet Explorer zero-day exploit used watering hole attacks to target Japanese users

Attackers exploiting a zero-day vulnerability CVE-2013-3893 in Microsoft's Internet Explorer browser and served them on compromised popular Japanese news websites. According to FireEye, at least three major Japanese media websites were compromised in watering hole attacks, dubbed Operation...

Internet Explorer zero-day exploit used watering hole attacks to target Japanese users

Attackers exploiting a zero-day vulnerability CVE-2013-3893 in Microsoft’s Internet Explorer browser and served them on compromised popular Japanese news websites. According to FireEye, at least three major Japanese media websites were compromised in watering hole attacks, dubbed Operation...

IE Zero Day Used in Targeted Attacks Against Japanese Firms

Attackers exploiting a zero-day vulnerability in Microsoft’s Internet Explorer browser have compromised several popular local Japanese media outlets and have infected systems belonging to government, high tech and manufacturing organizations in Japan. Researchers at FireEye said the attacks appea...

Microsoft FixIt Tool Blocks Java Attacks in IE

Java is a security headache, not just for users and Oracle, its provider, but also for other software companies that have to deal with it, as well. Microsoft has taken steps to address this problem by releasing a FixIt tool that is designed to block all of the Web-based Java attack vectors in...

Microsoft Will Patch IE Zero-Day on Friday; Fixit Available as Stopgap

Microsoft announced last night it would issue an out-of-band patch on Friday for a zero-day Internet Explorer vulnerability disclosed earlier this week. In the meantime, Microsoft made a FixIt available on Wednesday that would temporarily mitigate the threat posed by active exploits found in the...

Microsoft FixIt Will Address IE Zero-Day Vulnerability

With Internet Explorer users still exposed to as many as four active exploits of a zero-day vulnerability in the browser, Microsoft Tuesday night said it will release a FixIt in the next couple of days that will address the issue. A FixIt is an automated tool provided by Microsoft that diagnoses...

Microsoft Issues FixIt For XML Flaw

With attackers already exploiting the MSXML zero-day vulnerability, which affects a wide range of products, Microsoft has issued a FixIt tool for the bug that it is encouraging users to install as they prepare a full patch for the flaw. The vulnerability is a critical one, and, because it’s prese...

Microsoft Releases Workaround For Kernel Flaw Used By Duqu

Microsoft has released a workaround for the Windows kernel zero-day vulnerability exploited by the Duqu malware, and said that it is working on a permanent patch, but didn’t specify a timeline for its release. The vulnerability is a serious one that can lead to remote code execution on vulnerable...

Microsoft Pushes FixIt Tool to Enable Support for Newer TLS Version

Microsoft has relased a security advisory about the TLS/SSL attack developed by Juliano Rizzo and Thai Duong and also has made a FixIt tool available to help server administrators switch on support for newer versions of the protocol that aren’t vulnerable to the attack. The Microsoft advisory lay...

Attackers Targeting MHTML Bug in Windows

There is a wave of ongoing attacks against a bug in MHTML that affects all of the current versions of Windows, and there seems to be little recourse for sites trying to protect their users from the attacks. The current spate of attacks is targeting users of Internet Explorer, and experts are...