985 matches found
Earn Rewards for Finding Security Flaws in Gmail, YouTube, and More
Google is on the hunt for hackers to find security vulnerabilities in popular web applications like Gmail, Blogger, and YouTube. The tech giant is offering rewards starting at $500 per bug. For vulnerabilities that are "severe or unusually clever," the payout can reach up to $3,133.70...
CVE-2010-3238
Microsoft Excel 2002 SP3 and 2003 SP3, and Office 2004 for Mac, does not properly validate binary file-format information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Negative Future Function Vulnerability."...
Глава Google поделился своим видением будущего
Эрик Шмидт, генеральный директор Google, дал интервью изданию Wall Street Journal. В нём он рассказал о том, каким образом компания зарабатывает, про неприбыльные проекты, а также про новые технологии и своё видение будущего. Пару лет назад фирма переживала "кризис среднего возраста" - в компании...
Chris Hoff: Cloud Computing
In this session from the SOURCE conference in Boston, Chris Hoff of Cisco Systems discusses the current state of cloud computing and what it can tell us about the future of cloud computing...
mysql: Incomplete fix for CVE-2008-2079 / CVE-2008-4098
MySQL 5.1.x before 5.1.41 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified 1 DATA DIRECTORY or 2 INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future...
Paul Roberts on the Decade in Security
Dennis Fisher talks with Paul Roberts of The 451 Group about the changes that the last decade has brought in computer security, the biggest story of the ’00s and what the Teens might hold. Podcast audio courtesy of sykboy65 Subscribe to the Digital Underground podcast on...
SSL Certificate Expiry - Future Validity
The SSL certificate for the remote SSL-enabled service is not yet valid. C Tenable Network Security, Inc. include"compat.inc"; ifdescription scriptid42980; scriptversion "$Revision: 1.8 $"; scriptcvsdate"$Date: 2012/04/02 16:34:10 $"; scriptnameenglish:"SSL Certificate Expiry - Future Validity";...
GAO Names Areas of Threat to U.S.
It’s not a very good day when a security report concludes: Disruptive cyber activities expected to become the norm in future political and military conflicts. But such was the case as the Government Accountability Office took yet another critical look at the US federal security systems and found...
mysql: privilege escalation via DATA/INDEX DIRECTORY directives
MySQL 4.1.x before 4.1.24, 5.0.x before 5.0.60, 5.1.x before 5.1.24, and 6.0.x before 6.0.5 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified 1 DATA DIRECTORY or 2 INDEX DIRECTORY arguments that are within the MySQL home data directory,...
OpenSSL: DTLS epoch record buffer memory DoS
The dtls1bufferrecord function in ssl/d1pkt.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allows remote attackers to cause a denial of service memory consumption via a large series of "future epoch" DTLS records that are buffered in a queue, aka "DTLS record buffer limitation bug."...
Disruptive Innovation and the Future of Security
In this video from the Source Boston 2008 conference, Rich Mogull of Securosis and Chris Hoff discuss the phenomenon of disruptive innovation and what it means for the future of security...
DEBIAN-CVE-2009-1377
The dtls1bufferrecord function in ssl/d1pkt.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allows remote attackers to cause a denial of service memory consumption via a large series of "future epoch" DTLS records that are buffered in a queue, aka "DTLS record buffer limitation bug."...
openssl -- denial of service in DTLS implementation
Secunia reports: Some vulnerabilities have been reported in OpenSSL, which can be exploited by malicious people to cause a DoS. The library does not limit the number of buffered DTLS records with a future epoch. This can be exploited to exhaust all available memory via specially crafted DTLS...
Dan Geer: Risk management should change the future
By Joan Goodchild, CSO “The dean of the security deep thinkers,” “security luminary, ” and “risk-management pioneer” are all phrases that have been used to describe Dan Geer. Considered one of the foremost leaders in information security, his resume includes time as president and chief scientist ...
Copyright 2008 Future US Cross Site Scripting
NULL CODE SERVICES www.nullcode.com.ar Hunting Security Bugs! +===================================================================================================================+ + Copyright 2008 - Copyright 2008 Future US //Cross-site scripting XSS Remote Java Execution +...
mysql: privilege escalation via DATA/INDEX DIRECTORY directives
MySQL 4.1.x before 4.1.24, 5.0.x before 5.0.60, 5.1.x before 5.1.24, and 6.0.x before 6.0.5 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified 1 DATA DIRECTORY or 2 INDEX DIRECTORY arguments that are within the MySQL home data directory,...
mysql: privilege escalation via DATA/INDEX DIRECTORY directives
MySQL 4.1.x before 4.1.24, 5.0.x before 5.0.60, 5.1.x before 5.1.24, and 6.0.x before 6.0.5 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified 1 DATA DIRECTORY or 2 INDEX DIRECTORY arguments that are within the MySQL home data directory,...
Debian DSA-1444-2 : php5 - several vulnerabilities
It was discovered that the patch for CVE-2007-4659 could lead to regressions in some scenarios. The fix has been reverted for now, a revised update will be provided in a future PHP DSA. For reference the original advisory below : Several remote vulnerabilities have been discovered in PHP, a...
CVE-2006-6777
Cross-site scripting XSS vulnerability in index.cfm in Future Internet allows remote attackers to inject arbitrary web script or HTML via the categoryId parameter in a Portal.ShowPage action...
CVE-2006-6776
Multiple SQL injection vulnerabilities in Future Internet allow remote attackers to execute arbitrary SQL commands via the 1 newsId or 2 categoryid parameter in a Portal.Showpage action in index.cfm, or 3 the langId parameter in index.cfm...