9591 matches found
Zabbix 1.8.1 - SQL Injection
Zabbix 1.8.1 - SQL Injection ============================================= - Release date: April 1st, 2010 - Discovered by: Dawid Golunski - Severity: High ============================================= I. VULNERABILITY ------------------------- Zabbix = 1.8.1 SQL Injection II. BACKGROUND...
Google Chrome < 4.1.249.1036 Multiple Vulnerabilities
Binary data 800911.prm...
Google Chrome < 4.1.249.1036 Multiple Vulnerabilities
The version of Google Chrome installed on the remote host is prior to 4.1.249.1036. It is, therefore, affected by multiple vulnerabilities : - Multiple race conditions and pointer errors in the sandbox infrastructure. Issue 28804, 31880 - An error relating to persisted metadata such as Web...
Mapping the Criminal-ISP Infrastructure
According to a report issued today, eight networks connect directly to the botnet-hosting ISP Troyak and four other upstream providers that “surround the malicious core,” and help to “mask the true malware-hosting armada and provide solid uptime to the malware servers” for ZeuS botnets, Gozi, and...
What If Bill Gates Never Wrote the Trustworthy Computing Memo?
The security industry has undergone massive changes in the last 15 years, and in some cases it’s hard to imagine what things would be like had these events not taken place. Think of a world in which Google focuses on security and privacy and Microsoft never started Trustworthy Computing, and you...
Energy, Chemical Companies Are Malware Targets
Critical infrastructure organizations, such as those in the energy, oil, pharmaceutical and chemical sectors, encountered at least twice as much web malware as other organizations during 2009, researchers found. Read the full article. Secure Computing...
U.S. Gov to Simulate Cyber Attack Next Week
Security industry analysts and lawmakers will get an unprecedented chance next week to evaluate how the government might respond to a cyber-attack on critical infrastructure targets. Read the full article. Computerworld...
[SECURITY] Fedora 11 Update: zabbix-1.6.8-1.fc11
ZABBIX is software that monitors numerous parameters of a network and the health and integrity of servers. ZABBIX uses a flexible notification mechanism that allows users to configure e-mail based alerts for virtually any event. This allows a fast reaction to server problems. ZABBIX offers...
[SECURITY] Fedora 12 Update: zabbix-1.6.8-1.fc12
ZABBIX is software that monitors numerous parameters of a network and the health and integrity of servers. ZABBIX uses a flexible notification mechanism that allows users to configure e-mail based alerts for virtually any event. This allows a fast reaction to server problems. ZABBIX offers...
Trojan: Aurora.Hydraq (CVE-2010-0249)
The Hydraq Trojan also known as Aurora was being used in the recent attack against Google and other large companies. A then unpatched Internet Explorer vulnerability CVE-2010-0249 was used as one of the propagation vectors for this Trojan. The intent of the trojan is to open a back door on a...
Adobe Confirms 'Coordinated, Sophisticated' Cyber Attack
In an attack described as “sophisticated” and “coordinated,” Adobe said its corporate network systems were breached by hackers. The company said the attack also affected other unnamed companies. Adobe did not provide any other details except to say it was aware of the breach on January 2, 2010...
Microsoft Windows SharePoint Services Cross Site Scripting (MS07-059; CVE-2007-2581)
Microsoft Windows SharePoint Services WSS is an add-on component of Windows Server. WSS is based on IIS and ASP.NET technologies, providing a basic portal infrastructure, collaborative editing of documents, document organization, and version control capabilities. SharePoint functionality is expos...
CVE-2009-4326
The RAND scalar function in the Common Code Infrastructure component in IBM DB2 9.5 before FP5 and 9.7 before FP1, when the Database Partitioning Feature DPF is used, produces "repeating" return values, which might allow attackers to defeat protection mechanisms based on randomization by predicti...
Code injection
The Common Code Infrastructure component in IBM DB2 9.5 before FP5 and 9.7 before FP1 does not properly validate the size of a memory pool during a creation attempt, which allows attackers to cause a denial of service memory consumption via unspecified vectors...
Code injection
The RAND scalar function in the Common Code Infrastructure component in IBM DB2 9.5 before FP5 and 9.7 before FP1, when the Database Partitioning Feature DPF is used, produces "repeating" return values, which might allow attackers to defeat protection mechanisms based on randomization by predicti...
CVE-2009-4326
The RAND scalar function in the Common Code Infrastructure component in IBM DB2 9.5 before FP5 and 9.7 before FP1, when the Database Partitioning Feature DPF is used, produces "repeating" return values, which might allow attackers to defeat protection mechanisms based on randomization by predicti...
CVE-2009-4326
The CVE-2009-4326 issue affects IBM DB2 9.5 before FP5 and 9.7 before FP1 when the Database Partitioning Feature (DPF) is used. The RAND scalar function in the Common Code Infrastructure can produce repeating values, which may allow an attacker to predict randomness and defeat protection mechanis...
TANDBERG Remote Denial Of Service
Security Advisory Platform : TANDBERG Date : November 6, 2009 Affected : All MXP FIPS140 Current as of December 8, 2009 Tested : F8.2, F8.0, F7.2, F6.3 Unconf : VCS, BC, C90 Author : otokoyama Problem Description: Issues with the H.225 RAS implementation in TANDBERG Codecs. This has been confirme...
TANDBERG vF8.2 F8.0 F7.2 and F6.3 Remote Denial of Service
No description provided by source. Security Advisory Platform : TANDBERG Date : November 6, 2009 Affected : All MXP FIPS140 Current as of December 8, 2009 Tested : F8.2, F8.0, F7.2, F6.3 Unconf : VCS, BC, C90 Author : otokoyama Problem Description: Issues with the H.225 RAS implementation in...
Losing the Echo Chamber in the Critical Infrastructure Security Debate
As an analyst, and now as a consultant, I raise issues of digital and physical security: let’s talk about them, in plain terms, and collectively move to do something. As a member of the security digerati, I think we should be helping people, and we have to either step up with a better way forward...