VUPEN Security Research - Adobe Flash Player RTMP Data Processing Object Confusion (CVE-2013-2555)

VUPEN Security Research - Adobe Flash Player RTMP Data Processing Object Confusion Code Execution CVE-2013-2555 Website : http://www.vupen.com Twitter : http://twitter.com/vupen I. BACKGROUND --------------------- Adobe Flash Player is a cross-platform browser-based application runtime that...

Air Force Classifies Some Cybersecurity Tools as Weapons

The United States government for years has been developing and deploying offensive cyber capabilities, most of it done without much in the way of public notice. That’s been changing of late, as government and military officials have become more open in discussing these capabilities and under what...

Cyber 9/11, cyber doomsday...between fear and need for action

It’s not a mystery, every nation is worried of the level of security of its infrastructure, the United States are among the most concerned governments due the high number of cyber-attack against its networks. US Government representative such us former States Secretary of Defense Leon Panetta and...

NSA Director Alexander: US Building Cyberattack Teams

More rhetoric is coming out of Washington regarding the use of malware as an auxiliary weapon to bombs and bullets. National Security Agency leader Gen. Keith Alexander told a House Armed Services Committee yesterday that his new Cyber Command will be ready to retaliate should the United States...

Chinese hackers infiltrate Indian Defence Research Organisation

According to an exclusive report published today by DNA news, the computers of highly sensitive Defence Research and Development Organisation DRDO have reportedly been hacked by Chinese hackers as biggest security breach in the Indian Defence ever. Infiltrate leading to the leak of thousands of t...

Chinese hackers infiltrate Indian Defence Research Organisation

According to an exclusive report published today by DNA news, the computers of highly sensitive Defence Research and Development Organisation DRDO have reportedly been hacked by Chinese hackers as biggest security breach in the Indian Defence ever. Infiltrate leading to the leak of thousands of t...

Unofficial Pakistan Intelligence website hacked

While the rest of the world engaged in cyber security conferences and Anonymous operations, an Indian patriotic hacker used the time to attack Unofficial Pakistan Intelligence agency ISI. Hacker going by name "Godzilla" today claimed to hack into one of the server belongs to ISI website...

Unofficial Pakistan Intelligence website hacked

While the rest of the world engaged in cyber security conferences and Anonymous operations, an Indian patriotic hacker used the time to attack Unofficial Pakistan Intelligence agency ISI. Hacker going by name "Godzilla" today claimed to hack into one of the server belongs to ISI website...

CVE-2012-4858

IBM Cognos Business Intelligence BI 8.4.1 before IF1, 10.1 before IF2, 10.1.1 before IF2, and 10.2 before IF1 does not properly validate Java serialized input, which allows remote attackers to execute arbitrary commands via unspecified vectors...

CVE-2012-4840

IBM Cognos Business Intelligence BI 8.4.1 before IF1, 10.1 before IF2, 10.1.1 before IF2, and 10.2 before IF1 allows remote attackers to conduct XPath injection attacks, and call XPath extension functions, via unspecified vectors...

CVE-2012-4837

IBM Cognos Business Intelligence BI 8.4.1 before IF1, 10.1 before IF2, 10.1.1 before IF2, and 10.2 before IF1 allows remote authenticated users to conduct XPath injection attacks, and read arbitrary XML files, via unspecified vectors...

CVE-2012-2193

Cross-site scripting XSS vulnerability in Query Studio in IBM Cognos Business Intelligence BI 8.4.1 before IF1, 10.1 before IF2, 10.1.1 before IF2, and 10.2 before IF1 allows user-assisted remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2012-2177

Cross-site scripting XSS vulnerability in IBM Cognos Business Intelligence BI 8.4.1 before IF1, 10.1 before IF2, 10.1.1 before IF2, and 10.2 before IF1 allows user-assisted remote attackers to inject arbitrary web script or HTML via vectors related to the search feature...

Cross site scripting

Cross-site scripting XSS vulnerability in IBM Cognos Business Intelligence BI 8.4.1 before IF1, 10.1 before IF2, 10.1.1 before IF2, and 10.2 before IF1 allows user-assisted remote attackers to inject arbitrary web script or HTML via vectors related to the search feature...

CVE-2012-4835

Cross-site scripting XSS vulnerability in IBM Cognos Business Intelligence BI 8.4.1 before IF1, 10.1 before IF2, 10.1.1 before IF2, and 10.2 before IF1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2012-4836

Cross-site scripting XSS vulnerability in IBM Cognos Business Intelligence BI 8.4.1 before IF1, 10.1 before IF2, 10.1.1 before IF2, and 10.2 before IF1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted string that is not properly handled during rendering of...

CVE-2012-4840

IBM Cognos Business Intelligence BI 8.4.1 before IF1, 10.1 before IF2, 10.1.1 before IF2, and 10.2 before IF1 allows remote attackers to conduct XPath injection attacks, and call XPath extension functions, via unspecified vectors...

CVE-2012-4858

The CVE-2012-4858 issue affects IBM Cognos Business Intelligence (BI) 8.4.1 before IF1, 10.1 before IF2, 10.1.1 before IF2, and 10.2 before IF1, where Java serialized input is not properly validated. This allows a remote attacker to execute arbitrary commands via unspecified vectors. The connecte...

CVE-2012-4836

IBM Cognos BI CVE-2012-4836 describes a stored XSS vulnerability in IBM Cognos BI 8.4.1 (before IF1), 10.1 (before IF2), 10.1.1 (before IF2), and 10.2 (before IF1), where remote authenticated users can inject arbitrary web script or HTML via crafted input that is not properly sanitized during ren...

CVE-2012-4835

IBM Cognos BI is affected by CVE-2012-4835: a reflected cross-site scripting vulnerability in IBM Cognos BI versions 8.4.1 before IF1, 10.1 before IF2, 10.1.1 before IF2, and 10.2 before IF1 that allows remote attackers to inject arbitrary script via unspecified vectors. The vulnerability is disc...