VUPEN Security Research - Adobe Acrobat and Reader "newfunction" Memory Corruption Vulnerability (CVE-2010-2168)

VUPEN Security Research - Adobe Acrobat and Reader "newfunction" Memory Corruption Vulnerability CVE-2010-2168 http://www.vupen.com/english/research.php I. BACKGROUND --------------------- "Adobe Acrobat and Reader are the global standards for electronic document sharing. They are used to create,...

Researcher to Release Hacker Footprint Tool

A researcher at Black Hat USA next month plans to give away a homemade tool that helps organizations glean intelligence about the attacker behind the malware that includes information about native tongue, geographic location, and ties to other attacks. Read the full article. Dark Reading...

IBM Cognos Server Backdoor Account Remote Code Execution (CVE-2010-0557)

IBM Cognos Express is an integrated business intelligence BI and planning solution developed for midsized companies. It provides reporting, analysis, dashboard, scorecard, planning, budgeting and forecasting capabilities. A remote code execution vulnerability has been reported in IBM Cognos...

Friending HR: A Rich and Mineable Source of Intelligence

One of the most common complaints I hear from information security executives in large organizations is that they are constantly playing defense, not offense. Their network security apparatus is designed to wait for an attack, see if it’s successful and, if it is, to plug the hole, then repeat. T...

CVE-2010-1490

Unspecified vulnerability in IBM Cognos 8 Business Intelligence before 8.4.1 FP1 has unknown impact and attack vectors...

Code injection

Unspecified vulnerability in IBM Cognos 8 Business Intelligence before 8.4.1 FP1 has unknown impact and attack vectors...

CVE-2010-1490

Unspecified vulnerability in IBM Cognos 8 Business Intelligence before 8.4.1 FP1 has unknown impact and attack vectors...

VUPEN Security Research - Adobe Acrobat and Reader GIF Data Buffer Overflow Vulnerability

VUPEN Security Research - Adobe Acrobat and Reader GIF Data Buffer Overflow Vulnerability http://www.vupen.com/english/research.php I. BACKGROUND --------------------- "Adobe Acrobat and Reader are the global standards for electronic document sharing. They are used to create, view, search,...

Code injection

Unspecified vulnerability in the E-Business Intelligence component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.2 allows remote authenticated users to affect integrity via unknown vectors...

Google Attack Was Tip of the Iceberg

The recent disclosure by Google, Adobe and other companies that their networks had been thoroughly compromised by attackers who may have been after their source code has prompted a tremendous amount of discourse both in the security community and in the general public about the political and...

Five Important Security Resolutions for Adobe

The year was 2001. Code Red, the Microsoft Web Server worm was running rampant and underscored every security professional’s perception that Microsoft products were both a necessary evil and a serious security liability. Fast-forward to nine years later. Microsoft products still contain more than...

Worms and Scareware Attacks on the Rise

Microsoft today released its biannual Security Intelligence Report which demonstrates some surprising conclusions about how the threat landscape is impacting enterprise networks. For example, the number of rogue security software infections, which experienced a high-profile scourge earlier this...

NSA to Run $1.5B Security Data Center

The National Security Agency is going to run a planned $1.5 billion data center in Utah that will serve as a support center for the government’s information security programs. The exact mission and function of the data center is a bit unclear, however. The NSA’s core mission is to collect and...

Obama Nominates DHS Intelligence Chief

President Barack Obama has nominated Caryn Wagner to be the Homeland Security Department s intelligence chief, a position that oversees information technology systems designed to share information with federal, state and local officials. If confirmed by the Senate, Wagner would direct DHS Office ...

Code injection

Unspecified vulnerability in the Business Intelligence Enterprise Edition component in unspecified Oracle Application Server versions allows remote attackers to affect integrity via unknown vectors...

Design/Logic Flaw

Unspecified vulnerability in the Business Intelligence Enterprise Edition component in Oracle Application Server 10.1.3.4.1 allows local users to affect confidentiality via unknown vectors...

CVE-2009-1999

Unspecified vulnerability in the Business Intelligence Enterprise Edition component in unspecified Oracle Application Server versions allows remote attackers to affect integrity via unknown vectors...

CVE-2009-1999

Unspecified vulnerability in the Business Intelligence Enterprise Edition component in unspecified Oracle Application Server versions allows remote attackers to affect integrity via unknown vectors...

CVE-2009-1990

CVE-2009-1990 affects Oracle Application Server BI Enterprise Edition (Business Intelligence Enterprise Edition component) in Oracle Application Server 10.1.3.4.1. The Oracle CPU/Oracle Application Server risk matrix lists this as a local vulnerability with confidentiality impact Partial and no e...

CVE-2009-1999

Oracle Application Server: CVE-2009-1999 affects the Business Intelligence Enterprise Edition component. The Oracle Application Server risk matrix lists a network-exploitable vulnerability with CVSS v2 base score 4.3 (Partial integrity impact). The vulnerability is described as an unspecified iss...