3542 matches found
HP Application Lifecycle Management XGO.ocx ActiveX SetShapeNodeType Method Vulnerability
Added: 09/13/2012 BID: 55272 OSVDB: 85152 Background HP Application Lifecycle Management ALM is a software product designed to manage the application lifecycle from requirements through readiness for delivery from a single repository, providing a consistent user experience and customizable...
HP Application Lifecycle Management XGO.ocx ActiveX SetShapeNodeType Method Vulnerability
Added: 09/13/2012 BID: 55272 OSVDB: 85152 Background HP Application Lifecycle Management ALM is a software product designed to manage the application lifecycle from requirements through readiness for delivery from a single repository, providing a consistent user experience and customizable...
HP Application Lifecycle Management XGO.ocx ActiveX SetShapeNodeType Method Vulnerability
Added: 09/13/2012 BID: 55272 OSVDB: 85152 Background HP Application Lifecycle Management ALM is a software product designed to manage the application lifecycle from requirements through readiness for delivery from a single repository, providing a consistent user experience and customizable...
(0Day) HP Application Lifecycle Management XGO.ocx ActiveX Control Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard Application Lifecycle Management. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...
Microsoft Releases Attack Surface Analyzer Tool
Microsoft has released a public version of its internal Attack Surface Analyzer tool, which helps organizations identify changes to a system’s attack surface as new applications are added. The tool has been in beta for a few months, but this is the first official release. The Attack Surface...
Microsoft's SDL Expands Beyond Redmond
It’s been more than 10 years now since Microsoft began the initiative that would eventually become Trustworthy Computing, and while the effects it’s had inside the company have been well documented, the utility and adoption of the Security Development Lifecycle by outside organizations and...
Bugzilla jsonrpc.cgi 跨站请求伪造漏洞
BUGTRAQ ID: 51783 CVE ID: CVE-2012-0440 Bugzilla是一个开源的缺陷跟踪系统,它可以管理软件开发中缺陷的提交,修复,关闭等整个生命周期。 Bugzilla在jsonrpc.cgi的实现上存在CSRF安全漏洞,成功利用这些漏洞可允许攻击者劫持任意用户使用JSON-RPC API的身份验证请求。 0 Mozilla Bugzilla 4.x 厂商补丁: Mozilla ------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.mozilla.org/security/...
Attackers Using Fake Google Analytics Code to Redirect Users to Black Hole Exploit Kit
Injecting malicious code into the HTML used on legitimate Web sites is a key part of the infection lifecycle for many attack crews, and they often disguise and obfuscate their code to make it more difficult to analyze or so it appears to be legitimate code. The latest instance of this technique h...
HP Application Lifestyle Management symbolic links vulnerability
Insecurty temporary files creation...
The Past, Present and Future of Software Security
Perhaps no segment of the security industry has evolved more in the last decade than the discipline of software security. At the start of the 2000s, software security was a small, arcane field that often was confused with security software. But several things happened in the early part of the...
Microsoft Releases New Versions of Software Security Tools
Microsoft has released new versions of several of its software security tools, including its Threat Modeling Tool and a pair of fuzzers. All of the tools are part of the company’s Security Development Lifecycle program, which it has been sharing with external organizations for a few years now...
Nmap NSE net: dns-fuzz
This script launches a DNS fuzzing attack against any DNS server. The script induces errors into randomly generated but valid DNS packets. The packet template that we use includes one uncompressed and one compressed name. Use the 'dns-fuzz.timelimit' argument to control how long the fuzzing lasts...
Making an Application Security Program Succeed, Part Two
“Failure is only the opportunity to begin again, only this time more wisely,” is a quote attributed to legendary automaker Henry Ford. While it seemingly has nothing to do with secure application development, all you need to do is talk to a handful of enterprises who have tried to implement a...
Microsoft Cites Progress in SDL Report, Advocates More Adoption of ASLR, DEP
In the more than nine years since Bill Gates’s Trustworthy Computing email kicked off Microsoft’s comprehensive, company-wide security initiative, the company has not only committed a tremendous amount of money and resources to the project but also has been quite open and public about the process...
The Challenge of Starting an Application Security Program
Since organizations started opening their internal applications to the Web, a little more than a decade ago, it became clear that the security of those connected applications would be more complex – and critical to get right – than before. Unfortunately, through complacency, perhaps a feeling tha...
NSA: Our Development Methods Are in the Open Now
WASHINGTON–Despite its reputation for secrecy and technical expertise, the National Security Agency doesn’t have a set of secret coding practices or testing methods that magically make their applications and systems bulletproof. In fact, one of the agency’s top technical experts said that virtual...
Microsoft Security Bulletin MS10-087 - Critical Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2423930)
Microsoft Security Bulletin MS10-087 - Critical Vulnerabilities in Microsoft Office Could Allow Remote Code Execution 2423930 Published: November 09, 2010 Version: 1.0 General Information Executive Summary This security update resolves one publicly disclosed vulnerability and four privately...
security update
CentOS Errata and Security Advisory CESA-2010:0817 Merged security bulletin from advisories: https://lists.centos.org/pipermail/centos-announce/2010-November/079303.html Affected packages: Upstream details at: https://access.redhat.com/errata/RHSA-2010:0817...
RHEL 3 : redhat-release (EOL Notice) (RHSA-2010:0734)
This is the 1-month notification of the End Of Life plans for Red Hat Enterprise Linux 3. In accordance with the Red Hat Enterprise Linux Errata Support Policy, the regular 7 year life cycle of Red Hat Enterprise Linux 3 will end on October 31, 2010. After this date, Red Hat will discontinue the...
SmarterMail 7.2.3925 - LDAP Injection
SmarterMail 7.2.3925 - LDAP Injection Vendor: smartertools.com SmarterMail 7.x 7.2.3925 Date: 2010-10-01 Author : David Hoyt sqlhacker – Hoyt LLC Contact : [email protected] Home : http://cloudscan.me Dork : insite: SmarterMail Enterprise 7.2 Bug : LDAP Injection + Cross Site Scripting STORED Test...