Lucene search
K

3542 matches found

Saint
Saint
added 2012/09/13 12:0 a.m.41 views

HP Application Lifecycle Management XGO.ocx ActiveX SetShapeNodeType Method Vulnerability

Added: 09/13/2012 BID: 55272 OSVDB: 85152 Background HP Application Lifecycle Management ALM is a software product designed to manage the application lifecycle from requirements through readiness for delivery from a single repository, providing a consistent user experience and customizable...

7.6AI score
Exploits0
Saint
Saint
added 2012/09/13 12:0 a.m.27 views

HP Application Lifecycle Management XGO.ocx ActiveX SetShapeNodeType Method Vulnerability

Added: 09/13/2012 BID: 55272 OSVDB: 85152 Background HP Application Lifecycle Management ALM is a software product designed to manage the application lifecycle from requirements through readiness for delivery from a single repository, providing a consistent user experience and customizable...

7.6AI score
Exploits0
Saint
Saint
added 2012/09/13 12:0 a.m.21 views

HP Application Lifecycle Management XGO.ocx ActiveX SetShapeNodeType Method Vulnerability

Added: 09/13/2012 BID: 55272 OSVDB: 85152 Background HP Application Lifecycle Management ALM is a software product designed to manage the application lifecycle from requirements through readiness for delivery from a single repository, providing a consistent user experience and customizable...

7.6AI score
Exploits0
Zero Day Initiative
Zero Day Initiative
added 2012/08/29 12:0 a.m.18 views

(0Day) HP Application Lifecycle Management XGO.ocx ActiveX Control Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard Application Lifecycle Management. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...

7.5CVSS7.5AI score
Exploits0References1
ThreatPost
ThreatPost
added 2012/08/06 6:9 p.m.160 views

Microsoft Releases Attack Surface Analyzer Tool

Microsoft has released a public version of its internal Attack Surface Analyzer tool, which helps organizations identify changes to a system’s attack surface as new applications are added. The tool has been in beta for a few months, but this is the first official release. The Attack Surface...

9.3CVSS0.4AI score0.99945EPSS
Exploits33References1
ThreatPost
ThreatPost
added 2012/05/16 1:14 p.m.88 views

Microsoft's SDL Expands Beyond Redmond

It’s been more than 10 years now since Microsoft began the initiative that would eventually become Trustworthy Computing, and while the effects it’s had inside the company have been well documented, the utility and adoption of the Security Development Lifecycle by outside organizations and...

9.3CVSS8.8AI score0.99945EPSS
Exploits33References3
seebug.org
seebug.org
added 2012/02/13 12:0 a.m.23 views

Bugzilla jsonrpc.cgi 跨站请求伪造漏洞

BUGTRAQ ID: 51783 CVE ID: CVE-2012-0440 Bugzilla是一个开源的缺陷跟踪系统,它可以管理软件开发中缺陷的提交,修复,关闭等整个生命周期。 Bugzilla在jsonrpc.cgi的实现上存在CSRF安全漏洞,成功利用这些漏洞可允许攻击者劫持任意用户使用JSON-RPC API的身份验证请求。 0 Mozilla Bugzilla 4.x 厂商补丁: Mozilla ------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.mozilla.org/security/...

5.1CVSS6.4AI score0.0063EPSS
Exploits2
ThreatPost
ThreatPost
added 2012/02/08 12:48 p.m.12 views

Attackers Using Fake Google Analytics Code to Redirect Users to Black Hole Exploit Kit

Injecting malicious code into the HTML used on legitimate Web sites is a key part of the infection lifecycle for many attack crews, and they often disguise and obfuscate their code to make it more difficult to analyze or so it appears to be legitimate code. The latest instance of this technique h...

7.2AI score
Exploits0References5
securityvulns
securityvulns
added 2011/12/11 12:0 a.m.27 views

HP Application Lifestyle Management symbolic links vulnerability

Insecurty temporary files creation...

0.5AI score
Exploits0References1Affected Software1
ThreatPost
ThreatPost
added 2011/09/13 11:0 a.m.8 views

The Past, Present and Future of Software Security

Perhaps no segment of the security industry has evolved more in the last decade than the discipline of software security. At the start of the 2000s, software security was a small, arcane field that often was confused with security software. But several things happened in the early part of the...

Exploits0
ThreatPost
ThreatPost
added 2011/08/25 5:52 p.m.13 views

Microsoft Releases New Versions of Software Security Tools

Microsoft has released new versions of several of its software security tools, including its Threat Modeling Tool and a pair of fuzzers. All of the tools are part of the company’s Security Development Lifecycle program, which it has been sharing with external organizations for a few years now...

0.5AI score
Exploits0References4
OpenVAS
OpenVAS
added 2011/06/01 12:0 a.m.31 views

Nmap NSE net: dns-fuzz

This script launches a DNS fuzzing attack against any DNS server. The script induces errors into randomly generated but valid DNS packets. The packet template that we use includes one uncompressed and one compressed name. Use the 'dns-fuzz.timelimit' argument to control how long the fuzzing lasts...

7.2AI score
Exploits0
ThreatPost
ThreatPost
added 2011/05/04 3:28 p.m.13 views

Making an Application Security Program Succeed, Part Two

“Failure is only the opportunity to begin again, only this time more wisely,” is a quote attributed to legendary automaker Henry Ford. While it seemingly has nothing to do with secure application development, all you need to do is talk to a handful of enterprises who have tried to implement a...

7.1AI score
Exploits0References1
ThreatPost
ThreatPost
added 2011/03/31 4:24 p.m.12 views

Microsoft Cites Progress in SDL Report, Advocates More Adoption of ASLR, DEP

In the more than nine years since Bill Gates’s Trustworthy Computing email kicked off Microsoft’s comprehensive, company-wide security initiative, the company has not only committed a tremendous amount of money and resources to the project but also has been quite open and public about the process...

0.7AI score
Exploits0References3
ThreatPost
ThreatPost
added 2011/03/24 3:58 p.m.14 views

The Challenge of Starting an Application Security Program

Since organizations started opening their internal applications to the Web, a little more than a decade ago, it became clear that the security of those connected applications would be more complex – and critical to get right – than before. Unfortunately, through complacency, perhaps a feeling tha...

7.1AI score
Exploits0
ThreatPost
ThreatPost
added 2010/11/10 4:38 p.m.13 views

NSA: Our Development Methods Are in the Open Now

WASHINGTON–Despite its reputation for secrecy and technical expertise, the National Security Agency doesn’t have a set of secret coding practices or testing methods that magically make their applications and systems bulletproof. In fact, one of the agency’s top technical experts said that virtual...

7.1AI score
Exploits0References2
securityvulns
securityvulns
added 2010/11/10 12:0 a.m.616 views

Microsoft Security Bulletin MS10-087 - Critical Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2423930)

Microsoft Security Bulletin MS10-087 - Critical Vulnerabilities in Microsoft Office Could Allow Remote Code Execution 2423930 Published: November 09, 2010 Version: 1.0 General Information Executive Summary This security update resolves one publicly disclosed vulnerability and four privately...

9.3CVSS0.5AI score0.89497EPSS
Exploits21
Cent OS
Cent OS
added 2010/11/03 10:56 a.m.48 views

security update

CentOS Errata and Security Advisory CESA-2010:0817 Merged security bulletin from advisories: https://lists.centos.org/pipermail/centos-announce/2010-November/079303.html Affected packages: Upstream details at: https://access.redhat.com/errata/RHSA-2010:0817...

5.8AI score
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2010/10/06 12:0 a.m.13 views

RHEL 3 : redhat-release (EOL Notice) (RHSA-2010:0734)

This is the 1-month notification of the End Of Life plans for Red Hat Enterprise Linux 3. In accordance with the Red Hat Enterprise Linux Errata Support Policy, the regular 7 year life cycle of Red Hat Enterprise Linux 3 will end on October 31, 2010. After this date, Red Hat will discontinue the...

5.6AI score
Exploits0References3
exploitpack
exploitpack
added 2010/10/02 12:0 a.m.39 views

SmarterMail 7.2.3925 - LDAP Injection

SmarterMail 7.2.3925 - LDAP Injection Vendor: smartertools.com SmarterMail 7.x 7.2.3925 Date: 2010-10-01 Author : David Hoyt sqlhacker – Hoyt LLC Contact : [email protected] Home : http://cloudscan.me Dork : insite: SmarterMail Enterprise 7.2 Bug : LDAP Injection + Cross Site Scripting STORED Test...

5CVSS0.03134EPSS
Exploits13
Rows per page
Query Builder