Lucene search
K

3542 matches found

NVD
NVD
added 2010/09/03 8:0 p.m.14 views

CVE-2010-1325

Cross-site request forgery CSRF vulnerability in the apache2-slms package in SUSE Lifecycle Management Server SLMS 1.0 on SUSE Linux Enterprise SLE 11 allows remote attackers to hijack the authentication of unspecified victims via vectors related to improper parameter quoting. NOTE: some sources...

4.3CVSS7AI score0.0091EPSS
Exploits0References5
Prion
Prion
added 2010/09/03 8:0 p.m.18 views

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the apache2-slms package in SUSE Lifecycle Management Server SLMS 1.0 on SUSE Linux Enterprise SLE 11 allows remote attackers to hijack the authentication of unspecified victims via vectors related to improper parameter quoting. NOTE: some sources...

4.3CVSS7.6AI score0.0091EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2010/09/03 7:0 p.m.51 views

CVE-2010-1325

Summary (CVE-2010-1325) : A CSRF vulnerability affects the apache2-slms package in SUSE Lifecycle Management Server (SLMS) 1.0 on SUSE Linux Enterprise 11 . The issue arises from improper parameter quoting, enabling remote attackers to hijack the authentication of unspecified victims. The availab...

4.3CVSS7.2AI score0.0091EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2010/09/03 7:0 p.m.20 views

CVE-2010-1325

Cross-site request forgery CSRF vulnerability in the apache2-slms package in SUSE Lifecycle Management Server SLMS 1.0 on SUSE Linux Enterprise SLE 11 allows remote attackers to hijack the authentication of unspecified victims via vectors related to improper parameter quoting. NOTE: some sources...

7AI score0.0091EPSS
Exploits0References5
securityvulns
securityvulns
added 2010/08/11 12:0 a.m.75 views

Microsoft Security Bulletin MS10-053 - Critical Cumulative Security Update for Internet Explorer (2183461)

Microsoft Security Bulletin MS10-053 - Critical Cumulative Security Update for Internet Explorer 2183461 Published: August 10, 2010 Version: 1.0 General Information Executive Summary This security update resolves six privately reported vulnerabilities in Internet Explorer. The most severe...

9.3CVSS0.9AI score0.2752EPSS
Exploits0
securityvulns
securityvulns
added 2010/08/11 12:0 a.m.80 views

Microsoft Security Bulletin MS10-056 - Critical Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution (2269638)

Microsoft Security Bulletin MS10-056 - Critical Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution 2269638 Published: August 10, 2010 Version: 1.0 General Information Executive Summary This security update resolves four privately reported vulnerabilities in Microsoft Offic...

9.3CVSS1.5AI score0.39813EPSS
Exploits12
securityvulns
securityvulns
added 2010/08/03 12:0 a.m.503 views

Microsoft Security Bulletin MS10-046 - Critical Vulnerability in Windows Shell Could Allow Remote Code Execution (2286198)

Microsoft Security Bulletin MS10-046 - Critical Vulnerability in Windows Shell Could Allow Remote Code Execution 2286198 Published: August 02, 2010 Version: 1.0 General Information Executive Summary This security update resolves a publicly disclosed vulnerability in Windows Shell. The vulnerabili...

9.3CVSS1.7AI score0.91324EPSS
Exploits13
securityvulns
securityvulns
added 2010/06/09 12:0 a.m.140 views

Microsoft Security Bulletin MS10-039 - Important Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege (2028554)

Microsoft Security Bulletin MS10-039 - Important Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege 2028554 Published: June 08, 2010 Version: 1.0 General Information Executive Summary This security update resolves one publicly disclosed and two privately reported...

6.8CVSS0.2AI score0.28707EPSS
Exploits2
securityvulns
securityvulns
added 2010/05/11 12:0 a.m.105 views

Microsoft Security Bulletin MS10-031 - Critical Vulnerability in Microsoft Visual Basic for Applications Could Allow Remote Code Execution (978213)

Microsoft Security Bulletin MS10-031 - Critical Vulnerability in Microsoft Visual Basic for Applications Could Allow Remote Code Execution 978213 Published: May 11, 2010 Version: 1.0 General Information Executive Summary This security update resolves a privately reported vulnerability in Microsof...

9.3CVSS0.5AI score0.22364EPSS
Exploits1
ThreatPost
ThreatPost
added 2010/05/05 6:31 p.m.19 views

New Study Shows Nearly No Difference in Security of Web Frameworks

A new study by a Web security firm has found that despite the myriad differences in the common programming languages and frameworks deployed on the Web today, there is virtually no difference in their practical security and resistance to attack. The study, done by WhiteHat Security and based on...

0.5AI score
Exploits0References1
securityvulns
securityvulns
added 2010/02/10 12:0 a.m.80 views

Microsoft Security Bulletin MS10-006 - Critical Vulnerabilities in SMB Client Could Allow Remote Code Execution (978251)

Microsoft Security Bulletin MS10-006 - Critical Vulnerabilities in SMB Client Could Allow Remote Code Execution 978251 Published: February 09, 2010 Version: 1.0 General Information Executive Summary This security update resolves two privately reported vulnerabilities in Microsoft Windows. The...

9.3CVSS2.3AI score0.30879EPSS
Exploits4
ThreatPost
ThreatPost
added 2010/02/02 3:39 p.m.99 views

Microsoft Tries to Boost SDL Adoption

Microsoft is trying to boost adoption of the software security practices in its Security Development Lifecycle by releasing a revised set of instructions to make implementation of the process easier and faster. At the Black Hat DC conference on Tuesday, the company announced the release of its...

9.3CVSS0.2AI score0.99945EPSS
Exploits33References2
ThreatPost
ThreatPost
added 2009/11/24 7:41 p.m.6 views

Steve Lipner on the Microsoft SDL and Windows 7 Security

Dennis Fisher talks with Steve Lipner of Microsoft about the Security Development Lifecycle, changes in the threat modeling process and the security of Windows 7. Podcast audio courtesy of sykboy65 Subscribe to the Digital Underground podcast on...

1.1AI score
Exploits0References3
ThreatPost
ThreatPost
added 2009/11/12 7:8 p.m.60 views

Microsoft Pushes for Better Software Security Practices

WASHINGTON–Microsoft has spent several years and untold millions of dollars working on methods to write more secure and reliable software, and now the company is encouraging other organizations to make the same investment in software security. One of the outputs of the company’s software security...

9.3CVSS0.1AI score0.99945EPSS
Exploits33References1
ThreatPost
ThreatPost
added 2009/11/09 6:26 p.m.71 views

Microsoft to Give Security Guidelines for Agile

Microsoft will release on Tuesday guidelines for developers building online applications and for those using the Agile code-development process. The Agile guidelines apply principles from Microsoft’s Security Development Lifecycle SDL to Agile, an umbrella term for a development model frequently...

9.3CVSS1.4AI score0.99945EPSS
Exploits33References2
ThreatPost
ThreatPost
added 2009/11/02 6:4 p.m.12 views

Microsoft: High Vulnerability Count is Sign of Success

Microsoft Corp. pours more money into software security than any other major vendor both because it has to and because it can. Yet for all the investments in security, the number of vulnerabilities discovered in the company’s products has increased over the years, prompting questions over whether...

1.2AI score
Exploits0References2
Prion
Prion
added 2009/08/05 7:30 p.m.15 views

Design/Logic Flaw

Unspecified vulnerability in IBM Tivoli Key Lifecycle Manager TKLM 1.0 has unknown impact and attack vectors, related to a "password security vulnerability."...

10CVSS6.9AI score0.01446EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2009/08/05 7:0 p.m.16 views

CVE-2009-2667

Unspecified vulnerability in IBM Tivoli Key Lifecycle Manager TKLM 1.0 has unknown impact and attack vectors, related to a "password security vulnerability."...

6.4AI score0.01446EPSS
Exploits0References3
CVE
CVE
added 2009/08/05 7:0 p.m.44 views

CVE-2009-2667

Technical details for CVE-2009-2667 are not publicly available in the provided documents; no concrete affected products, versions, impact, or remediation are specified. Monitor for updates.

10CVSS6.5AI score0.01446EPSS
Exploits0References3Affected Software1
ThreatPost
ThreatPost
added 2009/05/21 6:52 p.m.7 views

Brad Arkin on Adobe's Quarterly Patch Updates, the JBIG2 Flaw and Secure Software Development

Dennis Fisher talks with Brad Arkin, director of product security and privacy at Adobe, about the company’s new quarterly patch release program, its Secure Product Lifecycle and how the JBIG2 flaw spurred major changes at Adobe. Download Subscribe to the Digital Underground podcast on Podcast aud...

1.1AI score
Exploits0References5
Rows per page
Query Builder