7 matches found
The vulnerability of software solutions that support the closing, consolidation, and reporting processes of IBM Cognos Controller and IBM Controller lies in the lack of authentication procedures. This allows attackers to bypass security restrictions and gain access to read and modify data.
The vulnerabilities of the software solutions that support the closing, consolidation, and reporting processes of IBM Cognos Controller and IBM Controller are related to deficiencies in the authentication process. Exploiting these vulnerabilities can allow an attacker to bypass security...
The vulnerability of software solutions that support the closing, consolidation, and reporting processes of IBM Cognos Controller and IBM Controller lies in improper verification of certificates. This allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of software solutions that support the closing, consolidation, and reporting processes of IBM Cognos Controller and IBM Controller is related to improper verification of certificates. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized...
GROWI vulnerable to cross-site scripting
Overview GROWI provided by WESEEK, Inc. contains a cross-site scripting vulnerability CWE-79. Yuji Tounai of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary...
Adventures in vulnerability reporting
Posted by Natalie Silvanovich, Project Zero At Project Zero, we spend a lot of time reporting security bugs to vendors. Most of the time, this is a fairly straightforward process, but we occasionally encounter challenges getting information about vulnerabilities into the hands of vendors. Since i...
Twitter Changes Abuse Reporting Process to Address Doxing
Twitter has revised and simplified its rules and process for reporting abusive behavior on the service, and users now have the ability to report people who are posting their personal information. The change essentially gives Twitter users a method to combat doxing, which is the process of dumping...
Yahoo Revamps Bug Bounty Vulnerability Rewards Program
Yahoo has promised to put the finishing touches on a new vulnerability reporting and rewards policy by Halloween after finding itself in the throes of a mini scandal this week over two $12.50 Yahoo company store discount codes handed out to one researcher in thanks for turning in a pair of...
Charlie Miller on Pwn2Own
Charlie Miller won his third consecutive Pwn2Own contest at the CanSecWest conference in Vancouver this week. In this video he talks about the contest, the state of Apple security and the bug-finding and reporting process...