Tripbit Secure Code Analizer 1.0 - Local fgets() Buffer Overrun

No description provided by source. source: http://www.securityfocus.com/bid/8028/info A buffer overrun has been discovered in Tripbit Secure Code Analizer when reading data from source files. The problem occurs due to an insecure use of the fgets function. This vulnerability could be triggered by...

Optomise System Ltd XSS / Information Disclosure

OPTOMISE SYSTEM Ltd UK Ministry of Defence and emergency services Full Directory Information Disclosure/ Persistent XSS / Time Line Vulnerability 04-11-2013 Security Advisory 07-11-2013 Ask About the Issues - Not Reponse 14-11-2013 Ask About the Issues- Not Response - Not Fixed 18-11-2013 Full...

Windows Service Trusted Path Privilege Escalation

This module exploits a logic flaw due to how the lpApplicationName parameter is handled. When the lpApplicationName contains a space, the file name is ambiguous. Take this file path as example: C:\program files\hello.exe; The Windows API will try to interpret this as two possible paths:...

IBM Report: Mobile Attacks, Phishing Attacks Mount in 2011

Spam volume is down, there are fewer unpatched software holes and oftware application developers did a better job of writing secure code over the last year. But IBM’s X-Force Trend and Risk Report still found plenty to worry about in 2011, according to a copy of the report released this week...

The Past, Present and Future of Software Security

Perhaps no segment of the security industry has evolved more in the last decade than the discipline of software security. At the start of the 2000s, software security was a small, arcane field that often was confused with security software. But several things happened in the early part of the...

It's Time to Move Away From the Build or Break Mentality

SAN FRANCISCO–The vulnerability disclosure and patching arms race that has developed in the last decade or so in the security industry has made life extremely difficult not just for the developers writing code, but also for the folks who are interested in helping to fix broken applications. A new...

Squashing Ants: The Dynamics of XSS Remediation

Is anyone else getting tired of hearing excuses from customers — and worse yet, the security community itself — about how hard it is to fix cross-site scripting XSS vulnerabilities? Oh, come on. Fixing XSS is like squashing ants, but some would have you believe it’s more like slaying dragons. I...

Taking Vendors to Task on Security Flaws

A loose consortium of security experts from more than 30 organizations today called on enterprises to exert more pressure on their software vendors to ensure that they use secure code development practices. Read the full article. Computerworld...

Tripbit Secure Code Analizer 1.0 - 'fgets()' Local Buffer Overrun

// source: https://www.securityfocus.com/bid/8028/info A buffer overrun has been discovered in Tripbit Secure Code Analizer when reading data from source files. The problem occurs due to an insecure use of the fgets function. This vulnerability could be triggered by a malicious source file...

Tripbit Secure Code Analizer 1.0 - fgets() Local Buffer Overrun

Tripbit Secure Code Analizer 1.0 - fgets Local Buffer Overrun // source: https://www.securityfocus.com/bid/8028/info A buffer overrun has been discovered in Tripbit Secure Code Analizer when reading data from source files. The problem occurs due to an insecure use of the fgets function. This...