44 matches found
Intel, Microsoft Announce New Bug Bounties
Intel announced its first bug bounty program, offering up to $30,000 to researchers who find critical vulnerabilities in its hardware. The invite-only program, which is being run on the HackerOne platform, was announced today at the CanSecWest conference in Vancouver. Intel said its software,...
MGASA-2016-0278 Updated firefox packages fix security vulnerability
Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox CVE-2016-2836, CVE-2016-5258, CVE-2016-5259, CVE-2016-5252,...
PLC Blaster Worm Targets Industrial Control PLCs
LAS VEGAS – Security researchers at Black Hat USA described a proof-of-concept worm that targets weaknesses within automated industrial control systems used to manage critical infrastructure and manufacturing. The worm, according to OpenSource Security, has the capability to autonomously search f...
Mitre Tackles Its Critics: Set To Revamp CVE Vulnerability Reporting
Mitre Corporation will introduce a new pilot program for classifying Common Vulnerabilities and Exposures CVE in the coming weeks. The move is in response to a backlash in the security community where some critics contend Mitre is failing to keep pace with a massive influx in the number of report...
Google Advocates 7 Days to Go Public with Critical Vulnerabilities
Two security engineers for Google say the company will now support researchers publicizing details of critical vulnerabilities under active exploitation just seven days after they’ve alerted a company. That new grace period leaves vendors dramatically less time to create and test a patch than the...
Hackers Probably Can't Hijack an Airplane with Software
An alarming dispatch from the Hack In The Box security conference in Amsterdam arrived on Wednesday: a hacker says he's found a way to take over airplane controls. That's probably not true. At least according to the Federal Aviation Administration FAA, the European Aviation Safety Administration...
CVE-2011-1753
expaterl.c in ejabberd before 2.1.7 and 3.x before 3.0.0-alpha-3, and exmpp before 0.9.7, does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service memory and CPU consumption via a crafted XML document containing a large number of neste...
Does Microsoft Need Bug Bounties?
The threats and attacks may have changed in the last decade, but one thing has remained constant: software giant Microsoft doesn’t pay for vulnerabilities. Never has. Never will. Even as rivals like Mozilla and Google have introduced bug bounty program, the Redmond Washington giant has stuck...
Week in Security: More Wikileaks Fallout, Cybersecurity Buzz and Browser Updates
The words “cyber war” were in the headlines this week, as controversy and debate about the leak of confidential diplomatic cables by Wikileaks reached a fever pitch. As speculation turned to the fallout from the ongoing publication of documents, the U.S. government laid the groundwork to prevent...
Week in Security: Scarily Tenacious Rootkits, Stuxnet's Secrets and Cisco Flaws
The news this week revolved around complex and troublesome threats, notably two rootkits, TDL4 and ZeroAccess. Stuxnet reared its head once again as did a new problem with Cisco’s popular videoconferencing software. Read on for the full week in review. In our most popular story of the week, we...
Why Vulnerability Research Matters
It seems that any time there’s a high-profile incident in which a vulnerability is disclosed without a patch being available, there is an immediate and loud call from some corners to abolish the practice of vulnerability research. If researchers weren’t spending their days poking holes in softwar...
Microsoft Says No to Paying Bug Bounties
Microsoft has no plans to follow in the footsteps of Mozilla and Google and pay researchers cash rewards for the bugs that they find in Microsoft’s products. In the wake of both Mozilla and Google significantly increasing their bug bounties to the $3,000 range, there have been persistent rumors i...
OpenX Ad Serving SW Attacked
Hackers have exploited flaws in a popular open-source advertising software to place malicious code on advertisements on several popular Web sites over the past week. Read the full article. Computerworld...
Web Security Flaws Up 10% in 2009
Almost 80% of more than 3,000 software security flaws publicly reported so far this year have been in Web technologies such as Web servers, applications, plugins and Web browsers. That number is about 10% higher than the number of flaws reported in the same period last year — and nine out of 10 o...
DTSA-38-1 qemu - several vulnerabilities
Bulletin has no description...
Skype buffer overflow
callto: URL buffer overflow...
JPortal SQL Injects
Jportal is a portal system, quite commonly used: Google Results 1 - 10 of about 56,100 for "powered by jportal". 0.22 seconds Homepage: http://jportal2.com/ I've read its code and found: in module/print.inc.php: function artprint .... $query = "SELECT FROM $arttbl WHERE id=$id"; ... What to say? ...
[waraxe-2004-SA#028 - Multiple vulnerabilities in NukeJokes module for PhpNuke]
================================================================================ waraxe-2004-SA028 ================================================================================ Multiple vulnerabilities in NukeJokes module for PhpNuke...
Дырки в IBM NetCommerce
Сочетание большого числа дырок в различных продуктах входящих в состав сервера...
Дырка в MiniVend
Классические дырки в демонстрационном web-скрипте...