Lucene search
K

44 matches found

ThreatPost
ThreatPost
added 2017/03/15 4:59 p.m.11 views

Intel, Microsoft Announce New Bug Bounties

Intel announced its first bug bounty program, offering up to $30,000 to researchers who find critical vulnerabilities in its hardware. The invite-only program, which is being run on the HackerOne platform, was announced today at the CanSecWest conference in Vancouver. Intel said its software,...

0.4AI score
Exploits0References2
OSV
OSV
added 2016/08/09 8:58 a.m.10 views

MGASA-2016-0278 Updated firefox packages fix security vulnerability

Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox CVE-2016-2836, CVE-2016-5258, CVE-2016-5259, CVE-2016-5252,...

9.8CVSS7.3AI score0.04577EPSS
Exploits3References16
ThreatPost
ThreatPost
added 2016/08/05 4:49 p.m.47 views

PLC Blaster Worm Targets Industrial Control PLCs

LAS VEGAS – Security researchers at Black Hat USA described a proof-of-concept worm that targets weaknesses within automated industrial control systems used to manage critical infrastructure and manufacturing. The worm, according to OpenSource Security, has the capability to autonomously search f...

6.4CVSS1.6AI score0.01691EPSS
Exploits0References2
ThreatPost
ThreatPost
added 2016/03/17 3:7 p.m.8 views

Mitre Tackles Its Critics: Set To Revamp CVE Vulnerability Reporting

Mitre Corporation will introduce a new pilot program for classifying Common Vulnerabilities and Exposures CVE in the coming weeks. The move is in response to a backlash in the security community where some critics contend Mitre is failing to keep pace with a massive influx in the number of report...

7.1AI score
Exploits0References2
ThreatPost
ThreatPost
added 2013/05/29 9:52 p.m.27 views

Google Advocates 7 Days to Go Public with Critical Vulnerabilities

Two security engineers for Google say the company will now support researchers publicizing details of critical vulnerabilities under active exploitation just seven days after they’ve alerted a company. That new grace period leaves vendors dramatically less time to create and test a patch than the...

0.1AI score
Exploits0References1
The Hacker News
The Hacker News
added 2013/04/12 6:11 a.m.14 views

Hackers Probably Can't Hijack an Airplane with Software

An alarming dispatch from the Hack In The Box security conference in Amsterdam arrived on Wednesday: a hacker says he's found a way to take over airplane controls. That's probably not true. At least according to the Federal Aviation Administration FAA, the European Aviation Safety Administration...

7.2AI score
Exploits0
OSV
OSV
added 2011/06/21 2:52 a.m.8 views

CVE-2011-1753

expaterl.c in ejabberd before 2.1.7 and 3.x before 3.0.0-alpha-3, and exmpp before 0.9.7, does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service memory and CPU consumption via a crafted XML document containing a large number of neste...

6.8AI score
Exploits0References12
ThreatPost
ThreatPost
added 2011/05/05 6:46 a.m.17 views

Does Microsoft Need Bug Bounties?

The threats and attacks may have changed in the last decade, but one thing has remained constant: software giant Microsoft doesn’t pay for vulnerabilities. Never has. Never will. Even as rivals like Mozilla and Google have introduced bug bounty program, the Redmond Washington giant has stuck...

7.1AI score
Exploits0References6
ThreatPost
ThreatPost
added 2010/12/10 4:52 p.m.61 views

Week in Security: More Wikileaks Fallout, Cybersecurity Buzz and Browser Updates

The words “cyber war” were in the headlines this week, as controversy and debate about the leak of confidential diplomatic cables by Wikileaks reached a fever pitch. As speculation turned to the fallout from the ongoing publication of documents, the U.S. government laid the groundwork to prevent...

6.7AI score
Exploits0References12
ThreatPost
ThreatPost
added 2010/11/19 4:21 p.m.11 views

Week in Security: Scarily Tenacious Rootkits, Stuxnet's Secrets and Cisco Flaws

The news this week revolved around complex and troublesome threats, notably two rootkits, TDL4 and ZeroAccess. Stuxnet reared its head once again as did a new problem with Cisco’s popular videoconferencing software. Read on for the full week in review. In our most popular story of the week, we...

0.4AI score
Exploits0References13
ThreatPost
ThreatPost
added 2010/08/22 8:1 p.m.28 views

Why Vulnerability Research Matters

It seems that any time there’s a high-profile incident in which a vulnerability is disclosed without a patch being available, there is an immediate and loud call from some corners to abolish the practice of vulnerability research. If researchers weren’t spending their days poking holes in softwar...

6.7AI score
Exploits0References6
ThreatPost
ThreatPost
added 2010/07/22 8:54 p.m.70 views

Microsoft Says No to Paying Bug Bounties

Microsoft has no plans to follow in the footsteps of Mozilla and Google and pay researchers cash rewards for the bugs that they find in Microsoft’s products. In the wake of both Mozilla and Google significantly increasing their bug bounties to the $3,000 range, there have been persistent rumors i...

9.3CVSS1AI score0.99945EPSS
Exploits33References3
ThreatPost
ThreatPost
added 2009/12/23 9:6 p.m.8 views

OpenX Ad Serving SW Attacked

Hackers have exploited flaws in a popular open-source advertising software to place malicious code on advertisements on several popular Web sites over the past week. Read the full article. Computerworld...

3.7AI score
Exploits0References2
ThreatPost
ThreatPost
added 2009/11/11 3:24 a.m.6 views

Web Security Flaws Up 10% in 2009

Almost 80% of more than 3,000 software security flaws publicly reported so far this year have been in Web technologies such as Web servers, applications, plugins and Web browsers. That number is about 10% higher than the number of flaws reported in the same period last year — and nine out of 10 o...

1.8AI score
Exploits0References2
OSV
OSV
added 2007/05/26 12:0 a.m.5 views

DTSA-38-1 qemu - several vulnerabilities

Bulletin has no description...

7.2CVSS6.3AI score0.00493EPSS
Exploits0
securityvulns
securityvulns
added 2004/11/16 12:0 a.m.105 views

Skype buffer overflow

callto: URL buffer overflow...

3.4AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2004/05/29 12:0 a.m.30 views

JPortal SQL Injects

Jportal is a portal system, quite commonly used: Google Results 1 - 10 of about 56,100 for "powered by jportal". 0.22 seconds Homepage: http://jportal2.com/ I've read its code and found: in module/print.inc.php: function artprint .... $query = "SELECT FROM $arttbl WHERE id=$id"; ... What to say? ...

7.2AI score
Exploits0
securityvulns
securityvulns
added 2004/05/11 12:0 a.m.36 views

[waraxe-2004-SA#028 - Multiple vulnerabilities in NukeJokes module for PhpNuke]

================================================================================ waraxe-2004-SA028 ================================================================================ Multiple vulnerabilities in NukeJokes module for PhpNuke...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2001/03/11 12:0 a.m.31 views

Дырки в IBM NetCommerce

Сочетание большого числа дырок в различных продуктах входящих в состав сервера...

0.7AI score
Exploits0References4Affected Software1
securityvulns
securityvulns
added 2000/07/14 12:0 a.m.26 views

Дырка в MiniVend

Классические дырки в демонстрационном web-скрипте...

0.5AI score
Exploits0Affected Software1
Rows per page
Query Builder