3943 matches found
Microsoft Releases November Security Bulletin
Microsoft has released updates to address vulnerabilities in Microsoft Windows as part of the Microsoft Security Bulletin Summary for November 2011. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or operate with elevated privileges...
CVE-2010-5045
Cross-site scripting XSS vulnerability in poll/default.asp in Smart ASP Survey allows remote attackers to inject arbitrary web script or HTML via the catid parameter...
Cross site scripting
Cross-site scripting XSS vulnerability in poll/default.asp in Smart ASP Survey allows remote attackers to inject arbitrary web script or HTML via the catid parameter...
CVE-2010-5045
CVE-2010-5045 is an XSS vulnerability in Smart ASP Survey, specifically in poll/default.asp via the catid parameter. The root cause is lack of input validation/escaping enabling remote script injection. Impact described as script/HTML execution in the victim’s browser; exploitation details (paylo...
CVE-2010-5045
Cross-site scripting XSS vulnerability in poll/default.asp in Smart ASP Survey allows remote attackers to inject arbitrary web script or HTML via the catid parameter...
Microsoft Invents New Way To Measure Online Safety (And Finds That Consumers Stink At It)
Computer users are taking steps to mitigate online security threats, but still only score a paltry 34 out of 100 – a solid “F” – according to a new study by Microsoft. The study, sponsored by Microsoft’s Trustworthy Computing Group TwC, introduces a new metric, the Microsoft Computing Safety Inde...
Apple Releases QuickTime 7.7.1
Apple has released QuickTime 7.7.1 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or obtain sensitive information. US-CERT encourages users and administrators to review Apple Support Article HT5016 a...
Cisco Releases Multiple Security Advisories
Cisco has released four security advisories to address vulnerabilities affecting Cisco Unified Contact Center, Cisco WebEx Player, Cisco Security Agent, and Cisco Unified Communication Manager. These vulnerabilities may allow an attacker to execute arbitrary code or obtain sensitive information...
Google Releases Chrome 15.0.874.102
Google has released Chrome 15.0.874.102 for Linux, Mac, Windows, and Chrome Frame to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review the Google Chrome Releases blog entry and update to...
Cisco Releases Two Security Advisories
Cisco has released two security advisories to address vulnerabilities affecting CiscoWorks Common Services and Cisco Show and Share. These vulnerabilities may allow an attacker to execute arbitrary code or bypass security restrictions. US-CERT encourages users and administrators to review Cisco...
Apple Releases iTunes 10.5
Apple has released iTunes 10.5 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition. US-CERT encourages users and administrators to review Apple article HT4981 and apply any necessary updates to help...
Apache HTTP Server Reverse Proxy Bypass
The Apache Foundation has issued a Security Advisory to address a vulnerability in Apache HTTP Server's reverse proxy mode. Exploitation of this vulnerability may allow a remote attacker to gain access to internal systems. US-CERT encourages users and administrators to review the Apache HTTP Serv...
LightNEasy 3.4.2 Multiple Vulnerabilities
Exploit for php platform in category web applications ========================================================================= LightNEasy 3.4.2 Multiple Vulnerabilities =========================================================================...
Social Media Use Tied to Increase in Malware Infections
With the use of social media platforms such as Twitter, Facebook and Google+ becoming more and more prevalent in the enterprise, companies are having to come to grips with additional security concerns that they bring with them. But, according to the results of a new survey of IT and security...
Cisco Releases Security Advisory for Cisco IOS Software Smart Install
Cisco has released a security advisory to address a vulnerability in the Cisco IOS Software Install feature running on Cisco Catalyst Switches. Exploitation of this vulnerability may allow remote code execution by an unauthenticated attacker. US-CERT encourages administrators to review Cisco...
SSL/TLS Protocol Vulnerability
US-CERT is aware of a vulnerability affecting the Secure Socket Layer SSL and Transport Layer Security TLS protocols. Exploitation of this vulnerability may allow an attacker to decrypt encrypted SSL/TLS traffic and obtain sensitive information. Microsoft has released Security Advisory 2588513 to...
CVE-2011-3774
php Easy Survey Package phpESP 2.1.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by public/landing.php and certain other files...
CVE-2011-3774
The CVE-2011-3774 entry affects php Easy Survey Package (phpESP) 2.1.1. The vulnerability is a remote information disclosure where a direct request to certain .php files (e.g., public/landing.php and similar) causes an error message that reveals the installation path. This detail is present in NV...
U.S. Geological Survey Website SQL Injection
Title: ====== U.S. Geological Survey Website - SQL Injection Vulnerability Date: ===== 2011-09-21 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=278 VL-ID: ===== 278 Introduction: ============= The United States Geological Survey USGS is a scientific agency of the Unit...
Adobe Releases Security Advisory for Adobe Flash Player
Adobe has released a security update for Adobe Flash Player to address multiple vulnerabilities. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, obtain sensitive information, cause a denial-of-service condition, or perform a cross-site scripting attack. Adob...