Смотрите также связанные темы
15.08.2018 Protecting Endpoints is the Key to Security Control
Companies today realize that they need more than just good security controls. They must also address compliance with internal security policies and industry regulations. A combination of good security functions and compliance management improves security operations efficiency and maturity. Enterprises can simplify compliance by using a single management console to audit, verify and report on [...]
12.06.2018 Think you’re compliant? Can you prove it?
For years, enterprises have stretched their budgets and their IT staffs to comply with government regulations and created internal policies designed to protect customers and employees. Myriad point products and proprietary standards have sprung up, prolonging and complicating the audit process. The question these companies must now ask themselves now is “how can we prove [...]
24.01.2018 Changing the paradigm again…
In my travels and discussions with CIOs, CISOs and Risk & Compliance Officers, I hear time and again how companies struggle with a lack of time, resources and expertise when performing IT audits. I have a name for this condition - “audit fatigue,” where massive efforts are devoted to complete multiple IT security audits. Also, [...]
28.01.2018 Security Vulnerabilities in the Solaris lpadmin(1M) and ppdmgr(1M) Utilities May Lead to a Denial of Service (DoS) Condition
Security vulnerabilities in the Solaris lpadmin(1M) and the ppdmgr(1M) print utilities may, under specific circumstances, allow local unprivileged users to cause a Denial of Service (DoS) to certain system services or to the system as a whole.
17.02.2018 CVE-2009-0611
Multiple cross-site scripting (XSS) vulnerabilities in qfsearch/AdminServlet in QuickFinder Server in Novell Open Enterprise Server 1.x allow remote attackers to inject arbitrary web script or HTML via (1) the siteloc parameter in a displayaddsite action, the site parameter in a (2) generalproperties or (3) clusterserviceproperties action, (4) the adminurl parameter in a global action, or (5) the print-list parameter.
04.03.2018 CVE-2009-0821
Mozilla Firefox 2.0.0.20 and earlier allows remote attackers to cause a denial of service (application crash) via nested calls to the window.print function, as demonstrated by a window.print(window.print()) in the onclick attribute of an INPUT element.
20.04.2018 CVE-2009-1343
Cross-site scripting (XSS) vulnerability in the Print (aka Printer, e-mail and PDF versions) module 5.x before 5.x-4.5 and 6.x before 6.x-1.5, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via content titles.
07.06.2018 CVE-2009-1962
Xfig in Debian GNU/Linux, possibly 3.2.5, allows local users to read and write arbitrary files via a symlink attack on the (1) xfig-eps[PID], (2) xfig-pic[PID].pix, (3) xfig-pic[PID].err, (4) xfig-pcx[PID].pix, (5) xfig-xfigrc[PID], (6) xfig[PID], (7) xfig-print[PID], (8) xfig-export[PID].err, (9) xfig-batch[PID], (10) xfig-exp[PID], or (11) xfig-spell.[PID] temporary files, where [PID] is a process ID.
12.12.2018 Novell File Reporter Agent XML Parsing Remote Code Execution Vulnerability (0day)
# wwww.abysssec.com # Novell File Reporter Agent XML Parsing Remote Code Execution Vulnerability (0day) # CVE-2012-4959 # @abysssec # well just one more of our 0day got published after ~2 year # here is info : https://community.rapid7.com/community/metasploit/blog/2012/11/16/nfr-agent-buffer-vulnerabilites-cve-2012-4959 # and here is our exploit import httplib, md5, sys def message_MD5(arg): v = "SRS" + arg + "SERVER" m = md5.new(v) return m.hexdigest() def g...
07.03.2018 Множественные уязвимости в Xerox FreeFlow Print Server
Удаленный пользователь может скомпрометировать целевую систему.
|
