Смотрите также связанные темы
08.11.2018 CVE-2015-1989
SQL injection vulnerability in IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
18.08.2018 CVE-2008-3703
The management console in the Volume Manager Scheduler Service (aka VxSchedService.exe) in Symantec Veritas Storage Foundation for Windows (SFW) 5.0, 5.0 RP1a, and 5.1 accepts NULL NTLMSSP authentication, which allows remote attackers to execute arbitrary code via requests to the service socket that create"snapshots schedules"registry values specifying future command execution. NOTE: this issue exists because of an incomplete fix for CVE-2007-2279.
05.09.2018 Achieving Enterprise Compliance Validation with SCAP
McAfee achieved a milestone last week when Policy Auditor received its Secure Content Automation Protocol (SCAP) Certification as a Federal Desktop Core Configuration (FDCC) Scanner, an Authenticated Configuration Scanner and an Authenticated Vulnerability and Patch Scanner.
What is SCAP and why was achieving a NIST SCAP certification a milestone? First the NIST Security Content Automation Protocol [...]
10.09.2018 CVE-2008-3012
gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 does not properly perform memory allocation, which allows remote attackers to execute arbitrary code via a malformed EMF image file, aka "GDI+ EMF Memory Corrupt...
26.09.2018 Британцы сдают свой пароль за пять фунтов
Опрос Symantec показал, что собственная халатность в вопросах безопасности не мешает гражданам критиковать компании, допустившие утечки данных. Далее
24.10.2018 Corporate News: Kaspersky Lab strongly recommends installing new Windows update
Kaspersky Lab, a leading developer of secure content management solutions, is notifying computer users about the need to install the Windows operating system update MS08-067 (http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx). The vulnerability that this new update patches is a...
13.01.2018 CVE-2007-1793
SPBBCDrv.sys in Symantec Norton Personal Firewall 2006 9.1.0.33 and 9.1.1.7 does not validate certain arguments before being passed to hooked SSDT function handlers, which allows local users to cause a denial of service (crash) or possibly execute arbitrary code via crafted arguments to the (1) NtCreateMutant and (2) NtOpenEvent functions. NOTE: it was later reported that Norton Internet Security 2008 15.0.0.60, and possibly other versions back to 2006, are also affected.
22.01.2018 Your Most Prolific Vulnerability is Everywhere
I regularly pose the following question to customers: “What is the most prolific point of vulnerability in your company’s IT security?” Depending on who I am speaking with, I get different answers. System security folks refer to applications or PCs in general. Risk management teams may refer to the employees and cite education and awareness [...]
15.01.2018 CVE-2009-0125
** DISPUTED ** NOTE: this issue has been disputed by the upstream vendor. nasl/nasl_crypto2.c in the Nessus Attack Scripting Language library (aka libnasl) 2.2.11 does not properly check the return value from the OpenSSL DSA_do_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. NOTE: the upstream vendor has disputed this issue, stating "while we do misuse this function (this is a bug), it has absolutely no security ramification."
27.01.2018 CVE-2009-0304
The kernel in Sun Solaris 10 and 11 snv_101b, and OpenSolaris before snv_108, allows remote attackers to cause a denial of service (system crash) via a crafted IPv6 packet, related to an "insufficient validation security vulnerability," as demonstrated by SunOSipv6.c.
|
