Factbites
 Where results make sense
About us   |   Why use us?   |   Reviews   |   PR   |   Contact us  

Topic: Vulnerabilities


Related Topics

In the News (Tue 19 Mar 19)

  
  CVE - Common Vulnerabilities and Exposures (CVE)
CVE® International in scope and free for public use, CVE is a dictionary of publicly known information security vulnerabilities and exposures.
CVE's common identifiers enable data exchange between security products and provide a baseline index point for evaluating coverage of tools and services.
Use of the Common Vulnerabilities and Exposures List and the associated references from this Web site are subject to the Terms of Use.
www.cve.mitre.org   (246 words)

  
  The Secure Enterprise: Containing vulnerabilities
It reports the number of computer vulnerabilities for the first half of this year at 2,148 compared to 2,437 for all of 2001.
The money on vulnerability management is well spent, he adds, because information security is a priority for the firm, which holds hundreds of millions of dollars of members' savings.
Team members are notified whenever a vulnerability is found, and gather when an exploited vulnerability would have high impact on the company.
www.networkworld.com /supp/security2/vulnerable.html   (1751 words)

  
 M-066: Microsoft Cumulative Patch for IIS Vulnerabilities
An attacker who exploited this vulnerability could overrun heap memory on the system, with the result of either causing the IIS service to fail or allowing code to be run on the server.
This vulnerability is subject to exactly the same mitigating factors as the buffer overrun in the Chunked Encoding transfer, with one exception.
If the vulnerability were used in a denial of service attack, normal operation could be restored on an IIS 4.0 server by restarting the IIS service; on IIS 5.0 and higher, the service would automatically restart itself.
www.ciac.org /ciac/bulletins/m-066.shtml   (2892 words)

  
 Vulnerability (computing) - Wikipedia, the free encyclopedia
In computer security, the word vulnerability refers to a weakness in a system allowing an attacker to violate the integrity, confidentiality, access control, availability, consistency or audit mechanism of the system or the data and applications it hosts.
Vulnerabilities may result from bugs or design flaws in the system.
Vulnerabilities are of significant interest when the program containing the vulnerability operates with special privileges, performs authentication or provides easy access to user data or facilities (such as a network server or RDBMS).
en.wikipedia.org /wiki/Vulnerability_(computer_science)   (841 words)

  
 SecuriTeam™ - Linksys WRT54G Router Multiple Vulnerabilities (Buffer Overflow, Multiple Authentication Bypass, DoS)
Remote exploitation of a buffer overflow vulnerability in multiple versions of the firmware for WRT54G wireless router may allow unauthenticated execution of arbitrary commands as the root user.
Successful exploitation of this vulnerability would allow an unauthenticated user the ability to modify the configuration of the affected router, including the password.
The vulnerability exists in several of the "POST" method handlers of the HTTPd running on the router's internal interfaces, including by default the wireless interface.
www.securiteam.com /securitynews/5NP0D15GUE.html   (1797 words)

  
 CVE - Terminology
In an attempt to remain independent of the multiple perspectives of what a "vulnerability" is, the CVE identifies both "universal vulnerabilities" (i.e., those problems that are normally regarded as vulnerabilities within the contect of all reasonable security policies) and "exposures" (i.e., problems that are only violations of some reasonable security policies).
A "universal" vulnerability is one that is considered a vulnerability under any commonly used security policy which includes at least some requirements for minimizing the threat from an attacker.
Therefore, the term "universal vulnerability" is to be applied to those CVE entries which are considered vulnerabilities under any security policy (and thus by any perspective), and "exposure" is to be applied to the remaining CVE entries which include violations of some reasonable security policy.
cve.mitre.org /about/terminology.html   (947 words)

  
 Wired News: Firm Allegedly Hiding Cisco Bugs
The computer security researcher who revealed a serious vulnerability in the operating system for Cisco Systems routers this year says he discovered 15 additional flaws in the software that have gone unreported until now, one of which is more serious than the bug he made public last summer.
Lynn said that details about the vulnerabilities were also in notes and documents that ISS lawyers seized from him in July after he presented information about the first Cisco flaw at the Black Hat security conference in Las Vegas.
Noh was surprised by the news of the vulnerabilities and said his company encouraged security researchers to come to them with important information in a timely manner.
www.wired.com /news/technology/0,1282,69762,00.html?tw=rss.TOP   (850 words)

  
 frontline: cyber war!: how vulnerable are we? | PBS
By exploiting vulnerabilities in the control systems utility companies use to remotely monitor and manage their operations, U.S. cities could be fled out for extended periods of time.
Some of the most recent worms that have affected computers worldwide took advantage of software vulnerabilities that were previously known to manufacturers.
Although many companies maintain that they are doing their best to prevent and self-correct for inadvertent vulnerabilities, critics say the manufacturers should be held more accountable for software security.
www.pbs.org /wgbh/pages/frontline/shows/cyberwar/vulnerable   (515 words)

  
 'Extremely Critical' Bugs Found In Firefox - Security Technology News by TechWeb   (Site not responding. Last check: 2007-09-19)
The vulnerabilities were discovered by a pair of security researchers, who had notified Mozilla earlier in the month, but were keeping mum until a patch was written.
However, details of the vulnerabilities were leaked by someone close to one of the researchers.
According to Danish security vendor Secunia, which tagged the bugs with a highest "extremely critical" warning -- the first time it's used that to describe a Firefox flaw -- a hacker can trick the browser into thinking a download is coming from one of the by-default sites permitted to install software automatically: addons.mozilla.org or update.mozilla.org.
www.techweb.com /wire/security/163100258   (730 words)

  
 Vulnerabilities   (Site not responding. Last check: 2007-09-19)
NISCC undertakes research into computer vulnerabilities or 'weaknesses' and augments this with extensive intelligence to determine the extent of threats to the Critical National Infrastructure from hostile and malevolent elements.
In the past there was greater exposure between the disclosure of a vulnerability and the patch becoming available.
Now, when a vulnerability is discovered, NISCC brokers an agreement with the 'finder' and vendors on disclosure dates and the release of the 'fix'.
www.niscc.gov.uk /niscc/vulnerabilities-en.html   (404 words)

  
 CERT Advisory CA-2002-03 Multiple Vulnerabilities in Many Implementations of the Simple Network Management Protocol ...
Vulnerabilities in the decoding and subsequent processing of SNMP messages by both managers and agents may result in denial-of-service conditions, format string vulnerabilities, and buffer overflows.
These vulnerabilities exist in all versions of SNMP (v1/v2c/v3) and can be used to cause SNMP implementations to behave in an unpredictable manner, resulting in denials of service or system failures.
Though we were affected with the vulnerabilities in our code, note this should not be viewed as a negative statement on SNMP protocol, as the latest packages from UC Davis and SNMP Research are not vulnerable to these exploits.
www.cert.org /advisories/CA-2002-03.html   (12071 words)

  
 SANS Institute - The Top 20 Most Critical Internet Security Vulnerabilities (Updated) - The Experts Consensus
Vulnerabilities in these services that implement these Operating System functionalities are one of the most common avenues for exploitation.
Scanning the web servers periodically with Vulnerability Scanners is your best bet since the number of vulnerabilities in PHP applications reported every week can be difficult to keep track of, and especially if you are running a large number of PHP-based applications on your servers.
Hence, even if all the vulnerabilities corrected via a cumulative patch are not of critical nature, the administrators are forced to apply the patches to correct a few critical issues.
www.sans.org /top20   (7227 words)

  
 Category:Vulnerability - OWASP
A vulnerability is a hole or a weakness in the application, which can be a design flaw or an implementation bug, that allows an attacker to cause harm to the stakeholders of an application.
The term "vulnerability" is often used very loosely.
You can read about the top vulnerabilities and download a paper that covers them in detail.
www.owasp.org /index.php/Category:Vulnerability   (300 words)

  
 US-CERT Technical Cyber Security Alert TA04-033A -- Multiple Vulnerabilities in Microsoft Internet Explorer
This vulnerability could allow a remote attacker to execute arbitrary script in a different domain, including the Local Machine Zone.
These vulnerabilities have different impacts, ranging from disguising the true location of a URL to executing arbitrary commands or code.
The attacker could exploit this vulnerability by convincing the user to access a specially crafted HTML document, such as a web page or HTML email message.
www.us-cert.gov /cas/techalerts/TA04-033A.html   (412 words)

  
 Top 10 External & Internal Vulnerabilities - Qualys
The Top 20 external and internal vulnerabilities are dynamic lists of the most prevalent and critical security vulnerabilities in the real world.
Based on the "Laws of Vulnerabilities", this information is computed anonymously from nearly 10 million vulnerability scans globally per quarter.
The Top 10 External Vulnerabilities are the most prevalent and critical vulnerabilities which have been identified on Internet facing systems.
www.qualys.com /security   (264 words)

  
 Firefox Vulnerabilities: The Official Word
Though widely adopted, IM is generally unprotected and unmonitored in consumer and enterprise environments, leaving it vulnerable to attacks and exploits.
Although there have been no reports of systems falling victim because of the vulnerabilities, the potential for cross-site scripting attacks prompted Secunia to slap an "extremely critical" rating on the bugs.
There are currently no known active exploits of these vulnerabilities although a "proof of concept" has been reported.
www.enterpriseitplanet.com /security/news/article.php/3503751   (815 words)

  
 Microsoft warns of 22 new security flaws | Tech News on ZDNet
A single computer would not be vulnerable to all the flaws, Toulouse added.
Oliver Friedrichs, senior director of Symantec's security response center, said three vulnerabilities could lead to a Sasser-like worm, but the danger is lessened by the fact that the vulnerable services are not started by default on most versions of Windows.
Microsoft has also re-released a patch from last month's graphics vulnerability, fixing a conflict with Windows XP Service Pack 2.
news.zdnet.com /2100-1009_22-5406550.html   (837 words)

  
 SecuriTeam™ - Tiny Personal Firewall 3.0 Denial of Service Vulnerabilities
These vulnerabilities could allow an attacker to crash the operating system consuming 100% of your CPU resources.
By simply port scanning the host with Tiny Personal Firewall 3.0 default install by sending multiple SYN, UDP, ICMP and TCP full Connect through all its ports and as the user browses its Personal Firewall Agent module firewall Log tab.
It is quite similar to the first one but this vulnerability comes in with the fully configured Tiny Personal Firewall 3.0 and Setting up the personal firewall to HIGH Security.
www.securiteam.com /windowsntfocus/5KP0P0A80C.html   (377 words)

  
 McAfee: Vulnerabilities still worst threat | Tech News on ZDNet   (Site not responding. Last check: 2007-09-19)
In its report covering security threats during the first quarter, McAfee's Anti-virus and Vulnerability Emergency Response Team (AVERT) said Monday that more than 1,000 new attacks aimed at software vulnerabilities emerged in the first three months of this year.
McAfee said that while software makers have improved their ability to respond to vulnerabilities as the flaws are discovered, it found that at least 50 percent of computers connected to the Internet remain improperly protected by product updates or patches.
And in addition to more traditional vulnerability hacks, through which people might try to steal items like valuable corporate data, McAfee said that criminals are getting more sophisticated with the sort of schemes they devise.
news.zdnet.com /2100-1009_22-5683272.html   (961 words)

  
 Mozilla Multiple Vulnerabilities - Advisories - Secunia
Details have been released about several vulnerabilities in Mozilla, Mozilla Firefox, and Thunderbird.
Further exploitation can in combination with another unspecified vulnerability lead to execution of arbitrary code.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
secunia.com /advisories/12526   (640 words)

  
 eEye Digital Security - Research
The eEye Digital Security Research Team is dedicated to finding and educating the public about new and existing security vulnerabilities.
This advisory information does not contain any "exploit" or "payload" code and is intended solely as technical, in-depth analysis of the various vulnerabilities discovered by the eEye Research Team.
This advisory information provided adheres to eEye's responsible disclosure policy and supports the Company's goal to eliminate security vulnerabilities within computing networks.
research.eeye.com /html/advisories/published/index.html   (298 words)

  
 Hardened-PHP Project - PHP Security - Advisory 01/2004
local attacker could use this vulnerability in combination with
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
easy to exploit unserialize() vulnerability to remote attackers.
www.hardened-php.net /advisories/012004.txt   (502 words)

  
 US-CERT Vulnerability Notes
Unfortunately, it is difficult to establish a metric ranking the severity of a vulnerability that is appropriate for all systems.
You can also customize database queries to obtain specific information, such as the ten most recently updated vulnerabilities or the twenty vulnerabilities with the largest metric score.
The US-CERT Vulnerability Notes database is cross-referenced with the Common Vulnerabilities and Exposures (CVE) catalog.
www.kb.cert.org /vuls   (391 words)

  
 Mozilla Foundation Security Advisories
All of these vulnerabilities have been fixed prior to the most recent release.
High: Vulnerability can be used to gather sensitive data from sites in other windows or inject data or code into those sites, requiring no more than normal browsing actions.
Moderate: Vulnerabilities that would otherwise be High or Critical except they only work in uncommon non-default configurations or require the user to perform complicated and/or unlikely steps.
www.mozilla.org /projects/security/known-vulnerabilities.html   (2742 words)

Try your search on: Qwika (all wikis)

Factbites
  About us   |   Why use us?   |   Reviews   |   Press   |   Contact us  
Copyright © 2005-2007 www.factbites.com Usage implies agreement with terms.