SEARCH RESULTS
 
Showing 1-10 of 54 records
 
Expand article

Show 010 - A Panel Discussion with Fortify Softwares Technical Advisory Board

The Article has images The Article has audio podcast
2007-01-22 19:59:59 by rmacmich in The Silver Bullet Security Podcast
...Advisory Board , several of whom have been featured on previous episodes. The group discusses what commercial software tools can learn from academic research, the state of software security in China, real world lessons learned while using static analysis tools, and software security pedagogy Participating members of the Technical Advisory...
 
Tags: software security, software security pedagogy, security, computer security, security products trainer, professor, static analysis tools, static analysis, tenable network security
 
 
 
 
Expand article

Advisory: CiscoWorks Arbitrary Code Execution Vulnerability

2008-05-29 01:56:52 by Dave Lewis in Liquidmatrix Security Digest
 
...Advisory http://www.cisco.com/en/US/products/products security advisory09186a00809a1f14.shtml I would like to thank Cisco for their professional response to this issue Liquidmatrix Security Digest http://www.liquidmatrix.org/blog 2255B Queen Street East suite 156 Toronto, Ontario Canada M4E 1G3
 
Tags: vulnerability, cisco, cisco systems, cisco advisory, cisco security manager, vulnerability exists due, execute arbitrary code, ciscoworks common services, security
 
 
 
 
Expand article

Recent Symantec and IBM vulnerabilities, giblets, banned APIs and the SDL

2008-01-04 23:37:00 by sdl in The Security Development Lifecycle
 
...advisory warning users of critical remote code-execution security vulnerabilities in various Symantec email security products. The bugs caught my eye for a number of reasons First and foremost, security bugs in security products are always of great interest and concern to me, because customers use security technology to defend themselves from...
 
Tags: linker sdl requirements, sdl requirements, ibm, sdl, requirements, symantec, bugs affect ibm, bugs, sdl refers
 
 
 
 
Expand article

Massive Coordinated Patch Effort To DNS System Flaw

2008-07-08 17:56:25 by Editor in Cheap Hack
 
...advisory on the problem describes three problems which, research has shown, can be combined into effective spoofing attacks VU#484649 - Microsoft Windows DNS Server vulnerable to cache poisoning VU#252735 - ISC BIND generates cryptographically weak DNS query IDs VU#927905 - BIND version 8 generates cryptographically weak DNS query identifiers...
 
Tags: microsoft monthly patches, microsoft, dns servers, isc bind, isc, servers, attacks, internet systems consortium, status
 
 
 
 
Expand article

BlackBerry PDF Distiller Vulnerability

2008-07-15 21:36:34 by Editor in Cheap Hack
 
...advisory is somewhat unclear as to whether the BlackBerry device is itself vulnerable; more likely it is the server on which the BlackBerry Attachment Service runs that can be compromised by a malicious PDF file. This service has been compromised in the past by malicious files, as its job is to parse a wide variety of file formats, a task...
 
Tags: blackberry, pdf, reads pdf files, pdf files, blackberry device, blackberry enterprise server, blackberry attachment service, attachment service, distiller
 
 
 
 
Expand article

BlackBerry PDF Distiller Vulnerability

2008-07-15 21:36:34 by Editor in Cheap Hack
 
...advisory is somewhat unclear as to whether the BlackBerry device is itself vulnerable; more likely it is the server on which the BlackBerry Attachment Service runs that can be compromised by a malicious PDF file. This service has been compromised in the past by malicious files, as its job is to parse a wide variety of file formats, a task...
 
Tags: blackberry, pdf, reads pdf files, pdf files, blackberry device, blackberry enterprise server, blackberry attachment service, attachment service, distiller
 
 
 
 
Expand article

Massive Patch Effort Coordinated for DNS System Flaw

2008-07-08 17:56:25 by Editor in Cheap Hack
 
...advisory on the subject describes three problems that, research has shown, can be combined into effective spoofing attacks VU#484649 - Microsoft Windows DNS Server vulnerable to cache poisoning VU#252735 - ISC BIND generates cryptographically weak DNS query IDs VU#927905 - BIND Version 8 generates cryptographically weak DNS query identifiers...
 
Tags: microsoft monthly patches, microsoft, dns servers, isc bind, isc, servers, attacks, internet systems consortium, status
 
 
 
 
Expand article

The Bitrix open redirect vulnerability: a lesson in the absurd

2008-07-22 23:00:00 by Russ McRee in HolisticInfoSec.org
 
...advisory for the Bitrix vulnerability 5) As a reference, en.securitylab.ru links to my original advisory USING THE EXACT SAME VULNERABLE REDIRECT SCRIPT http://en.securitylab.ru/bitrix/redirect.php?event3=352513 goto=http://holisticinfosec.org/content/view/62/45 To this day, neither the vendor's site, nor Security Lab's site have been...
 
Tags: vulnerability, redirect, redirect vulnerability, cve vulnerability advisory, redirect vulnerabilities, bitrix site manager, site, issue, secure issue
 
 
 
 
Expand article

BlackBerry PDF Distiller Vulnerability

2008-07-15 21:36:34 by Editor in Cheap Hack
 
...advisory is somewhat unclear as to whether the BlackBerry device is itself vulnerable; more likely it is the server on which the BlackBerry Attachment Service runs that can be compromised by a malicious PDF file. This service has been compromised in the past by malicious files, as its job is to parse a wide variety of file formats, a task...
 
Tags: blackberry, pdf, reads pdf files, pdf files, blackberry device, blackberry enterprise server, blackberry attachment service, attachment service, distiller