SEARCH RESULTS
 
Showing 1-10 of 41 records
 
Expand article

Advisory: CiscoWorks Arbitrary Code Execution Vulnerability

2008-05-29 01:56:52 by Dave Lewis in Liquidmatrix Security Digest
 
...Arbitrary Code Execution Vulnerability Release Date: 28 May 2008 Reference: LSD003-2008 Discover: Dave Lewis CVE Number: CVE-2008-2054 Vendor: Cisco Systems Systems Affected: CiscoWorks Common Services (various versions): Cisco Unified Operations Manager (CUOM), Cisco Unified Service Monitor (CUSM), CiscoWorks QoS Policy Manager (QPM),...
 
Tags: vulnerability, cisco, cisco systems, cisco advisory, cisco security manager, vulnerability exists due, execute arbitrary code, ciscoworks common services, security
 
 
 
 
Expand article

ShoutPro Vulnerability Currently Causing Issues For Websites

The Article has images
2008-06-26 10:22:27 by Christopher Boyd in SpywareGuide Greynets Blog
...arbitrary code Description ShoutPro 1.5.2 fails to fully sanitize user input ($shout) that it writes to the shouts.php file when adding a new message, this can result in the injection and execution of arbitrary php code Scope The vulnerability will in most cases allow an attacker to execute commands on the system, the issue may be further...
 
Tags: shoutpro, shoutbox, shoutbox recently due, shoutbox attacks, access, access files, files, shoutpro code, version
 
 
 
 
Expand article

Microsoft Office Snapshot Viewer ActiveX Control Vulnerability

2008-07-08 05:28:12 by CyberInsecure in CyberInsecure.com
 
...arbitrary files to arbitrary locations. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited
 
Tags: vulnerability, remote code execution, web page, remote, download arbitrary files, attacker, arbitrary locations, user views, exploit
 
 
 
 
Expand article

Coding Spyware and Malware for Hire

The Article has images
2008-07-22 03:52:14 by Dancho Danchev in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...arbitrary actions on the victim machine, whether recording data in the register, setting authentic hon-Pago, opening URL in your browser (it was done so to please with 90% punching)), apload arbitrary files on a server, even theoretically possible to form and grabing inzhekty in IE) has only to write the script zaebetes, vobschem lyuboye...
 
Tags: malware, malware author, malware authors, malware binaries, malware attacks, ftp, ftp user, collects, malware industry
 
 
 
 
Expand article

Security World: Apple releases security update 2007-009

2007-12-18 00:27:50 by Editor in Help Net Security - News
 
Today Apple released Security Update 2007-006 which addresses: Address Book Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code
 
Tags: address book impact, apple, arbitrary code, application termination, security, lead, website, maliciously, addresses
 
 
 
 
Expand article

Recent Symantec and IBM vulnerabilities, giblets, banned APIs and the SDL

2008-01-04 23:37:00 by sdl in The Security Development Lifecycle
 
...arbitrary code execution Could the SDL have caught this bug? Probably, either through fuzzing, code inspection or static-analysis. All of which are SDL requirements. With that said, integer overflows can be hard to spot. .SAM File Parser Vulnerability This bug is caused by an insecure call to lstrcpy In several places within the DLL, the...
 
Tags: linker sdl requirements, sdl requirements, ibm, sdl, requirements, symantec, bugs affect ibm, bugs, sdl refers
 
 
 
 
Expand article

Blue Box #74: 2008 Crystal Ball Edition, Asterisk and Trixbox vulnerabilities, top 10 lists, VoIP security trends for 2008 and more....

2008-01-08 16:42:40 by HASH0x8940138 in Blue Box: The VoIP Security Podcast
 
...arbitrary commands to execute trixbox CE audit tool official statement and fixes Audit Tool Change Plan Audit tool fix being pushed out tonight ComputerWorld: VoIP vulnerabilities increasing, but not exploits CRN : Top 9 VoIP Threats and Vulnerabilities (Sipera PR strikes again) points to CRN article: VoIP Threats, Vulnerabilities Abound...
 
Tags: trends, vulnerabilities, voip security trends, security, trixbox vulnerabilities, voip vulnerabilities, listener comment line, comment line, top
 
 
 
 
Expand article

Relay attacks on card payment: vulnerabilities and defences

2008-01-09 00:01:52 by Steven J. Murdoch in Light Blue Touchpaper
 
...arbitrary TCP streams over a browser Mifare Karsten Nohl and Henryk Plötz describe how they reverse-engineered the Mifare encryption algorithm, Crypto1, and the weaknesses they discovered Steam-Powered Telegraphy Jens Ohlig et al. demonstrate their Internet connected (but not quite steam-powered) Telex machine What can we do to counter the...
 
Tags: dns, security, cellphone jammer dns, security michael steil, talks, henryk pltz describe, chaos communication congress, annie machon describes, arbitrary tcp streams
 
 
 
 
Expand article

Blue Box #74: 2008 Crystal Ball Edition, Asterisk and Trixbox vulnerabilities, top 10 lists, VoIP security trends for 2008 and more....

2008-01-08 17:42:39 by Dan York in Blue Box: The VoIP Security Podcast
 
...arbitrary commands to execute trixbox CE audit tool official statement and fixes Audit Tool Change Plan Audit tool fix being pushed out tonight ComputerWorld: VoIP vulnerabilities increasing, but not exploits CRN : Top 9 VoIP Threats and Vulnerabilities (Sipera PR strikes again) points to CRN article: VoIP Threats, Vulnerabilities Abound...
 
Tags: trends, vulnerabilities, voip security trends, security, trixbox vulnerabilities, voip vulnerabilities, listener comment line, comment line, top