Microsofts Patch Fix Critical Vulnerabilities In IE And Office
...CVE-2008-2254, CVE-2008-2255, CVE-2008-2256, CVE-2008-2257, CVE-2008-2259 and CVE-2008-2258: These patches fix
SEARCH RESULTS
 |  |
 |  |
 |  |
 |
Showing 1-10 of 21 records
| |
| |
| |
|
SQL Server - Fact Checking Recent Vulnerability History
...CVE-2004-1560. This one was disclosed in Sep-04 and only affected SQL Server 7
CVE-2007-5090. This one was disclosed in Sep-07 and is actually a vulnerability in IBM Rational ClearQuest
CVE-2007-4814. Disclosed in Sep-07, this is a vuln in client side control sqldmo.dll 2000.085.2004.00. I can't tell for sure, but this looks like a SQL 2000...
| |
| |
| |
|
New faces and predictions for the New Year...
...CVE (as tracked in the US National Vulnerability Database ) at a record pace. However, the number of newly reported vulnerabilities in Microsoft products will decrease when expressed as percentage of overall CVE vulnerabilities in 2008
A query of the NVD with "Vendor=Microsoft", "Start Date= January 2007", and "End Date=December 2007" returns...
| |
| |
| |
|
Advisory: CiscoWorks Arbitrary Code Execution Vulnerability
...CVE Number: CVE-2008-2054
Vendor: Cisco Systems
Systems Affected: CiscoWorks Common Services (various versions): Cisco Unified Operations Manager (CUOM), Cisco Unified Service Monitor (CUSM), CiscoWorks QoS Policy Manager (QPM), CiscoWorks LAN Management Solution (LMS), Cisco Security Manager (CSM), Cisco TelePresence Readiness Assessment...
| |
| |
| |
|
The Bitrix open redirect vulnerability: a lesson in the absurd
...CVE-2008-2052
2) The vulnerability is a simple one to reproduce, easily exploited by phishers and malware propagators. The issue is still unresolved by the vendor, so here's an example, still available, from their site
http://www.bitrixsoft.com/bitrix/redirect.php?event1=demo out&event2
sm demo&event3=pdemo&goto=http://www.xssed.com/news/29...
| |
| |
| |
|
Pinch Variant Embedded Within RussianNews.ru
2007-12-23 21:01:52 by HASH0x89b2224 in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...CVE-2006-0003, the type of virtual Keep it Simple Stupid strategy of using outdated vulnerabilities I discussed before. Deobfuscation leads us to : russiannews.ru/arabic/data/news/upload/exp/exe.php
Trojan-PSW.Win32.LdPinch.dzr
File Size : 22016 bytes
MD5 : cb0a480fd845632b9c4df0400f512bb3
SHA1 : 83bb4132d1df8a42603977bd2b1f9c4de07463ab
...
| |
| |
| |
|
MDAC ActiveX Code Execution Exploit Still in the Wild
2007-12-05 12:08:56 by HASH0x89e6630 in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...CVE-2006-0003 , and despite that it was patched in 11 April, 2006, the last quarter of 2007 showcased the malware authors simplistic assumption that outdated but unpatched vulnerabilities can be just as effective as zero day ones, and when the assumption proved to be true -- take Storm Worm's use of outdated vulnerabilities as the best and...
| |
| |
| |
|
Recent Symantec and IBM vulnerabilities, giblets, banned APIs and the SDL
...CVE number for each of these, but it appears none have been assigned. However, all of these bugs are explained in detail at the vuln.sg Web site, and include an assembly-level analysis, which I used to determine the offending code, and sample exploit code. .WPD File Parser Vulnerability
The WPD bug is due to an integer overflow
it is possible...
| |
| |
| |
|
The STRIDE per Element Chart
...CVE data. Their goal was to validate work they'd done on threat trees. (Covered in the SDL book.) They were looking for classes of things that would cause us to ship updates. Thats tremendously important, so Ill repeat it. They were looking for classes of things that would cause us to ship an update. If we wouldnt update for it, it doesnt...