SEARCH RESULTS
 
Showing 1-10 of 25 records
 
Expand article

Cisco warns of Unified Communications Manager heap overflow flaw

2008-01-16 00:00:00 by Linda Leung in Network World on Security
 
Cisco has released its first newsecurity alert of the year: a warning that its Cisco Unified Communications Manager - formerly CallManager -contains a heap overflow vulnerability in the Certificate Trust List that could allow a hacker to cause a denial-of-service attack or execute arbitrary code
 
Tags: communications manager, cisco, execute arbitrary code, heap overflow vulnerability, trust list, newsecurity alert, callmanager -contains, attack, hacker
 
 
 
 
Expand article

Auditing open source software

2007-10-08 16:13:00 by Panayiotis Mavrommatis in Google Online Security Blog
 
...overflow condition and the bypass of the size check. A subsequent additional integer overflow in the allocation of a buffer leads to a heap-based buffer overflow gunzip . In September 2006, my colleague Tavis Ormandy reported some interesting vulnerabilities in the gunzip decompressor. They were triggered when an evil compressed archive is...
 
Tags: image, malicious image file, libtiff image, values, jpeg image, tiff header values, source, evil tiff file, evil
 
 
 
 
Expand article

Recent Symantec and IBM vulnerabilities, giblets, banned APIs and the SDL

2008-01-04 23:37:00 by sdl in The Security Development Lifecycle
 
...overflow it is possible to cause more than 2400 bytes to be copied from the WordPerfect file into the stack buffer. This overwrites the saved EIP and SEH, and can be exploited for arbitrary code execution Could the SDL have caught this bug? Probably, either through fuzzing, code inspection or static-analysis. All of which are SDL...
 
Tags: linker sdl requirements, sdl requirements, ibm, sdl, requirements, symantec, bugs affect ibm, bugs, sdl refers
 
 
 
 
Expand article

Software Security Metrics and Commentary on "Metrics Framework" Paper

2007-09-17 20:41:00 by Security Retentive in Security Retentive
 
...Overflow OverflowVulnCount Deployment Vuln Testing Tools Injection Flaws InjectionFlawCount Runtime Pen Testing Improper Error Handling NoErrorCheckCount Design Static Analysis Insecure Storage PercentServersNoDiskEncryption Runtime Manual review Application Denial of Service Runtime Pen Testing Insecure Configuration Management Service...
 
Tags: metrics, software security metrics, metrics framework, metrics miss, design-time metric, design, upstream sdl metrics, application, web application security
 
 
 
 
Expand article

New Anti-Cross Site Scripting Library Available

2006-11-27 08:01:00 by Eric Marvets in The Security Samurai
 
...Overflow, but a well crafted attack against the proper target can cause massive amounts of identity theft or at minimum, ruin the reputation of your company Last week, Microsoft released an Anti-XSS library to use in your web applications. They have a tutorial you can view here which shows not only how XSS Attacks works, but also how to use...
 
Tags: library, xss, xss attacks, anti-xss library, vulnerability, xss vulnerability, cross site, site, xss attack
 
 
 
 
Expand article

Blue Box #76: Cisco, Skype and BT vulnerabilities, when SIP looks like SPIT, VoIP security threat predictions and the FBI forgets to pay their bills,

The Article has audio podcast
2008-02-14 18:37:50 by HASH0x8ba57a0 in Blue Box: The VoIP Security Podcast
 
...Overflow Skype: SKYPE-SB/2008-001: Skype Cross Zone Scripting Vulnerability coverage in Skype blog and ComputerWorld article GNUcitizen: BT Home Call Jacking also mentioned in VOIPSEC message coverage in PC World and The Register Voice of VOIPSA : SIP Security slides at ETSI event Voice of VOIPSA : How do you differentiate between legitimate...
 
Tags: voip, voip infringements, voip security professional, voip threat predictions, voip security news, voip security, voip security podcast, comments, sip
 
 
 
 
Expand article

What If All Vulnerabilities Had This Disclosure Timeline?

2008-02-07 02:08:33 by Chris Wysopal in Zero in a bit
 
...overflow vulnerability in RealPlayer 11 build 6.0.14.74. It allows for code execution when RealPlayer opens a malicious song file Timeline Dec 16, 2007: Gleg customers notified of vulnerability and given exploit code Jan 1, 2008: Public disclosure (no details) with online demonstration Feb 6, 2008: Vulnerability still not patched Its not your...
 
Tags: vulnerability finders, vulnerability, vulnerability exists, heap overflow vulnerability, gleg realplayer vulnerability, gleg customer, customer, gleg, exploit code
 
 
 
 
Expand article

Blue Box #76: Cisco, Skype and BT vulnerabilities, when SIP looks like SPIT, VoIP security threat predictions and the FBI forgets to pay their bills,

2008-02-14 19:37:49 by Dan York in Blue Box: The VoIP Security Podcast
 
...Overflow Skype: SKYPE-SB/2008-001: Skype Cross Zone Scripting Vulnerability ??? coverage in Skype blog and ComputerWorld article GNUcitizen: BT Home Call Jacking also mentioned in VOIPSEC message ??? coverage in PC World and The Register Voice of VOIPSA : SIP Security slides at ETSI event Voice of VOIPSA : How do you differentiate between...
 
Tags: voip, voip infringements, voip security professional, voip threat predictions, voip security news, voip security, voip security podcast, comments, sip
 
 
 
 
Expand article

Malicious subtitle file could trip up media player

2008-03-18 13:00:00 by Editor in Computerworld Security News
 
The VLC media player, part of the open-source VideoLAN project, includes a buffer-overflow vulnerability that would allow a hacker to execute harmful code on PCs, Macs, BSD machines and perhaps more
 
Tags: vlc media player, execute harmful code, open-source videolan project, buffer-overflow vulnerability, bsd machines, hacker, pcs, includes, macs