Vulnerabilities Vulnerabilities

Continuous news on hardware and software vulnerabilities from proof of concept to zero day, the dangerous to the novel. Follow the patching topic to narrow your news to emerging fixes.

Review: NetClarity Branch Auditor 5.0

Review: NetClarity Branch Auditor 5.0

Last year we reviewed NetClarity’s Enterprise Auditor product and we liked it a lot. This year we looked at its little sibling, the Branch Auditor. We were amazed at the power of this little handful of an appliance.
Peter Stephenson,CeRNS, May 15 2007 12:00AM Security
Review: Core Impact 6.0

Review: Core Impact 6.0

Impact 6.0 from Core Security is a pure penetration testing tool. It is optimised for production use and comes with a suite of pre-programmed exploits. The support agreement provides regular updates with new exploits. Users can write their own exploits and can add to existing ones in the library. Impact can perform pre-configured scenarios or individual exploits.
Peter Stephenson,CeRNS, May 15 2007 12:00AM Security
Cisco warns of NetFlow vulnerability

Cisco warns of NetFlow vulnerability

Cisco's IP traffic-collection software contains a vulnerability that can provide attackers with unauthorised access and grant them full administrative control to an operating system, the networking giant reported in an advisory.
Dan Kaplan Apr 30 2007 9:44AM Security
Google sponsored advertising links lead to exploits

Google sponsored advertising links lead to exploits

A seemingly innocuous Google search could yield malware on advertising result links, security researchers warned this week.
Dan Kaplan Apr 27 2007 11:12AM Security
QuickTime vulnerability expands to IE

QuickTime vulnerability expands to IE

A QuickTime vulnerability unearthed last Friday also infects Microsoft's Internet Explorer browser.
Shaun Nichols Apr 26 2007 1:00PM Security
Exploits for Windows Server DNS flaw released

Exploits for Windows Server DNS flaw released

Exploits for a vulnerability in Windows Server 2000 and 2003 DNS Service have been publicly released, but stack-based buffer attacks on the flaw remain limited, according to researchers.
Frank Washkuch Apr 17 2007 6:45AM Security
Microsoft suffers DNS vulnerability attacks

Microsoft suffers DNS vulnerability attacks

Microsoft confirmed yesterday that it has uncovered targeted attacks exploiting a new vulnerability in the Windows Server DNS Service.
Staff Writers Apr 16 2007 12:26PM Security
Hot or Not: Local privilege escalation vulnerabilities

Hot or Not: Local privilege escalation vulnerabilities

Due to the interactive nature and required access to exploit, local privilege escalation vulnerabilities have traditionally been thought to have a minimal impact on the strategies enterprise IT departments incorporate to protect networks when compared to other code execution vulnerabilities.
Andre Derek Apr 12 2007 4:31PM Security
Microsoft fixes eight vulnerabilities on second April Patch Tuesday

Microsoft fixes eight vulnerabilities on second April Patch Tuesday

Microsoft today delivered a motley assortment of patches, offering fixes for eight critical server- and client-side vulnerabilities that could lead to attackers executing remote code.
Dan Kaplan Apr 11 2007 10:08AM Security
Despite patch, Microsoft ANI exploits attack through the weekend

Despite patch, Microsoft ANI exploits attack through the weekend

Six days removed from Microsoft's emergency fix for the dangerous ANI handling vulnerability, spammers are turning to an old friend to get their scams to the masses.
Dan Kaplan Apr 10 2007 11:01AM Security
Secunia reports Kaspersky vulnerabilities as highly critical

Secunia reports Kaspersky vulnerabilities as highly critical

Secunia yesterday released a highly critical advisory for multiple vulnerabilities in several Kaspersky Lab products that could allow remote attackers to access or steal files and local attackers to bypass security measures.
Ericka Chickowski Apr 10 2007 10:48AM Security
Review: Rapid7 NeXpose

Review: Rapid7 NeXpose

Rapid7 NeXpose is, generally, an impressive appliance. Although it is a hybrid (vulnerability scanner and penetration test tool), the pen tool is used specifically to validate vulnerabilities and is not intended to be used alone. This is typical of the way an attacker would attempt to penetrate a target.
Peter Stephenson,CeRNS, Apr 10 2007 12:00AM Security
Review: eEye REM Security Manager

Review: eEye REM Security Manager

We found the combination of the REM Security Manager and the Retina Scanner to be easy to use and deploy. In fact, ease of use is this product’s hallmark. The user interface is similar to MS Windows Explorer and is among the most intuitive we’ve seen.
Peter Stephenson,CeRNS, Apr 10 2007 12:00AM Security
Yahoo updates to patch Messenger ActiveX vulnerability

Yahoo updates to patch Messenger ActiveX vulnerability

Yahoo has updated its instant messaging platform to protect against a vulnerability that can allow remote attacks.
Frank Washkuch Apr 5 2007 10:03AM Security
Exploit code surfaces for CA vulnerability

Exploit code surfaces for CA vulnerability

Successful exploit could offer system-level access.
Shaun Nichols Apr 3 2007 11:45AM Security
Exploit code released for vulnerability in CA software

Exploit code released for vulnerability in CA software

Hackers have released exploit code for a vulnerability in CA storage software, the US Computer Emergency Response Team (US-Cert) has warned.
Fiona Raisbeck Apr 3 2007 10:09AM Security
eEye releases third-party patch for Windows .ani handling flaw

eEye releases third-party patch for Windows .ani handling flaw

Attacks exploiting a critical unpatched Windows vulnerability were today linked to Chinese hackers and the February cross-site scripting attack on the website of Dolphins Stadium, the site of Super Bowl XLI.
Frank Washkuch Apr 2 2007 1:43AM Security
Hackers threaten month of MySpace vulnerabilities

Hackers threaten month of MySpace vulnerabilities

Two hackers are planning to fill April's calendar with a month's worth of MySpace vulnerabilities - if the project isn't an April Fools' Day prank.
Frank Washkuch Mar 20 2007 1:40AM Security
OpenBSD flaw exploits IPv6 weakness

OpenBSD flaw exploits IPv6 weakness

Researchers released an advisory today disclosing a remote kernel buffer overflow flaw in the OpenBSD operating system that they claim is the first exploitable IPv6 vulnerability to be publicly disclosed with a proof-of-concept exploit.
Ericka Chickowski Mar 15 2007 12:06AM Security
Experts: Be aware of new Microsoft exploits

Experts: Be aware of new Microsoft exploits

Network administrators shouldn't schedule a nap for the time they usually patch Microsoft operating systems today.
Frank Washkuch Mar 14 2007 7:43AM Security

Log In

  |  Forgot your password?