Vulnerabilities Vulnerabilities

Continuous news on hardware and software vulnerabilities from proof of concept to zero day, the dangerous to the novel. Follow the patching topic to narrow your news to emerging fixes.

Citrix urges upgrade to avoid vulnerability

Citrix urges upgrade to avoid vulnerability

Software vendor Citrix has advised users of its Presentation Server Client to upgrade to version 10 of the software to avoid being exploited by a ‘highly critical’ vulnerability discovered this week.
Frank Washkuch, , Negar Salek Mar 9 2007 5:04PM Security
Microsoft sews XBox privilege vulnerability

Microsoft sews XBox privilege vulnerability

Microsoft has silently patched a privilege-escalation flaw in Xbox 360 that would have let users run operating systems and other programs on the popular gaming console.
Dan Kaplan Mar 7 2007 12:42AM Security
Symantec: Vista firewall vulnerability uncovered

Symantec: Vista firewall vulnerability uncovered

The firewall in Microsoft Windows Vista can be compromised to perform prohibited functions, according to new research by Symantec.
Fiona Raisbeck Mar 6 2007 12:41AM Security
Vulnerability discovered in Microsoft Office 2007

Vulnerability discovered in Microsoft Office 2007

A vulnerability discovered in Microsoft's Office 2007 could be exploited by a malicious user to execute arbitrary code on a compromised computer, security experts warn.
Fiona Raisbeck Feb 27 2007 12:53AM Security
Experts warn of Snort vulnerability

Experts warn of Snort vulnerability

Hackers intrude on intrusion detection system.
Staff Writers Feb 23 2007 10:24AM Security
Critical vulnerability surfaces on Google Desktop

Critical vulnerability surfaces on Google Desktop

Desktop search vulnerable to cross site scripting attack.
Tom Sanders Feb 22 2007 9:53AM Security
Cisco warns of more router vulnerabilities

Cisco warns of more router vulnerabilities

Cisco has reported two vulnerabilities affecting a feature designed to protect software being used in the networking giant's widely deployed switchers and routers.
Dan Kaplan Feb 16 2007 10:07AM Security
Vulnerabilities in software running on Cisco routers, switches

Vulnerabilities in software running on Cisco routers, switches

Cisco has reported two vulnerabilities affecting a feature designed to protect software being used in the networking giant's widely deployed switchers and routers.
Dan Kaplan Feb 15 2007 7:24AM Security
Symantec, McAfee agree Microsoft PowerPoint vulnerability was patched

Symantec, McAfee agree Microsoft PowerPoint vulnerability was patched

Two leading anti-virus firms, who were debating the existence of an unpatched Microsoft PowerPoint vulnerability, now both agree the hole was sealed in Redmond's security update on Tuesday.
Dan Kaplan Feb 15 2007 6:21AM Security
Trend Micro updates to fix Scan Engine vulnerability

Trend Micro updates to fix Scan Engine vulnerability

Trend Micro has confirmed a vulnerability in its Scan Engine application that could be exploited by malicious users to take control of an affected system.
Frank Washkuch Feb 9 2007 7:00PM Security
Web app exploits biggest hacking target in 2007

Web app exploits biggest hacking target in 2007

Remotely exploitable vulnerabilities will be the most widespread global threat vector this year due to the lack of effective security, according to an expert at global security vendor, Secure Computing.
Negar Salek Feb 8 2007 1:37PM Security
Review: Tenable Nessus 3

Review: Tenable Nessus 3

Nessus is one of the granddaddies of vulnerability scanners. Today, Nessus is not only a powerful open source product in its own right, it is the basis for some of the most powerful commercial vulnerability scanners available.
Peter Stephenson,CeRNS, Feb 5 2007 12:00AM Security
Review: ISS Proventia Network

Review: ISS Proventia Network

The ISS Proventia Network Enterprise Scanner is part of a larger security management system and, as such, shows its best performance as part of that suite. We tested the product outside of the Proventia suite and we do not recommend this approach. The network scanner requires, at minimum, MS SQLServer and ISS Site Protector to support it. If all you need is a vulnerability scanner, this is not your best bet.
Peter Stephenson,CeRNS, Feb 5 2007 12:00AM Security
Review: Saint Scanner + Exploit

Review: Saint Scanner + Exploit

We have been watching Saint a long time. Saint, as many old-timers may recall, began life as an open source version of Satan, one of the first serious open source vulnerability scanners. Eventually the tool was commercialised and it has maintained many of its open source roots.
Peter Stephenson,CeRNS, Feb 5 2007 12:00AM Security
Microsoft tells Symantec that latest exploited Word flaw is variation of older vulnerability

Microsoft tells Symantec that latest exploited Word flaw is variation of older vulnerability

Microsoft has confirmed that what appeared to be a newly discovered Word flaw is actually a variant of a vulnerability revealed last year, according to Symantec.
Frank Washkuch Feb 2 2007 6:26PM Security
Is there a fifth zero-day vulnerability in Microsoft Word?

Is there a fifth zero-day vulnerability in Microsoft Word?

Microsoft today shot down reports that a fifth zero-day vulnerability was targeting Word.
Dan Kaplan Feb 1 2007 8:06AM Security
Review: Passive Vulnerability Scanner

Review: Passive Vulnerability Scanner

The Tenable Passive Vulnerability Scanner (PVS) is a most interesting product. It is truly passive in that it does not perform active scans of any kind. It is, simply, a very smart sniffer. The product depends for its usefulness on the way that it collects and reports vulnerability data. Since the PVS is always listening, it constantly collects information from the normal data flows on the network. This is superior to active scanners in two important ways.
Peter Stephenson,CeRNS, Jan 29 2007 12:00AM Security
Microsoft advisory warns exploits targeting newest Word vulnerability

Microsoft advisory warns exploits targeting newest Word vulnerability

Microsoft is warning Word users of attackers exploiting a newly discovered - and "extremely critical" - vulnerability.
Frank Washkuch Jan 26 2007 11:28PM Security
Trojan horse exploits European storms

Trojan horse exploits European storms

It never rains but it pours.
Iain Thomson Jan 22 2007 9:37AM Security
Google cross-site scripting vulnerability found, patched

Google cross-site scripting vulnerability found, patched

A Google cross-site scripting vulnerability within a web-hosting service has been discovered by security researchers, the third such problem identified in recent weeks.
Fiona Raisbeck Jan 18 2007 7:01AM Security

Log In

  |  Forgot your password?