Dark Reading
Protect The Business - Enable Access
CISO GUIDE: FISMA Compliance
Do more than just cursory scans. Develop
a holistic approach to app security.
Find out how!
Do more than just cursory scans. Develop
a holistic approach to app security.
Find out how!
EBOOK: 7 Truths of IT Governance
Learn to take the ambiguity out of managing IT so you can guide your business forward.
Download now!
Learn to take the ambiguity out of managing IT so you can guide your business forward.
Download now!
BUYERS GUIDE: Endpoint Protection
Use these tips from Gartner to identify the EPP solution that best suits your business.
Download now!
Use these tips from Gartner to identify the EPP solution that best suits your business.
Download now!
All Security News Feeds
SocialShield Releases the Top Social Networking Terms Kids Don't Want Their Parents To Know
Yubico And CloudPassage Bring Easy, Secure Two-Factor Authentication To Cloud Servers
CloudPassage Launches Network Security In The Cloud Inbox
Vulnerabilities Reported In Mac Encryption Products
Backupify Announces Security Best Practices, Adds Multiple Layers Of Protection To Cloud Application Data Backup
New Survey: Two-Thirds Of Companies Interested In Switching Authentication Vendors
Country With Most Online Fraud Attempts/How Much Fraud On Mobile Devices Revealed
IBM Announces New Software to Manage And Secure The Influx Of Mobile Devices To The Workplace
Baltimore-Based Security Provider Lookingglass Raises $5 Million In Funding
Auto/Mate Launches Guard/Mate
Wave Launches Cloud-Based Encryption Service
Infoblox And CA Technologies Deliver Network Automation And Compliance Capabilities
MetaFlows Announces Software-Based IDPS, Enables IDPS Hardware For 1/10 The Price
Survey Of Security And Audit Pros, DBAs Reveals Responsibility Disconnect, Lack Of Management Commitment Impedes Database Security Efforts
McAfee and Security & Defence Agenda Release Global Cyber Defense Report
McAfee Announces Next Generation Of Mobile Security Software
Vormetric Announces Record Revenues For 2011
Symantec Reports Record Third Quarter Fiscal 2012 Results
Mobile Marketing Association Releases Final Privacy Policy Guidelines For Mobile Apps
Dome9 Unveils Industry First Multi-Cloud Security Groups
Sophos Reveals Assessment On Threat Landscape In Security Threat Report 2012
FireHost's European-Based Secure Cloud Hosting Services Go Live
Fluke Rolls Out New Threat Signatures Released To Protect Against Wireless Attacks
Packet Plus Introduces Interactive Networking Stack Debugger
WatchDox Introduces Secure Annotation, Collaboration For iPad, iPhone
BB&T Payment Solutions Offers Free Data Security Webinar For Small Business Owners
Yubico Reports 2011 Record Growth, Outlook For 2012
Sourcefire Rolls Out FireAMP For Blocking Advanced Malware Utilizing Big Data Analytics
Alcatel-Lucent and Arbor Networks Team Up In The Fight Against 'Denial-Of-Service' Attacks
NQ Mobile Launches Mobile Security V6.0 For Android
Suits And Spooks Anti-Conference Aims to Redefine Security
Prolexic Enhances Portal to Provide Customers With More Insight Into DDoS Threats And Mitigation
SharePoint Users Develop Insecure Habits
Trend Micro Marks 2011 "The Year Of Data Breaches"
Qualys Launches New Freemium Web Security Service For SMBs
F5 Announces Earnings For Q1 FY2012
Avira Partners With Secure.me To Offer Facebook Protection
Klocwork Insight 9.5 Creates New Benchmark For Developer-Friendly Source Code Analysis
Version 8.3 Of Astaro Security Gateway Brings UTM To The Cloud
Identropy Secures $4 Million In Series A Funding
SITA First To Achieve PCI Security Compliance For Passenger Processing
Metasploit Exploit Module Released For PLC SCADA Devices
HBGary And HP Enterprise Security Partner To Deliver Advanced Threat Intelligence On The ArcSight Platform To Combat Targeted Attacks
Webroot Engages Former Symantec Executive To Support Global Expansion Inbox
GFI Software Enhances Dynamic Malware Analysis
Cambridge company Launches Ultra-Secure 3rd Generation Networked SCADA System
Facebook 'Koobface' Malware Gang Unmasked -- Sophos Releases Exclusive Research
Symantec Announces Intelligent Information Governance To Mitigate Risks And Free Information
Symplified Reports Major Growth In 2011
SentryBay And NetSTAR Sign Strategic Technology Partnership
Tech Centers
How To Spot A Fake Facebook Profile
FDIC Warns Of 'High Risk' Payment Processors
More Than Half Of Cyberattacks Come From Asia
MORE KEYHOLE
ENTERPRISE VULNERABILITIES
Vulnerability:ssl-vpn end-point interrogator/installer activex control
Published:2010-11-03
Severity:High
Description:Stack-based buffer overflow in SonicWALL SSL-VPN End-Point Interrogator/Installer ActiveX control (Aventail.EPInstaller) before 10.5.2 and 10.0.5 hotfix 3 allows remote attackers to execute arbitrary code via long (1) CabURL and (2) Location arguments to the Install3rdPartyComponent method.
Published:2010-11-03
Severity:High
Description:Stack-based buffer overflow in SonicWALL SSL-VPN End-Point Interrogator/Installer ActiveX control (Aventail.EPInstaller) before 10.5.2 and 10.0.5 hotfix 3 allows remote attackers to execute arbitrary code via long (1) CabURL and (2) Location arguments to the Install3rdPartyComponent method.
Vulnerability:gvim
Published:2010-11-03
Severity:High
Description:Untrusted search path vulnerability in VIM Development Group GVim before 7.3.034, and possibly other versions before 7.3.46, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse User32.dll or other DLL that is located in the same folder as a .TXT file. NOTE: some of these details are obtained from third party information.
Published:2010-11-03
Severity:High
Description:Untrusted search path vulnerability in VIM Development Group GVim before 7.3.034, and possibly other versions before 7.3.46, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse User32.dll or other DLL that is located in the same folder as a .TXT file. NOTE: some of these details are obtained from third party information.
Vulnerability:cforms
Published:2010-11-03
Severity:Medium
Description:Multiple cross-site scripting (XSS) vulnerabilities in wp-content/plugins/cforms/lib_ajax.php in cforms WordPress plugin 11.5 allow remote attackers to inject arbitrary web script or HTML via the (1) rs and (2) rsargs[] parameters.
Published:2010-11-03
Severity:Medium
Description:Multiple cross-site scripting (XSS) vulnerabilities in wp-content/plugins/cforms/lib_ajax.php in cforms WordPress plugin 11.5 allow remote attackers to inject arbitrary web script or HTML via the (1) rs and (2) rsargs[] parameters.
Vulnerability:links, wsn links, wsn links
Published:2010-11-03
Severity:High
Description:Multiple SQL injection vulnerabilities in search.php in WSN Links 5.0.x before 5.0.81, 5.1.x before 5.1.51, and 6.0.x before 6.0.1 allow remote attackers to execute arbitrary SQL commands via the (1) namecondition or (2) namesearch parameter.
Published:2010-11-03
Severity:High
Description:Multiple SQL injection vulnerabilities in search.php in WSN Links 5.0.x before 5.0.81, 5.1.x before 5.1.51, and 6.0.x before 6.0.1 allow remote attackers to execute arbitrary SQL commands via the (1) namecondition or (2) namesearch parameter.
Vulnerability:deluxebb
Published:2010-11-03
Severity:Medium
Description:SQL injection vulnerability in misc.php in DeluxeBB 1.3, and possibly earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the xthedateformat parameter in a register action, a different vector than CVE-2005-2989, CVE-2006-2503, and CVE-2009-1033.
Published:2010-11-03
Severity:Medium
Description:SQL injection vulnerability in misc.php in DeluxeBB 1.3, and possibly earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the xthedateformat parameter in a register action, a different vector than CVE-2005-2989, CVE-2006-2503, and CVE-2009-1033.
|
