Dark Reading
Protect The Business - Enable Access
CISO GUIDE: FISMA Compliance
Do more than just cursory scans. Develop
a holistic approach to app security.
Find out how!
Do more than just cursory scans. Develop
a holistic approach to app security.
Find out how!
EBOOK: 7 Truths of IT Governance
Learn to take the ambiguity out of managing IT so you can guide your business forward.
Download now!
Learn to take the ambiguity out of managing IT so you can guide your business forward.
Download now!
BUYERS GUIDE: Endpoint Protection
Use these tips from Gartner to identify the EPP solution that best suits your business.
Download now!
Use these tips from Gartner to identify the EPP solution that best suits your business.
Download now!
Most Popular Articles
'Factory Outlets' Selling Stolen Facebook, Twitter Credentials At Discount Rates
Smarter, Stealthier, Sneakier Malware
I'm Sorry I Called Your Baby Ugly ... But It Is
CJIS Rules Not Impossible To Comply With, But It'll Cost Ya
Utilities Facing Brute-Force Attack Threat
New Privacy, Security, Anti-Tracking Software For Internet Explorer
Have Your Users' Passwords Already Been Hacked?
Hackers Post Symantec Source Code After Failed Extortion Attempt
Más DDoS: More Powerful, Complex, And Widespread
Law Enforcement Ups Its Game In Cybercrime
Splunk Launches Big Data Security Solution
How (And Why) Attackers Choose Their Targets
The 7 Coolest Hacks Of 2011
VeriSign Breach May Actually Reaffirm Commitment To CA Model
Beware Of Valentine's Day Infections, Warns PandaLabs
New Drive-By Spam Infects Those Who Open Email -- No Attachment Needed
The Future of Web Authentication
Researchers Postpone Release Of Free Smart Meter Security Testing Tool
Slide Show: DDoS With The Slow HTTP POST Attack
Role-Based Encryption Provides Data Protection For Enterprises
Big Data Could Create Compliance Issues
M86 Security Releases New Biannual Labs Report
Top 10 PCI Compliance Mistakes
Where's My 'Minority Report' Dashboard?
Passive Network Fingerprinting; p0f Gets Fresh Rewrite
'Robin Sage' Profile Duped Military Intelligence, IT Security Pros
INTERPOL Set To Open Global Cybercrime Center In 2014
A Response To NoSQL Security Concerns
Top 10 Security Mistakes SMBs Make
SIA Comments To FTC On Benefits Of Facial Recognition Technology
How To Spot A Fake Facebook Profile
Are You Contributing To A DDoS Attack? Researcher Says You Might Be
MasterCard And Silver Tail Systems To Bring Online Fraud Solutions To U.S.
Adobe Calls For Defensive Approach In Security Research
Hacktivists Turn To DNS Hijacking
New Denial-Of-Service Attack Cripples Web Servers By Reading Slowly
New Data Shows Rapid Surge In Phishing Email
QR Code Malware Picks Up Steam
'FOCA' And The Power Of Metadata Analysis
New Hack Pinpoints Cell Phone User's Location, Personal And Business Relationships
The Most Notorious Cybercrooks Of 2011 -- And How They Got Caught
Six Deadly Security Blunders Businesses Make
SailPoint AndSymantec Partner To Integrate the Leading Identity Governance And Data Loss Prevention Solutions
Slideshow: Ten Free Security Monitoring Tools
Poisoning The Data Well
Google, Facebook, Bank Of America Behind New Email Security Standard
Attackers Divert Bank Phone Calls to Cover Tracks
Do You Need A Security Operations Center?
When Good Apps Go Bad
How Hackers Will Crack Your Password
Tech Centers
When And How Attackers Are Owning Businesses
Smarter, Stealthier, Sneakier Malware
Más DDoS: More Powerful, Complex, And Widespread
MORE KEYHOLE
ENTERPRISE VULNERABILITIES
Vulnerability:ssl-vpn end-point interrogator/installer activex control
Published:2010-11-03
Severity:High
Description:Stack-based buffer overflow in SonicWALL SSL-VPN End-Point Interrogator/Installer ActiveX control (Aventail.EPInstaller) before 10.5.2 and 10.0.5 hotfix 3 allows remote attackers to execute arbitrary code via long (1) CabURL and (2) Location arguments to the Install3rdPartyComponent method.
Published:2010-11-03
Severity:High
Description:Stack-based buffer overflow in SonicWALL SSL-VPN End-Point Interrogator/Installer ActiveX control (Aventail.EPInstaller) before 10.5.2 and 10.0.5 hotfix 3 allows remote attackers to execute arbitrary code via long (1) CabURL and (2) Location arguments to the Install3rdPartyComponent method.
Vulnerability:gvim
Published:2010-11-03
Severity:High
Description:Untrusted search path vulnerability in VIM Development Group GVim before 7.3.034, and possibly other versions before 7.3.46, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse User32.dll or other DLL that is located in the same folder as a .TXT file. NOTE: some of these details are obtained from third party information.
Published:2010-11-03
Severity:High
Description:Untrusted search path vulnerability in VIM Development Group GVim before 7.3.034, and possibly other versions before 7.3.46, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse User32.dll or other DLL that is located in the same folder as a .TXT file. NOTE: some of these details are obtained from third party information.
Vulnerability:cforms
Published:2010-11-03
Severity:Medium
Description:Multiple cross-site scripting (XSS) vulnerabilities in wp-content/plugins/cforms/lib_ajax.php in cforms WordPress plugin 11.5 allow remote attackers to inject arbitrary web script or HTML via the (1) rs and (2) rsargs[] parameters.
Published:2010-11-03
Severity:Medium
Description:Multiple cross-site scripting (XSS) vulnerabilities in wp-content/plugins/cforms/lib_ajax.php in cforms WordPress plugin 11.5 allow remote attackers to inject arbitrary web script or HTML via the (1) rs and (2) rsargs[] parameters.
Vulnerability:links, wsn links, wsn links
Published:2010-11-03
Severity:High
Description:Multiple SQL injection vulnerabilities in search.php in WSN Links 5.0.x before 5.0.81, 5.1.x before 5.1.51, and 6.0.x before 6.0.1 allow remote attackers to execute arbitrary SQL commands via the (1) namecondition or (2) namesearch parameter.
Published:2010-11-03
Severity:High
Description:Multiple SQL injection vulnerabilities in search.php in WSN Links 5.0.x before 5.0.81, 5.1.x before 5.1.51, and 6.0.x before 6.0.1 allow remote attackers to execute arbitrary SQL commands via the (1) namecondition or (2) namesearch parameter.
Vulnerability:deluxebb
Published:2010-11-03
Severity:Medium
Description:SQL injection vulnerability in misc.php in DeluxeBB 1.3, and possibly earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the xthedateformat parameter in a register action, a different vector than CVE-2005-2989, CVE-2006-2503, and CVE-2009-1033.
Published:2010-11-03
Severity:Medium
Description:SQL injection vulnerability in misc.php in DeluxeBB 1.3, and possibly earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the xthedateformat parameter in a register action, a different vector than CVE-2005-2989, CVE-2006-2503, and CVE-2009-1033.
|
