Dark Reading
Risky Business
CISO GUIDE: FISMA Compliance
Do more than just cursory scans. Develop
a holistic approach to app security.
Find out how!
Do more than just cursory scans. Develop
a holistic approach to app security.
Find out how!
EBOOK: 7 Truths of IT Governance
Learn to take the ambiguity out of managing IT so you can guide your business forward.
Download now!
Learn to take the ambiguity out of managing IT so you can guide your business forward.
Download now!
BUYERS GUIDE: Endpoint Protection
Use these tips from Gartner to identify the EPP solution that best suits your business.
Download now!
Use these tips from Gartner to identify the EPP solution that best suits your business.
Download now!
Events
IT Security and Forensics Conference and Expo
March 12, 2009
Illinois Institute of Technology, Wheaton, Illinois
InfoSec World 2009 Conference & Expo
March 7-13, 2009
Orlando, Fla.
Black Hat Europe 2009
April 14-17, 2009
Amsterdam, The Netherlands
RSA Conference 2009
April 20-24, 2009
San Francisco, Calif.
Interop
May 17-21, 2009
Las Vegas, NV
CSI Security Exchange (CSI SX)
May 17-21, 2009
(held in conjunction with Interop)
Black Hat USA
July 25-30, 2009
Las Vegas, NV
Security Pros Say Apps Are Vulnerable -- And Constantly Attacked
New IE Zero-Day Flaw Being Used In Targeted Attacks
RSA Survey: Security Pros Worry That Current Defenses Aren't Enough
MORE KEYHOLE
ENTERPRISE VULNERABILITIES
Vulnerability:blazeds, coldfusion, flex data services, lifecycle
Published:2010-02-15
Severity:Medium
Description:Unspecified vulnerability in BlazeDS 3.2 and earlier, as used in LiveCycle 8.0.1, 8.2.1, and 9.0, LiveCycle Data Services 2.5.1, 2.6.1, and 3.0, Flex Data Services 2.0.1, and ColdFusion 7.0.2, 8.0, 8.0.1, and 9.0, allows remote attackers to obtain sensitive information via vectors that are associated with a request, and related to injected tags and external entity references in XML documents.
Published:2010-02-15
Severity:Medium
Description:Unspecified vulnerability in BlazeDS 3.2 and earlier, as used in LiveCycle 8.0.1, 8.2.1, and 9.0, LiveCycle Data Services 2.5.1, 2.6.1, and 3.0, Flex Data Services 2.0.1, and ColdFusion 7.0.2, 8.0, 8.0.1, and 9.0, allows remote attackers to obtain sensitive information via vectors that are associated with a request, and related to injected tags and external entity references in XML documents.
Vulnerability:odyssey access client
Published:2010-02-15
Severity:High
Description:Stack-based buffer overflow in dsInstallerService.dll in the Juniper Installer Service, as used in Juniper Odyssey Access Client 4.72.11421.0 and other products, allows remote attackers to execute arbitrary code via a long string in a malformed DSSETUPSERVICE_CMD_UNINSTALL command to the NeoterisSetupService named pipe.
Published:2010-02-15
Severity:High
Description:Stack-based buffer overflow in dsInstallerService.dll in the Juniper Installer Service, as used in Juniper Odyssey Access Client 4.72.11421.0 and other products, allows remote attackers to execute arbitrary code via a long string in a malformed DSSETUPSERVICE_CMD_UNINSTALL command to the NeoterisSetupService named pipe.
Vulnerability:acrobat, acrobat reader, adobe air, flash player
Published:2010-02-15
Severity:High
Description:Cross-domain vulnerability in Adobe Flash Player before 10.0.45.2, Adobe AIR before 1.5.3.9130, and Adobe Reader and Acrobat 8.x before 8.2.1 and 9.x before 9.3.1 allows remote attackers to bypass intended sandbox restrictions and make cross-domain requests via unspecified vectors.
Published:2010-02-15
Severity:High
Description:Cross-domain vulnerability in Adobe Flash Player before 10.0.45.2, Adobe AIR before 1.5.3.9130, and Adobe Reader and Acrobat 8.x before 8.2.1 and 9.x before 9.3.1 allows remote attackers to bypass intended sandbox restrictions and make cross-domain requests via unspecified vectors.
Vulnerability:adobe air, flash player
Published:2010-02-15
Severity:Medium
Description:Adobe Flash Player before 10.0.45.2 and Adobe AIR before 1.5.3.9130 allow remote attackers to cause a denial of service (application crash) via a modified SWF file.
Published:2010-02-15
Severity:Medium
Description:Adobe Flash Player before 10.0.45.2 and Adobe AIR before 1.5.3.9130 allow remote attackers to cause a denial of service (application crash) via a modified SWF file.
Vulnerability:dokuwiki
Published:2010-02-15
Severity:Medium
Description:Directory traversal vulnerability in the ACL Manager plugin (plugins/acl/ajax.php) in DokuWiki before 2009-12-25b allows remote attackers to list the contents of arbitrary directories via a .. (dot dot) in the ns parameter.
Published:2010-02-15
Severity:Medium
Description:Directory traversal vulnerability in the ACL Manager plugin (plugins/acl/ajax.php) in DokuWiki before 2009-12-25b allows remote attackers to list the contents of arbitrary directories via a .. (dot dot) in the ns parameter.
|
