Welcome Guest. | Log In | Register | Membership Benefits


DARK READING NEWSLETTER SUBSCRIPTION PAGE
To join our mailing lists, please submit the following information:
[To unsubscribe to our newsletter(s), click here]
 
* - required
*E-Mail:
 
 First Name:
 
 Last Name:
 
 Company Name:
 
 Postal Code:
 
  Country:
 
Check If You Will Receive Newsletters on a Mobile Device
   
Dark Reader Weekly Newsletter:
Your weekly keyhole into the chaos and mystery of network and data security. Look for this compilation every Thursday, chock-full of product and industry news, threat reports, vulnerability discoveries, compliance issues, and user experiences. In addition, there's also our enlightened and delusional commentary, as well best-of security stories from around the web.
Delivered: Thursdays
   
Dark Reading Daily Newsletter:
Your daily dose of the latest news, analysis and opinion from the editors and contributors of Dark Reading, the Internet's most paranoid publicaton for security intel.
Delivered: Daily
   
Dark Reading Database Security Weekly:
The Dark Reading Database Security Weekly offers news, analysis, and opinion on all aspects of database security. It brings readers insights on the latest threats and breaches in the database environment, as well as breaking news on the tools, practices and technologies for database defense.
Delivered: Tuesdays
   
CHECK BOTH
   
* Job Title:
 
  Business Address:
 
  City:
 
  State Prov:
 
  Phone Number (no dashes or spaces):
 
* Company Annual Revenues:
 
* Job Function:
 
  Company URL:
 
* Primary Business:
 
* Employees in Organization:
 
  E-Mail Preference:
 

 







Bugs
ENTERPRISE VULNERABILITIES
Vulnerability:ssl-vpn end-point interrogator/installer activex control
Published:2010-11-03
Severity:High
Description:Stack-based buffer overflow in SonicWALL SSL-VPN End-Point Interrogator/Installer ActiveX control (Aventail.EPInstaller) before 10.5.2 and 10.0.5 hotfix 3 allows remote attackers to execute arbitrary code via long (1) CabURL and (2) Location arguments to the Install3rdPartyComponent method.
Vulnerability:gvim
Published:2010-11-03
Severity:High
Description:Untrusted search path vulnerability in VIM Development Group GVim before 7.3.034, and possibly other versions before 7.3.46, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse User32.dll or other DLL that is located in the same folder as a .TXT file. NOTE: some of these details are obtained from third party information.
Vulnerability:cforms
Published:2010-11-03
Severity:Medium
Description:Multiple cross-site scripting (XSS) vulnerabilities in wp-content/plugins/cforms/lib_ajax.php in cforms WordPress plugin 11.5 allow remote attackers to inject arbitrary web script or HTML via the (1) rs and (2) rsargs[] parameters.
Vulnerability:links, wsn links, wsn links
Published:2010-11-03
Severity:High
Description:Multiple SQL injection vulnerabilities in search.php in WSN Links 5.0.x before 5.0.81, 5.1.x before 5.1.51, and 6.0.x before 6.0.1 allow remote attackers to execute arbitrary SQL commands via the (1) namecondition or (2) namesearch parameter.
Vulnerability:deluxebb
Published:2010-11-03
Severity:Medium
Description:SQL injection vulnerability in misc.php in DeluxeBB 1.3, and possibly earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the xthedateformat parameter in a register action, a different vector than CVE-2005-2989, CVE-2006-2503, and CVE-2009-1033.



Briefing Centers
POWERFUL INFORMATION
AT YOUR FINGERTIPS
(SPONSORED LINKS)