Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in January 2013
<<   <   Page 2 / 2
Deep Dive With David Litchfield
News  |  1/8/2013  | 
Renowned database security researcher chats up shark-diving, bug-hunting -- and how Sandra Bullock killed his zoology degree
Blackhole Botnet Creator Buys Up Zero Day Exploits
News  |  1/8/2013  | 
Crimeware toolkit is apparently so successful that creator been given $100,000 to shop for the latest vulnerabilities.
McAfee Strikes Back: Spyware Sting Targets Belize Government
News  |  1/8/2013  | 
Antivirus firm founder's story takes another bizarre twist, as he claims to have found connection between Hezbollah extremists and Belizean government officials.
Healthcare Settlement Highlights Risk Analysis, Encryption Importance
News  |  1/7/2013  | 
HIPAA breach settlement proves size doesn’t matter when failing to safeguard sensitive patient information.
Microsoft Patches Won't Fix IE Zero-Day Vulnerability
News  |  1/7/2013  | 
Microsoft's first Patch Tuesday of 2013 will address 12 flaws, including a critical vulnerability affecting virtually all Windows machines.
Microsoft, Mozilla, Opera Block Unauthorized Digital Certificate
News  |  1/4/2013  | 
Google alert prompts other browser vendors to block rogue digital certificates.
Errant Google Domain Traced To CA's Mistakes
News  |  1/4/2013  | 
Certificate authority Turktrust details internal errors that led to phony digital certificates
Patient Privacy Advocate Calls For Better Cloud Security
News  |  1/4/2013  | 
Letter to Office of Civil Rights calls for stronger data security protections, business associate agreements with cloud computing services.
CSOs Say: 'Court' Your Middle Managers, Too
Quick Hits  |  1/3/2013  | 
Security for Business Innovation Council (SBIC) members warn of 'disruptive' technologies for 2013 that will test enterprise security
<<   <   Page 2 / 2


COVID-19: Latest Security News & Commentary
Dark Reading Staff 6/1/2020
Stay-at-Home Orders Coincide With Massive DNS Surge
Robert Lemos, Contributing Writer,  5/27/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-13757
PUBLISHED: 2020-06-01
Python-RSA 4.0 ignores leading '\0' bytes during decryption of ciphertext. This could conceivably have a security-relevant impact, e.g., by helping an attacker to infer that an application uses Python-RSA, or if the length of accepted ciphertext affects application behavior (such as by causing exces...
CVE-2020-13758
PUBLISHED: 2020-06-01
modules/security/classes/general.post_filter.php/post_filter.php in the Web Application Firewall in Bitrix24 through 20.0.950 allows XSS by placing %00 before the payload.
CVE-2020-9291
PUBLISHED: 2020-06-01
An Insecure Temporary File vulnerability in FortiClient for Windows 6.2.1 and below may allow a local user to gain elevated privileges via exhausting the pool of temporary file names combined with a symbolic link attack.
CVE-2019-15709
PUBLISHED: 2020-06-01
An improper input validation in FortiAP-S/W2 6.2.0 to 6.2.2, 6.0.5 and below, FortiAP-U 6.0.1 and below CLI admin console may allow unauthorized administrators to overwrite system files via specially crafted tcpdump commands in the CLI.
CVE-2020-13695
PUBLISHED: 2020-06-01
In QuickBox Community Edition through 2.5.5 and Pro Edition through 2.1.8, the local www-data user has sudo privileges to execute grep as root without a password, which allows an attacker to obtain sensitive information via a grep of a /root/*.db or /etc/shadow file.