Search Results

Search found 374 results on 15 pages for 'vulnerabilities'.

Page 1/15 | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >

  • What is the story behind Java Vulnerabilities?

    - by Maryam
    I always appreciated the Java language. It is known as a very secure platform and many banks use it in their web applications. I wanted to build a project for my school and I discussed the options with some developers. However, one of them said we should ignore Java ecause of vulnerabilities appreared recently in it. For this reason I want to make sure, what is the story behind this and does that mean that Java today considered not much secure as it was previously?

    Read the article

  • Does removing admin rights really mitigate 90% of Critical Windows 7 vulnerabilities found to date?

    - by Jordan Weinstein
    Beyondtrust.com published a report, somewhat recently, claiming among other quite compelling things, "90% of Critical Microsoft Windows 7 Vulnerabilities are Mitigated by Eliminating Admin Rights" Other interesting 'facts' they provide say that these are also mitigated by NOT running as a local admin: 100% of Microsoft Office vulnerabilities reported in 2009 94% of Internet Explorer and 100% of IE 8 vulnerabilities reported in 2009 BUT, reading the first page or so of the report I saw this line: A vulnerability is considered mitigated by removing administrator rights if the following sentence is located in the Security Bulletin’s Mitigating Factors section, ?Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. could be sounds pretty weak to me so and I wondered how valid all this really is. I'm NOT trying to say it's not safer to run without admin rights, I think that is well known. I just wonder if these stats are something you would use as ammo in an argument, or use to sell a change like that (removing users as local admins) to business side? Thoughts? Link to the report (pdf) [should this supposed to be a community wiki?]

    Read the article

  • Website Vulnerabilities

    - by Ben Griswold
    The folks at the Open Web Application Security Project publish a list of the top 10 vulnerabilities. In a recent CodeBrew I provided a quick overview of them all and spent a good amount of time focusing on the most prevalent vulnerability, Cross Site Scripting (XSS).  I gave an overview of XSS, stepped through a quick demo (sorry vulnerable site), reviewed the three XSS variations and talked a bit about how to protect one’s site.  References and reading materials were also included in the presentation and, look at that, they are provided here too. Open Web Application Security Project The OWASP Top Ten Vulnerabilities (pdf) OWASP List of Vulnerabilities The 56 Geeks Project by Scott Johnson ha.ckers.org OWASP XSS Prevention Cheat Sheet Wikipedia Is XSS Solvable?, Don Ankney The Anatomy of Cross Site Scripting, Gavin Zuchlinski

    Read the article

  • CVE-2006-3744 Multiple Integer overflow vulnerabilities in ImageMagick

    - by chandan
    CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2006-3744 Numeric Errors vulnerability 5.1 ImageMagick Solaris 10 SPARC: 136882-03 X86: 136883-03 This notification describes vulnerabilities fixed in third-party components that are included in Sun's product distribution.Information about vulnerabilities affecting Oracle Sun products can be found on Oracle Critical Patch Updates and Security Alerts page.

    Read the article

  • Multiple vulnerabilities in Adobe Flashplayer

    - by chandan
    CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2012-0724 Denial of Service (DoS) vulnerability 10.0 Adobe Flashplayer Solaris 10 SPARC: 125332-24 X86: 125333-23 CVE-2012-0725 Denial of Service (DoS) vulnerability 10.0 CVE-2012-0768 Denial of Service(DoS) vulnerability 10.0 CVE-2012-0769 Information disclosure vulnerability 5.0 CVE-2012-0772 Denial of Service (DoS) vulnerability 10.0 CVE-2012-0773 Denial of Service (DoS) vulnerability 10.0 This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

    Read the article

  • Multiple vulnerabilities in libpng

    - by chandan
    CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2011-2690 Buffer Overflow vulnerability 6.8 PNG reference library (libpng) Solaris 10 SPARC: 137080-06 X86: 137081-06 Solaris 9 Contact Support Solaris 8 Contact Support CVE-2011-2691 Denial of Service (Dos) vulnerability 5.0 CVE-2011-2692 Denial of Service (Dos) vulnerability 4.3 This notification describes vulnerabilities fixed in third-party components that are included in Sun's product distribution.Information about vulnerabilities affecting Oracle Sun products can be found on Oracle Critical Patch Updates and Security Alerts page.

    Read the article

  • Multiple vulnerabilities in Wireshark

    - by chandan
    CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2012-1593 Denial of Service (DoS) vulnerability 3.3 Wireshark Solaris 11 11/11 SRU 8.5 CVE-2012-1594 Improper Control of Generation of Code ('Code Injection') vulnerability 3.3 CVE-2012-1595 Resource Management Errors vulnerability 4.3 CVE-2012-1596 Resource Management Errors vulnerability 5.0 This notification describes vulnerabilities fixed in third-party components that are included in Sun's product distribution.Information about vulnerabilities affecting Oracle Sun products can be found on Oracle Critical Patch Updates and Security Alerts page.

    Read the article

  • Multiple Denial of Service vulnerabilities in Quagga

    - by chandan
    CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2011-3323 Denial of Service (DoS) vulnerability 5.0 Quagga Solaris 10 SPARC: 126206-09 X86: 126207-09 Solaris 11 11/11 SRU 4 CVE-2011-3324 Denial of Service (DoS) vulnerability 5.0 CVE-2011-3325 Denial of Service (DoS) vulnerability 5.0 CVE-2011-3326 Denial of Service (DoS) vulnerability 5.0 This notification describes vulnerabilities fixed in third-party components that are included in Sun's product distribution.Information about vulnerabilities affecting Oracle Sun products can be found on Oracle Critical Patch Updates and Security Alerts page.

    Read the article

  • Multiple Denial of Service vulnerabilities in Quagga

    - by chandan
    CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2007-4826 Denial of Service (DoS) vulnerability 3.5 Quagga Solaris 10 SPARC: 126206-09 X86: 126207-09 Solaris 11 11/11 SRU 4 CVE-2009-1572 Denial of Service (DoS) vulnerability 5.0 CVE-2010-1674 Denial of Service (DoS) vulnerability 5.0 CVE-2010-1675 Denial of Service (DoS) vulnerability 5.0 CVE-2010-2948 Denial of Service (DoS) vulnerability 6.5 CVE-2010-2949 Denial of Service (DoS) vulnerability 5.0 This notification describes vulnerabilities fixed in third-party components that are included in Sun's product distribution.Information about vulnerabilities affecting Oracle Sun products can be found on Oracle Critical Patch Updates and Security Alerts page.

    Read the article

  • Multiple vulnerabilities in Network Time Protocol (NTP)

    - by chandan
    CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2009-0021 Improper Authentication vulnerability 5.0 Firmware SPARC T3-4 SPARC: 147317-01 SPARC T3-2 SPARC: 147316-01 SPARC T3-1B SPARC: 147318-01 SPARC T3-1 SPARC: 147315-01 Netra SPARC T3-1B SPARC: 147320-01 Netra SPARC T3-1 SPARC: 147319-01 Netra SPARC T3-1BA SPARC: 144609-07 CVE-2009-0159 Buffer Overflow vulnerability 6.8 CVE-2009-3563 Denial of Service (DoS) vulnerability 6.4 This notification describes vulnerabilities fixed in third-party components that are included in Sun's product distribution.Information about vulnerabilities affecting Oracle Sun products can be found on Oracle Critical Patch Updates and Security Alerts page.

    Read the article

  • Multiple Resource Management Error vulnerabilities in libexpat

    - by chandan
    CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2012-0876 Resource Management Errors vulnerability 4.3 libexpat Solaris 10 SPARC: 137147-07 X86: 137148-07 Solaris 11 11/11 SRU 11.4 CVE-2012-1148 Resource Management Errors vulnerability 5.0 This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

    Read the article

  • Multiple vulnerabilities in fetchmail

    - by Umang_D
    CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2011-3389 Improper Input Validation vulnerability 4.3 fetchmail Solaris 11 11/11 SRU 12.4 CVE-2012-3482 Denial of Service vulnerability 5.0 This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

    Read the article

  • Multiple Denial of Service (DoS) vulnerabilities in Apache Tomcat

    - by chandan
    CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2011-4858 Resource Management Errors vulnerability 5.0 Apache Tomcat Solaris 11 11/11 SRU 4 Solaris 10 SPARC: 122911-29 X86: 122912-29 Solaris 9 Contact Support CVE-2012-0022 Numeric Errors vulnerability 5.0 This notification describes vulnerabilities fixed in third-party components that are included in Sun's product distribution.Information about vulnerabilities affecting Oracle Sun products can be found on Oracle Critical Patch Updates and Security Alerts page.

    Read the article

  • Multiple vulnerabilities in OpenSSL

    - by chandan
    CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2011-4108 Cryptographic Issues vulnerability 4.3 OpenSSL Solaris 11 11/11 SRU 4a CVE-2011-4109 Unspecified vulnerability 9.3 CVE-2011-4576 Information Disclosure vulnerability 5.0 CVE-2011-4577 Denial of Service (DoS) vulnerability 4.3 CVE-2011-4619 Denial of Service (DoS) vulnerability 5.0 CVE-2012-0027 Denial of Service (DoS) vulnerability 5.0 This notification describes vulnerabilities fixed in third-party components that are included in Sun's product distribution.Information about vulnerabilities affecting Oracle Sun products can be found on Oracle Critical Patch Updates and Security Alerts page.

    Read the article

  • Multiple Denial of Service vulnerabilities in Wireshark

    - by chandan
    CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2012-0041 Denial of Service(DoS) vulnerability 1.9 Wireshark Solaris 11 11/11 SRU 04 CVE-2012-0042 Denial of Service(DoS) vulnerability 2.9 CVE-2012-0043 Buffer Overflow vulnerability 5.4 CVE-2012-0066 Denial of Service(DoS) vulnerability 1.9 CVE-2012-0067 Denial of Service(DoS) vulnerability 1.9 CVE-2012-0068 Buffer Overflow vulnerability 4.4 This notification describes vulnerabilities fixed in third-party components that are included in Sun's product distribution.Information about vulnerabilities affecting Oracle Sun products can be found on Oracle Critical Patch Updates and Security Alerts page.

    Read the article

  • Multiple Vulnerabilities in libpng

    - by chandan
    CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2010-0205 Resource Management Errors vulnerability 7.8 libpng Solaris 8 SPARC: 114816-04 X86: 114817-04 Solaris 9 SPARC: 139382-03 X86: 139383-03 Solaris 10 SPARC: 137080-05 X86: 137081-05 Solaris 11 Express snv_151a CVE-2010-1205 Buffer Overflow vulnerability 7.5 CVE-2010-2249 Resource Management Errors vulnerability 5.0 This notification describes vulnerabilities fixed in third-party components that are included in Sun's product distribution.Information about vulnerabilities affecting Oracle Sun products can be found on Oracle Critical Patch Updates and Security Alerts page.

    Read the article

  • Multiple vulnerabilities in Samba

    - by chandan
    CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2011-2522 Cross-Site Request Forgery (CSRF) vulnerability 6.8 Samba Solaris 10 SPARC: 119757-21 X86: 119758-21 Solaris 9 Contact Support CVE-2011-2694 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability 2.6 This notification describes vulnerabilities fixed in third-party components that are included in Sun's product distribution.Information about vulnerabilities affecting Oracle Sun products can be found on Oracle Critical Patch Updates and Security Alerts page.

    Read the article

  • Multiple vulnerabilities in ImageMagick

    - by chandan
    CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2007-4985 Resource Management Errors vulnerability 4.3 ImageMagick Solaris 10 SPARC: 136882-03 X86: 136883-03 CVE-2007-4986 Numeric Errors vulnerability 6.8 CVE-2007-4987 Numeric Errors vulnerability 9.3 CVE-2007-4988 Numeric Errors vulnerability 6.8 CVE-2010-4167 Untrusted search path vulnerability 6.9 This notification describes vulnerabilities fixed in third-party components that are included in Sun's product distribution.Information about vulnerabilities affecting Oracle Sun products can be found on Oracle Critical Patch Updates and Security Alerts page.

    Read the article

  • Multiple vulnerabilities in Wireshark

    - by RitwikGhoshal
    CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2012-4048 Improper Control of Generation of Code ('Code Injection') vulnerability 3.3 Wireshark Solaris 11 11/11 SRU 11.4 CVE-2012-4049 Improper Control of Generation of Code ('Code Injection') vulnerability 2.9 This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

    Read the article

  • Multiple vulnerabilities in Wireshark

    - by RitwikGhoshal
    CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2012-2392 Resource Management Errors vulnerability 3.3 Wireshark Solaris 11 11/11 SRU 11.4 CVE-2012-2393 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 3.3 CVE-2012-2394 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 3.3 This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

    Read the article

  • CVE-2010-2761, CVE-2010-4411 Vulnerabilities in CGI.pm Perl Module in Solaris 10

    - by chandan
    CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2010-2761 Failure to Control Generation of Code ('Code Injection') vulnerability 4.3 Perl 5.8 Solaris 10 SPARC: 141552-04 X86: 141553-04 CVE-2010-4411 Unspecified vulnerability in CGI.pm 4.3 This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

    Read the article

  • Multiple Tomcat vulnerabilities in Oracle Health Sciences LabPas

    - by RitwikGhoshal
    CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2012-2733 Improper Input Validation vulnerability 5.0 Apache Tomcat Oracle Health Sciences LabPas upgrade to Apache Tomcat v6.0.36 CVE-2012-3439 DIGEST authentication implementation issues 5.0 CVE-2012-3546 Security constraints bypass vulnerability 5.5 CVE-2012-4431 CSRF prevention filter bypass vulnerability 4.3 CVE-2012-4534 Denial of Service (DoS) vulnerability 4.3 This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

    Read the article

  • Multiple vulnerabilities in Foomatic

    - by chandan
    CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2011-2697 Improper Input Validation vulnerability 6.8 Foomatic Solaris 11 11/11 SRU 8.5 Solaris 10 Contact Support Solaris 9 Contact Support CVE-2011-2964 Improper Control of Generation of Code ('Code Injection') vulnerability 6.8 This notification describes vulnerabilities fixed in third-party components that are included in Sun's product distribution.Information about vulnerabilities affecting Oracle Sun products can be found on Oracle Critical Patch Updates and Security Alerts page.

    Read the article

  • Multiple Denial of Service vulnerabilities in Ghostscript

    - by chandan
    CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2011-4516 Denial of Service (DoS) vulnerability 6.8 Ghostscript Solaris 10 SPARC: 122259-06 X86: 122260-06 Solaris 11 11/11 SRU 6.6 CVE-2011-4517 Denial of Service (DoS) vulnerability 6.8 This notification describes vulnerabilities fixed in third-party components that are included in Sun's product distribution.Information about vulnerabilities affecting Oracle Sun products can be found on Oracle Critical Patch Updates and Security Alerts page.

    Read the article

  • Multiple Vulnerabilities in Thunderbird

    - by chandan
    CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2011-3648 Cross-site scripting (XSS) vulnerability 4.3 Thunderbird Solaris 11 11/11 SRU 04 CVE-2011-3650 Denial of Service(DoS) vulnerability 9.3 CVE-2011-3651 Denial of Service(DoS) vulnerability 10.0 CVE-2011-3652 Denial of Service(DoS) vulnerability 10.0 CVE-2011-3654 Denial of Service(DoS) vulnerability 10.0 CVE-2011-3655 Access Control vulnerability 9.3 This notification describes vulnerabilities fixed in third-party components that are included in Sun's product distribution.Information about vulnerabilities affecting Oracle Sun products can be found on Oracle Critical Patch Updates and Security Alerts page.

    Read the article

1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >