Search Results

Search found 374 results on 15 pages for 'vulnerabilities'.

Page 5/15 | < Previous Page | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >

  • Looking for resources to explain a security risk.

    - by Dave
    I've a developer which has given users the ability to download a zip archive which contains an html document which references a relative javascript file and flash document. The flash document accepts as one of it's parameters a url which is embedded in the html document. I believe that this archive is meant to be used as a means to transfer an advertisement to someone who would use the source to display the ad on their site, however the end user appears to want to view it locally. When one opens the html document the flash document is presented and when the user clicks on the flash document it redirects to this embedded url. However, if one extracts the archive on the desktop and opens the html document in a browser and clicks the flash object, nothing observable happens, they will not be redirected to the external url. I believe this is a security risk because one is transferring from the local computer zone to an external zone. I'm trying to determine the best way to explain this security risk in the simplest of terms to a very end user. They simply believe it's "broken" when it's not broken, they're being protected from a known vulnerability. The developer attempted to explain how to copy the files to a local iis instance, which I highly doubt is running on the users machine, and I do not consider this to be a viable explanation.

    Read the article

  • Are SQL Injection vulnerabilities in a PHP application acceptable if mod_security is enabled?

    - by Austin Smith
    I've been asked to audit a PHP application. No framework, no router, no model. Pure PHP. Few shared functions. HTML, CSS, and JS all mixed together. I've discovered numerous places where SQL injection would be easily possible. There are other problems with the application (XSS vulnerabilities, rampant inline CSS, code copy-pasted everywhere) but this is the biggest. Sometimes they escape inputs, not using a prepared query or even mysql_real_escape_string(), mind you, but using addslashes(). Often, though, their queries look exactly like this (pasted from their code but with columns and variable names changed): $user = mysql_query("select * from profile where profile_id='".$_REQUEST["profile_id"]."'"); The developers in question claimed that they were unable to hack their application. I tried, and found mod_security to be enabled, resulting in HTTP 406 for some obvious SQL injection attacks. I believe there to be sophisticated workarounds for mod_security, but I don't have time to chase them down. They claim that this is a "conceptual" matter and not a "practical" one since the application can't easily be hacked. Their internal auditor agreed that there were problems, but emphasized the conceptual nature of the issues. They also use this conceptual/practical argument to defend against inline CSS and JS, absence of code organization, XSS vulnerabilities, and massive amounts of repetition. My client (rightly so, perhaps) just wants this to go away so they can launch their product. The site works. You can log in, do what you need to do, and things are visibly functional, if slow. SQL Injection would indeed be hard to do, given mod_security. Further, their talk of "conceptual vs. practical" is rhetorically brilliant, considering that my client doesn't understand web application security. I worry that they've succeeded in making me sound like an angry puritan. In many ways, this is a problem of politics, not technology, but I am at a loss. As a developer, I want to tell them to toss the whole project and start over with a new team, but I face a strong defense from the team that built it and a client who really needs to ship their product. Is my position here too harsh? Even if they fix the SQL Injection and XSS problems can I ever endorse the release of an unmaintainable tangle of spaghetti code?

    Read the article

  • April 2010 Critical Patch Update Released

    - by eric.maurice
    Hi, this is Eric Maurice. Today Oracle released the April 2010 Critical Patch Update (CPUApr2010),the first one to include security fixes for Oracle Solaris. Today's Critical Patch Update (CPU) provides 47 new security fixes across the following product families: Oracle Database Server, Oracle Fusion Middleware, Oracle Collaboration Suite, Oracle E-Business Suite, Oracle PeopleSoft Enterprise, Oracle Life Sciences, Retail, and Communications Industry Suites, and Oracle Solaris. 28 of these 47 new vulnerabilities are remotely exploitable without authentication, but the criticality of the affected components and the severity of these vulnerabilities vary greatly. Customers should, as usual, refer to the Risk Matrices in the CPU Advisory to assess the relevance of these fixes for their environment (and the urgency with which to apply the fixes). 7 of the 47 new vulnerabilities affect various versions of Oracle Database Server. None of these 7 vulnerabilities are remotely exploitable without authentication. Furthermore, none of these fixes are applicable to client-only deployments. The most severe CVSS Base Score for the Database Server vulnerabilities is 7.1. As a reminder, information about Oracle's use of the CVSS 2.0 standard can be found in Note 394487.1 (My Oracle Support subscription required). Note that this Critical Patch Update includes fixes for vulnerabilities that were publicly disclosed by David Litchfield at the BlackHat DC Conference in early February (CVE-2010-0866 and CVE-2010-0867). 5 of the 47 new vulnerabilities affect various components of the Oracle Fusion Middleware product family. The highest CVSS Base Score for these vulnerabilities is 7.5. Note that the patches for Oracle WebLogic Server are cumulative and this Critical Patch Update therefore also includes a fix for a vulnerability (CVE-2010-0073) that was the subject of a Security Alert issued by Oracle on February 4, 2010. Customers, who have not applied the previously-released patch, should apply today's Critical Patch Update as soon as possible. As stated at the beginning of this blog, it is also noteworthy to highlight that this Critical Patch Update provides 16 new fixes for the Sun product line. With the recent close of the Sun acquisition both security organizations have worked diligently to align Sun's previous security practices with Oracle's. Java users know that Oracle released a Critical Patch Update for Java SE and Java For Business earlier this month (in accordance with the Java patching schedule previously published by Sun Microsystems). Please note that for the first time, the Java advisories included CVSS Scores to help assess the severity of the new vulnerabilities fixed with the advisory. The rapid inclusion of the Solaris product lines in the Critical Patch Update and the extension of Oracle Software Security Assurance to Sun technologies are evidence of the flexibility of Oracle's security assurance programs. These should also result in tangible security benefits for the users of the Oracle hardware and software stack (such as a predictable patching schedule for all Oracle products).

    Read the article

  • what are some good interview questions for a position that consists of reviewing code for security vulnerabilities?

    - by John Smith
    The position is an entry-level position that consists of reading C++ code and identifying lines of code that are vulnerable to buffer overflows, out-of-bounds reads, uncontrolled format strings, and a bunch of other CWE's. We don't expect the average candidate to be knowledgeable in the area of software security nor do we expect him or her to be an expert computer programmer; we just expect them to be able to read the code and correctly identify vulnerabilities. I guess I could ask them the typical interview questions: reverse a string, print a list of prime numbers, etc, but I'm not sure that their ability to write code under pressure (or lack thereof) tells me anything about their ability to read code. Should I instead focus on testing their knowledge of C++? Ask them if they understand what a pointer is and how bitwise operators work? My only concern about asking that kind of question is that I might unfairly weed out people who don't happen to have the knowledge but have the ability to acquire it. After all, it's not like they will be writing a single line of code, and it's not like we are looking only for people who already know C++, since we are willing to train the right candidate. (It is true that I could ask those questions only to those candidates who claim to know C++, but I'd like to give the same "test" to everyone.) Should I just focus on trying to get an idea of their level of intelligence? In other words, should I get them to talk and pay attention to the way they articulate their thoughts, and so on?

    Read the article

  • How I might think like a hacker so that I can anticipate security vulnerabilities in .NET or Java before a hacker hands me my hat [closed]

    - by Matthew Patrick Cashatt
    Premise I make a living developing web-based applications for all form-factors (mobile, tablet, laptop, etc). I make heavy use of SOA, and send and receive most data as JSON objects. Although most of my work is completed on the .NET or Java stacks, I am also recently delving into Node.js. This new stack has got me thinking that I know reasonably well how to secure applications using known facilities of .NET and Java, but I am woefully ignorant when it comes to best practices or, more importantly, the driving motivation behind the best practices. You see, as I gain more prominent clientele, I need to be able to assure them that their applications are secure and, in order to do that, I feel that I should learn to think like a malevolent hacker. What motivates a malevolent hacker: What is their prime mover? What is it that they are most after? Ultimately, the answer is money or notoriety I am sure, but I think it would be good to understand the nuanced motivators that lead to those ends: credit card numbers, damning information, corporate espionage, shutting down a highly visible site, etc. As an extension of question #1--but more specific--what are the things most likely to be seeked out by a hacker in almost any application? Passwords? Financial info? Profile data that will gain them access to other applications a user has joined? Let me be clear here. This is not judgement for or against the aforementioned motivations because that is not the goal of this post. I simply want to know what motivates a hacker regardless of our individual judgement. What are some heuristics followed to accomplish hacker goals? Ultimately specific processes would be great to know; however, in order to think like a hacker, I would really value your comments on the broader heuristics followed. For example: "A hacker always looks first for the low-hanging fruit such as http spoofing" or "In the absence of a CAPTCHA or other deterrent, a hacker will likely run a cracking script against a login prompt and then go from there." Possibly, "A hacker will try and attack a site via Foo (browser) first as it is known for Bar vulnerability. What are the most common hacks employed when following the common heuristics? Specifics here. Http spoofing, password cracking, SQL injection, etc. Disclaimer I am not a hacker, nor am I judging hackers (Heck--I even respect their ingenuity). I simply want to learn how I might think like a hacker so that I may begin to anticipate vulnerabilities before .NET or Java hands me a way to defend against them after the fact.

    Read the article

  • In a SSL web application, what would be the vulnerabilities of using session based authentication?

    - by Thomas C. G. de Vilhena
    I'm not sure the term even exists, so let me explain what I mean by "session based authentication" through some pseudo-code: void PerformLogin(string userName, string password) { if(AreValidCredentials(userName, password)) { Session.Set("IsAuthenticated", true); } else { Message.Show("Invalid credentials!"); } } So the above method simply verifies the provided credentials are valid and then sets a session flag to indicate that the session user is authenticated. Under plain HTTP that is obviously unsafe, because anyone could hijack the session cookie/querystring and breach security. However, under HTTPS the session cookie/querystring is protected because client-server communication is encrypted, so I believe this authentication approach would be safe, wouldn't it? I'm asking this because I want to know how authentication tickets can improve web applications security. Thanks in advance!

    Read the article

  • what are the vulnerabilities installing openvpn client on a customer's unattended server?

    - by senorsmile
    We run Pfsense as our primary firewall. We also have OpenVPN server running on that box to allow us to remotely connect to our network. My question is: if we have a customer's mostly unattended server that we want to access remotely, what security vulnerabilities are there to installing openvpn on the customer's server as a client connecting to our network. Presumably, we would want to limit/restrict that server's access to the rest of our network. How do we lock openvpn down and are there ways to detect abnormal activity coming from an openvpn client?

    Read the article

  • Java update

    - by JuergenKress
    Oracle has just released Security Alert CVE-2012-4681 to address 3 distinct but related vulnerabilities and one security-in-depth issue affecting Java running in desktop browsers.  These vulnerabilities are: CVE-2012-4681, CVE-2012-1682, CVE-2012-3136, and CVE-2012-0547.  These vulnerabilities are not applicable to standalone Java desktop applications or Java running on servers, i.e. these vulnerabilities do not affect any Oracle server based software." (Read more at https://blogs.oracle.com/security/entry/security_alert_for_cve_20121) Updates are available at http://www.oracle.com/technetwork/java/javase/overview/index.html or Check your Java version online: http://www.java.com/de/download/testjava.jsp WebLogic Partner Community For regular information become a member in the WebLogic Partner Community please visit: http://www.oracle.com/partners/goto/wls-emea ( OPN account required). If you need support with your account please contact the Oracle Partner Business Center. Blog Twitter LinkedIn Mix Forum Wiki Technorati Tags: Java,Java Security,Java update,WebLogic,WebLogic Community,Oracle,OPN,Jürgen Kress

    Read the article

  • No Need to Disable Java, Update Instead

    - by Tori Wieldt
    Oracle has just released Security Alert CVE-2012-4681 to address 3 distinct but related vulnerabilities and one security-in-depth issue affecting Java running in desktop browsers.  These vulnerabilities are: CVE-2012-4681, CVE-2012-1682, CVE-2012-3136, and CVE-2012-0547.  These vulnerabilities are not applicable to standalone Java desktop applications or Java running on servers, i.e. these vulnerabilities do not affect any Oracle server based software. Due to the severity of these vulnerabilities, the public disclosure of technical details and the reported exploitation of CVE-2012-4681 "in the wild," Oracle strongly recommends that customers apply the updates provided by this Security Alert as soon as possible.  Developers should download the latest release at http://www.oracle.com/technetwork/java/javase/downloads/index.html   Java users should download the latest release of JRE at http://java.com Windows users can take advantage of the Java Automatic Update to get the latest release JUG leader John Yeary tweeted "I want to take a moment to THANK #Oracle for doing the right thing. Too often people don't say thanks enough when they get it right." Thanks for your thanks.  For More Information Oracle Security Alert for CVE-2012-4681 Change to Java SE 7 and Java SE 6 Update Release Numbers

    Read the article

  • Are there any security vulnerabilities in this PHP code?

    - by skorned
    Hi. I just got a site to manage, but am not too sure about the code the previous guy wrote. I'm pasting the login procedure below, could you have a look and tell me if there are any security vulnerabilities? At first glance, it seems like one could get in through SQL injection or manipulating cookies and the ?m= parameter. define ( 'CURRENT_TIME', time ()); / / Current time. define ( 'ONLINE_TIME_MIN', (CURRENT_TIME - BOTNET_TIMEOUT)); / / Minimum time for the status of "Online". define ( 'DEFAULT_LANGUAGE', 'en'); / / Default language. define ( 'THEME_PATH', 'theme'); / / folder for the theme. / / HTTP requests. define ( 'QUERY_SCRIPT', basename ($ _SERVER [ 'PHP_SELF'])); define ( 'QUERY_SCRIPT_HTML', QUERY_SCRIPT); define ( 'QUERY_VAR_MODULE', 'm'); / / variable contains the current module. define ( 'QUERY_STRING_BLANK', QUERY_SCRIPT. '? m ='); / / An empty query string. define ( 'QUERY_STRING_BLANK_HTML', QUERY_SCRIPT_HTML. '? m ='); / / Empty query string in HTML. define ( 'CP_HTTP_ROOT', str_replace ( '\ \', '/', (! empty ($ _SERVER [ 'SCRIPT_NAME'])? dirname ($ _SERVER [ 'SCRIPT_NAME']):'/'))); / / root of CP. / / The session cookie. define ( 'COOKIE_USER', 'p'); / / Username in the cookies. define ( 'COOKIE_PASS', 'u'); / / user password in the cookies. define ( 'COOKIE_LIVETIME', CURRENT_TIME + 2592000) / / Lifetime cookies. define ( 'COOKIE_SESSION', 'ref'); / / variable to store the session. define ( 'SESSION_LIVETIME', CURRENT_TIME + 1300) / / Lifetime of the session. ////////////////////////////////////////////////// ///////////////////////////// / / Initialize. ////////////////////////////////////////////////// ///////////////////////////// / / Connect to the database. if (! ConnectToDB ()) die (mysql_error_ex ()); / / Connecting topic. require_once (THEME_PATH. '/ index.php'); / / Manage login. if (! empty ($ _GET [QUERY_VAR_MODULE])) ( / / Login form. if (strcmp ($ _GET [QUERY_VAR_MODULE], 'login') === 0) ( UnlockSessionAndDestroyAllCokies (); if (isset ($ _POST [ 'user']) & & isset ($ _POST [ 'pass'])) ( $ user = $ _POST [ 'user']; $ pass = md5 ($ _POST [ 'pass']); / / Check login. if (@ mysql_query ( "SELECT id FROM cp_users WHERE name = '". addslashes ($ user). "' AND pass = '". addslashes ($ pass). "' AND flag_enabled = '1 'LIMIT 1") & & @ mysql_affected_rows () == 1) ( if (isset ($ _POST [ 'remember']) & & $ _POST [ 'remember'] == 1) ( setcookie (COOKIE_USER, md5 ($ user), COOKIE_LIVETIME, CP_HTTP_ROOT); setcookie (COOKIE_PASS, $ pass, COOKIE_LIVETIME, CP_HTTP_ROOT); ) LockSession (); $ _SESSION [ 'Name'] = $ user; $ _SESSION [ 'Pass'] = $ pass; / / UnlockSession (); header ( 'Location:'. QUERY_STRING_BLANK. 'home'); ) else ShowLoginForm (true); die (); ) ShowLoginForm (false); die (); ) / / Output if (strcmp ($ _GET [ 'm'], 'logout') === 0) ( UnlockSessionAndDestroyAllCokies (); header ( 'Location:'. QUERY_STRING_BLANK. 'login'); die (); ) ) ////////////////////////////////////////////////// ///////////////////////////// / / Check the login data. ////////////////////////////////////////////////// ///////////////////////////// $ logined = 0, / / flag means, we zalogininy. / / Log in session. LockSession (); if (! empty ($ _SESSION [ 'name']) & &! empty ($ _SESSION [ 'pass'])) ( if (($ r = @ mysql_query ( "SELECT * FROM cp_users WHERE name = '". addslashes ($ _SESSION [' name'])."' AND pass = ' ". addslashes ($ _SESSION [' pass']). " 'AND flag_enabled = '1' LIMIT 1 ")))$ logined = @ mysql_affected_rows (); ) / / Login through cookies. if ($ logined! == 1 & &! empty ($ _COOKIE [COOKIE_USER]) & &! empty ($ _COOKIE [COOKIE_PASS])) ( if (($ r = @ mysql_query ( "SELECT * FROM cp_users WHERE MD5 (name )='". addslashes ($ _COOKIE [COOKIE_USER ])."' AND pass = '". addslashes ($ _COOKIE [COOKIE_PASS]). " 'AND flag_enabled = '1' LIMIT 1 ")))$ logined = @ mysql_affected_rows (); ) / / Unable to login. if ($ logined! == 1) ( UnlockSessionAndDestroyAllCokies (); header ( 'Location:'. QUERY_STRING_BLANK. 'login'); die (); ) / / Get the user data. $ _USER_DATA = @ Mysql_fetch_assoc ($ r); if ($ _USER_DATA === false) die (mysql_error_ex ()); $ _SESSION [ 'Name'] = $ _USER_DATA [ 'name']; $ _SESSION [ 'Pass'] = $ _USER_DATA [ 'pass']; / / Connecting language. if (@ strlen ($ _USER_DATA [ 'language'])! = 2 | |! SafePath ($ _USER_DATA [ 'language']) | |! file_exists ( 'system / lng .'.$_ USER_DATA [' language '].' . php'))$_ USER_DATA [ 'language'] = DEFAULT_LANGUAGE; require_once ( 'system / lng .'.$_ USER_DATA [' language'].'. php '); UnlockSession ();

    Read the article

  • How Can I Find Out *HOW* My Site Was Hacked? How Do I Find Site Vulnerabilities?

    - by Imageree
    One of my custom developed ASP.NET sites was hacked today: "Hacked By Swan (Please Stop Wars !.. )" It is using ASP.NET and SQL Server 2005 and IIS 6.0 and Windows 2003 server. I am not using Ajax and I think I am using stored procedures everywhere I am connecting to the database so I dont think it is SQL injection. I have now removed the write permission on the folders. How can I find out what they did to hack the site and what to do to prevent it from happening again? The server is up to date with all Windows updates. What they have done is uploading 6 files (index.asp, index.html, index.htm,...) to the main directory for the website. What log files should I upload? I have log files for IIS from this folder: c:\winnt\system32\LogFiles\W3SVC1. I am willing to show it to some of you but don't think it is good to post on the Internet. Anyone willing to take a look at it? I have already searched on Google but the only thing I find there are other sites that have been hacked - I haven't been able to see any discussion about it. I know this is not strictly related to programming but this is still an important thing for programmers and a lot of programmers have been hacked like this.

    Read the article

  • June 2012 Critical Patch Update for Java SE Released

    - by Eric P. Maurice
    Hi, this is Eric Maurice. Oracle just released the June 2012 Critical Patch Update for Java SE.  This Critical Patch Update provides 14 new security fixes across Java SE products.  As discussed in previous blog entries, Critical Patch Updates for Java SE will, for the foreseeable future, continue to be released on a separate schedule than that of other Oracle products due to previous commitments made to Java customers.  12 of the 14 Java SE vulnerabilities fixed in this Critical Patch Update may be remotely exploitable without authentication.  6 of these vulnerabilities have a CVSS Base Score of 10.0.  In accordance with Oracle’s policies, these CVSS 10 scores represent instances where a user running a Java applet or Java Web Start application has administrator privileges (as is typical on Windows XP).  When the user does not run with administrator privileges (typical on the Solaris and Linux operating systems), the corresponding CVSS impact scores for Confidentiality, Integrity, and Availability for these vulnerabilities would be "Partial" instead of "Complete", thus lowering these CVSS Base Scores to 7.5. Due to the high severity of these vulnerabilities, Oracle recommends that customers obtain and apply these security fixes as soon as possible: Developers should download the latest release at http://www.oracle.com/technetwork/java/javase/downloads/index.html    Java users should download the latest release of JRE at http://java.com, and of course  Windows users can take advantage of the Java Automatic Update to get the latest release. In addition, Oracle recommends removing old an unused versions  of Java as the latest version is always the recommended version as it contains the most recent enhancements, and bug and security fixes.  For more information: •Instructions on removing older (and less secure) versions of Java can be found at http://java.com/en/download/faq/remove_olderversions.xml  •Users can verify that they’re running the most recent version of Java by visiting: http://java.com/en/download/installed.jsp   •The Advisory for the June 2012 Critical Patch Update for Java SE is located at http://www.oracle.com/technetwork/topics/security/javacpujun2012-1515912.html

    Read the article

  • Security concerns for a multi-language site.

    - by The Rook
    I am converting a PHP MySQL web application written for English language into a Multi-Language site. Do you know any vulnerabilities that affect web applications in another language? Or perhaps vulnerabilities that could be introduced in the conversion of code base to support multiple languages. (If you know any vulnerabilities of this type in another language I'll give you a +1)

    Read the article

  • Security concerns for a multi-lingual web application.

    - by The Rook
    I am converting a PHP MySQL web application written for English language into a Multi-Language site. Do you know any vulnerabilities that affect web applications in another language? Or perhaps vulnerabilities that could be introduced in the conversion of code base to support multiple languages. (If you know any vulnerabilities of this type in another programming language I'll give you a +1)

    Read the article

  • CVE-2014-3520 Privilege Escalation vulnerability in OpenStack Keystone

    - by Ritwik Ghoshal
    CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2014-3520 Privilege Escalation vulnerability 3.5 OpenStack Identity (Keystone) Solaris 11.2 11.2.1.5.0 This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

    Read the article

  • CVE-2011-2896 Buffer overflow vulnerability in GIMP

    - by chandan
    CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2011-2896 Buffer Overflow vulnerability 5.1 GIMP Image Editor Solaris 10 SPARC: 147988-01 X86: 147989-01 Solaris 11 Express snv_151a + 7079990 This notification describes vulnerabilities fixed in third-party components that are included in Sun's product distribution.Information about vulnerabilities affecting Oracle Sun products can be found on Oracle Critical Patch Updates and Security Alerts page.

    Read the article

  • CVE-2011-3192 and CVE-2011-0419 affect Oracle Secure Global Desktop

    - by chandan
    CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2011-0419 Resource Management Errors vulnerability 4.3 Apache HTTP Server Oracle Secure Global Desktop 4.62 CVE-2011-3192 Resource Management Errors vulnerability 7.8 This notification describes vulnerabilities fixed in third-party components that are included in Sun's product distribution.Information about vulnerabilities affecting Oracle Sun products can be found on Oracle Critical Patch Updates and Security Alerts page.

    Read the article

  • CVE-2010-1634 Integer Overflow vulnerability in Python

    - by chandan
    CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2010-1634 Integer Overflow vulnerability 5.0 Python Solaris 10 SPARC: 143506-03 X86: 143507-03 Solaris 11 Contact Support This notification describes vulnerabilities fixed in third-party components that are included in Sun's product distribution.Information about vulnerabilities affecting Oracle Sun products can be found on Oracle Critical Patch Updates and Security Alerts page.

    Read the article

  • CVE-2004-1010 Buffer Overflow vulnerability in Zip utility

    - by chandan
    CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2004-1010 Buffer Overflow vulnerability 10.0 Zip Solaris 10 SPARC: 147378-01 X86: 147379-01 Solaris 9 Contact Support This notification describes vulnerabilities fixed in third-party components that are included in Sun's product distribution.Information about vulnerabilities affecting Oracle Sun products can be found on Oracle Critical Patch Updates and Security Alerts page.

    Read the article

  • CVE-2011-2895 Buffer Overflow vulnerability in X.Org

    - by chandan
    CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2011-2895 Buffer Overflow vulnerability 9.3 X.Org Solaris 10 SPARC: 125719-41 119059-60 X86: 119060-59 125720-51 Solaris 9 Contact Support Solaris 8 Contact Support This notification describes vulnerabilities fixed in third-party components that are included in Sun's product distribution.Information about vulnerabilities affecting Oracle Sun products can be found on Oracle Critical Patch Updates and Security Alerts page.

    Read the article

  • CVE-2011-4313 Denial of Service Vulnerability in BIND Domain Name Server

    - by chandan
    CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2011-4313 Denial of Service vulnerability 5 BIND DNS software Solaris 11 Contact support Solaris 10 SPARC: IDR148282-01 X86: IDR148283-01 Solaris 8 SPARC: IDR148278-01 X86: IDR148279-01 Solaris 9 SPARC: IDR148280-01 X86: IDR148281-01 This notification describes vulnerabilities fixed in third-party components that are included in Sun's product distribution.Information about vulnerabilities affecting Oracle Sun products can be found on Oracle Critical Patch Updates and Security Alerts page.

    Read the article

  • CVE-2014-0591 Buffer Errors vulnerability in Bind

    - by Ritwik Ghoshal
    CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2014-0591 Buffer Errors vulnerability 2.6 Bind Solaris 10 SPARC: 119783-28 X86: 119784-28 Solaris 11.1 11.1.16.5.0 Solaris 9 SPARC: 112837-30 X86: 114265-29 Please Note: The patches mentioned above will upgrade Bind to 9.6-ESV-R10-P2. This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

    Read the article

< Previous Page | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >