Search Results

Search found 354 results on 15 pages for 'vulnerability'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 1/15 | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >

  • Display particular data into a file

    - by Avinash K G
    I'm new to Ubuntu and have been using it for a couple of weeks now. Recently I encountered a problem where in I had to display a particular data on to a file. Here is the output displayed on the terminal. Potential vulnerability found (CVE-2009-4028) CVSS Score is 6.8 Full vulnerability match (incl. edition/language) File "/usr/sbin/mysqld" (CPE = cpe:/a:mysql:mysql:5.1:::) on host glynis-desktop (key glynis-desktop) Potential vulnerability found (CVE-2009-4030) CVSS Score is 4.4 Full vulnerability match (incl. edition/language) File "/usr/sbin/mysqld" (CPE = cpe:/a:mysql:mysql:5.1:::) on host glynis-desktop (key glynis-desktop) Potential vulnerability found (CVE-2009-5026) CVSS Score is 6.8 Full vulnerability match (incl. edition/language) File "/usr/sbin/mysqld" (CPE = cpe:/a:mysql:mysql:5.1:::) on host glynis-desktop (key glynis-desktop) Potential vulnerability found (CVE-2012-0075) CVSS Score is 1.7 Full vulnerability match (incl. edition/language) File "/usr/sbin/mysqld" (CPE = cpe:/a:mysql:mysql:5.1:::) on host glynis-desktop (key glynis-desktop) Potential vulnerability found (CVE-2012-0087) CVSS Score is 4.0 Full vulnerability match (incl. edition/language) File "/usr/sbin/mysqld" (CPE = cpe:/a:mysql:mysql:5.1:::) on host glynis-desktop (key glynis-desktop) Potential vulnerability found (CVE-2012-0101) CVSS Score is 4.0 Full vulnerability match (incl. edition/language) File "/usr/sbin/mysqld" (CPE = cpe:/a:mysql:mysql:5.1:::) on host glynis-desktop (key glynis-desktop) Potential vulnerability found (CVE-2012-0102) CVSS Score is 4.0 Full vulnerability match (incl. edition/language) File "/usr/sbin/mysqld" (CPE = cpe:/a:mysql:mysql:5.1:::) on host glynis-desktop (key glynis-desktop) Potential vulnerability found (CVE-2012-0112) CVSS Score is 3.5 Full vulnerability match (incl. edition/language) File "/usr/sbin/mysqld" (CPE = cpe:/a:mysql:mysql:5.1:::) on host glynis-desktop (key glynis-desktop) Potential vulnerability found (CVE-2012-0113) CVSS Score is 5.5 Full vulnerability match (incl. edition/language) File "/usr/sbin/mysqld" (CPE = cpe:/a:mysql:mysql:5.1:::) on host glynis-desktop (key glynis-desktop) Potential vulnerability found (CVE-2012-0114) CVSS Score is 3.0 Full vulnerability match (incl. edition/language) File "/usr/sbin/mysqld" (CPE = cpe:/a:mysql:mysql:5.1:::) on host glynis-desktop (key glynis-desktop) Potential vulnerability found (CVE-2012-0115) CVSS Score is 4.0 Full vulnerability match (incl. edition/language) File "/usr/sbin/mysqld" (CPE = cpe:/a:mysql:mysql:5.1:::) on host glynis-desktop (key glynis-desktop) Potential vulnerability found (CVE-2012-0116) CVSS Score is 4.9 Full vulnerability match (incl. edition/language) File "/usr/sbin/mysqld" (CPE = cpe:/a:mysql:mysql:5.1:::) on host glynis-desktop (key glynis-desktop) Potential vulnerability found (CVE-2012-0118) CVSS Score is 4.9 Full vulnerability match (incl. edition/language) File "/usr/sbin/mysqld" (CPE = cpe:/a:mysql:mysql:5.1:::) on host glynis-desktop (key glynis-desktop) Potential vulnerability found (CVE-2012-0119) CVSS Score is 4.0 Full vulnerability match (incl. edition/language) File "/usr/sbin/mysqld" (CPE = cpe:/a:mysql:mysql:5.1:::) on host glynis-desktop (key glynis-desktop) Potential vulnerability found (CVE-2012-0120) CVSS Score is 4.0 Full vulnerability match (incl. edition/language) File "/usr/sbin/mysqld" (CPE = cpe:/a:mysql:mysql:5.1:::) on host glynis-desktop (key glynis-desktop) Potential vulnerability found (CVE-2012-0484) CVSS Score is 4.0 Full vulnerability match (incl. edition/language) File "/usr/sbin/mysqld" (CPE = cpe:/a:mysql:mysql:5.1:::) on host glynis-desktop (key glynis-desktop) Potential vulnerability found (CVE-2012-0485) CVSS Score is 4.0 Full vulnerability match (incl. edition/language) File "/usr/sbin/mysqld" (CPE = cpe:/a:mysql:mysql:5.1:::) on host glynis-desktop (key glynis-desktop) Potential vulnerability found (CVE-2012-0490) CVSS Score is 4.0 Full vulnerability match (incl. edition/language) File "/usr/sbin/mysqld" (CPE = cpe:/a:mysql:mysql:5.1:::) on host glynis-desktop (key glynis-desktop) Potential vulnerability found (CVE-2012-0492) CVSS Score is 2.1 Full vulnerability match (incl. edition/language) File "/usr/sbin/mysqld" (CPE = cpe:/a:mysql:mysql:5.1:::) on host glynis-desktop (key glynis-desktop) Potential vulnerability found (CVE-2012-0540) CVSS Score is 4.0 Full vulnerability match (incl. edition/language) File "/usr/sbin/mysqld" (CPE = cpe:/a:mysql:mysql:5.1:::) on host glynis-desktop (key glynis-desktop) Potential vulnerability found (CVE-2012-0553) CVSS Score is 7.5 Full vulnerability match (incl. edition/language) File "/usr/sbin/mysqld" (CPE = cpe:/a:mysql:mysql:5.1:::) on host glynis-desktop (key glynis-desktop) Potential vulnerability found (CVE-2012-0574) CVSS Score is 4.0 Full vulnerability match (incl. edition/language) File "/usr/sbin/mysqld" (CPE = cpe:/a:mysql:mysql:5.1:::) on host glynis-desktop (key glynis-desktop) Potential vulnerability found (CVE-2012-0583) CVSS Score is 4.0 Full vulnerability match (incl. edition/language) File "/usr/sbin/mysqld" (CPE = cpe:/a:mysql:mysql:5.1:::) on host glynis-desktop (key glynis-desktop) Potential vulnerability found (CVE-2013-1492) CVSS Score is 7.5 Full vulnerability match (incl. edition/language) File "/usr/sbin/mysqld" (CPE = cpe:/a:mysql:mysql:5.1:::) on host glynis-desktop (key glynis-desktop) Potential vulnerability found (CVE-2013-1506) CVSS Score is 2.8 Full vulnerability match (incl. edition/language) File "/usr/sbin/mysqld" (CPE = cpe:/a:mysql:mysql:5.1:::) on host glynis-desktop (key glynis-desktop) Potential vulnerability found (CVE-2013-1521) CVSS Score is 6.5 Full vulnerability match (incl. edition/language) File "/usr/sbin/mysqld" (CPE = cpe:/a:mysql:mysql:5.1:::) on host glynis-desktop (key glynis-desktop) I intend to display the Potential vulnerability found field and the corresponding score alone. There seems to be about 9995 entries and I would like to display all of them. I have been using this command as of now awk '/CVSS Score is/ < /Potential vulnerability found/' output.txt but this seems to display only the name of the vulnerability or the score. How do I display this in file(text,excel) such that all the vulnerability and the corresponding score willbe displayed. Any help would be appreciated Thank you.

    Read the article

  • Multiple vulnerabilities in Oracle Java Web Console

    - by RitwikGhoshal
    CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2007-5333 Information Exposure vulnerability 5.0 Apache Tomcat Solaris 10 SPARC: 147673-04 X86: 147674-04 CVE-2007-5342 Permissions, Privileges, and Access Controls vulnerability 6.4 CVE-2007-6286 Request handling vulnerability 4.3 CVE-2008-0002 Information disclosure vulnerability 5.8 CVE-2008-1232 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability 4.3 CVE-2008-1947 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability 4.3 CVE-2008-2370 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability 5.0 CVE-2008-2938 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability 4.3 CVE-2008-5515 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability 5.0 CVE-2009-0033 Improper Input Validation vulnerability 5.0 CVE-2009-0580 Information Exposure vulnerability 4.3 CVE-2009-0781 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability 4.3 CVE-2009-0783 Information Exposure vulnerability 4.6 CVE-2009-2693 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability 5.8 CVE-2009-2901 Permissions, Privileges, and Access Controls vulnerability 4.3 CVE-2009-2902 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability 4.3 CVE-2009-3548 Credentials Management vulnerability 7.5 CVE-2010-1157 Information Exposure vulnerability 2.6 CVE-2010-2227 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 6.4 CVE-2010-3718 Directory traversal vulnerability 1.2 CVE-2010-4172 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability 4.3 CVE-2010-4312 Configuration vulnerability 6.4 CVE-2011-0013 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability 4.3 CVE-2011-0534 Resource Management Errors vulnerability 5.0 CVE-2011-1184 Permissions, Privileges, and Access Controls vulnerability 5.0 CVE-2011-2204 Information Exposure vulnerability 1.9 CVE-2011-2526 Improper Input Validation vulnerability 4.4 CVE-2011-3190 Permissions, Privileges, and Access Controls vulnerability 7.5 CVE-2011-4858 Resource Management Errors vulnerability 5.0 CVE-2011-5062 Permissions, Privileges, and Access Controls vulnerability 5.0 CVE-2011-5063 Improper Authentication vulnerability 4.3 CVE-2011-5064 Cryptographic Issues vulnerability 4.3 CVE-2012-0022 Numeric Errors vulnerability 5.0 This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

    Read the article

  • Multiple vulnerabilities in Firefox

    - by RitwikGhoshal
    CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2012-1960 Information Exposure vulnerability 5.0 Firefox Solaris 10 SPARC: 145080-12 X86: 145081-11 CVE-2012-1970 Denial of Service (DoS) vulnerability 10.0 CVE-2012-1971 Denial of Service (DoS) vulnerability 9.3 CVE-2012-1972 Resource Management Errors vulnerability 10.0 CVE-2012-1973 Resource Management Errors vulnerability 10.0 CVE-2012-1974 Resource Management Errors vulnerability 10.0 CVE-2012-1975 Resource Management Errors vulnerability 10.0 CVE-2012-1976 Resource Management Errors vulnerability 10.0 CVE-2012-3956 Resource Management Errors vulnerability 10.0 CVE-2012-3957 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 10.0 CVE-2012-3958 Resource Management Errors vulnerability 10.0 CVE-2012-3959 Resource Management Errors vulnerability 10.0 CVE-2012-3960 Resource Management Errors vulnerability 10.0 CVE-2012-3961 Resource Management Errors vulnerability 10.0 CVE-2012-3962 Arbitrary code execution vulnerability 9.3 CVE-2012-3963 Resource Management Errors vulnerability 10.0 CVE-2012-3964 Resource Management Errors vulnerability 10.0 CVE-2012-3966 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 10.0 CVE-2012-3967 Arbitrary code execution vulnerability 6.8 CVE-2012-3968 Resource Management Errors vulnerability 10.0 CVE-2012-3969 Numeric Errors vulnerability 9.3 CVE-2012-3970 Resource Management Errors vulnerability 10.0 CVE-2012-3972 Information Exposure vulnerability 5.0 CVE-2012-3974 Resource Management Errors vulnerability 6.9 CVE-2012-3976 Denial of Service (DoS) vulnerability 5.8 CVE-2012-3978 Permissions, Privileges, and Access Controls vulnerability 6.8 CVE-2012-3980 Improper Control of Generation of Code ('Code Injection') vulnerability 9.3 This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

    Read the article

  • Multiple vulnerabilities in Thunderbird

    - by RitwikGhoshal
    CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2012-1948 Denial of service (DoS) vulnerability 9.3 Thunderbird Solaris 10 SPARC: 145200-12 X86: 145201-12 CVE-2012-1950 Address spoofing vulnerability 6.4 CVE-2012-1951 Resource Management Errors vulnerability 10.0 CVE-2012-1952 Resource Management Errors vulnerability 9.3 CVE-2012-1953 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 9.3 CVE-2012-1954 Resource Management Errors vulnerability 10.0 CVE-2012-1955 Address spoofing vulnerability 6.8 CVE-2012-1957 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability 4.3 CVE-2012-1958 Resource Management Errors vulnerability 9.3 CVE-2012-1959 Permissions, Privileges, and Access Controls vulnerability 5.0 CVE-2012-1961 Improper Input Validation vulnerability 4.3 CVE-2012-1962 Resource Management Errors vulnerability 10.0 CVE-2012-1963 Permissions, Privileges, and Access Controls vulnerability 4.3 CVE-2012-1964 Clickjacking vulnerability 4.0 CVE-2012-1965 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability 4.3 CVE-2012-1966 Permissions, Privileges, and Access Controls vulnerability 4.3 CVE-2012-1967 Arbitrary code execution vulnerability 10.0 CVE-2012-1970 Denial of service (DoS) vulnerability 10.0 CVE-2012-1973 Resource Management Errors vulnerability 10.0 CVE-2012-3966 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 10.0 This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

    Read the article

  • Multiple vulnerabilities in Firefox

    - by Ritwik Ghoshal
    CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2012-3982 Denial of service (DoS) vulnerability 10.0 Firefox Solaris 10 SPARC: 145080-13 X86: 145081-12 CVE-2012-3983 Denial of service (DoS) vulnerability 10.0 CVE-2012-3986 Permissions, Privileges, and Access Controls vulnerability 6.4 CVE-2012-3988 Resource Management Errors vulnerability 9.3 CVE-2012-3990 Resource Management Errors vulnerability 10.0 CVE-2012-3991 Permissions, Privileges, and Access Controls vulnerability 9.3 CVE-2012-3992 Permissions, Privileges, and Access Controls vulnerability 5.8 CVE-2012-3993 Design Error vulnerability 9.3 CVE-2012-3994 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability 4.3 CVE-2012-3995 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 10.0 CVE-2012-4179 Resource Management Errors vulnerability 10.0 CVE-2012-4180 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 10.0 CVE-2012-4181 Resource Management Errors vulnerability 10.0 CVE-2012-4182 Resource Management Errors vulnerability 10.0 CVE-2012-4183 Resource Management Errors vulnerability 10.0 CVE-2012-4184 Permissions, Privileges, and Access Controls vulnerability 9.3 CVE-2012-4185 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 10.0 CVE-2012-4186 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 10.0 CVE-2012-4187 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 10.0 CVE-2012-4188 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 10.0 CVE-2012-4192 Permissions, Privileges, and Access Controls vulnerability 4.3 CVE-2012-4193 Design Error vulnerability 9.3 CVE-2012-4194 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability 4.3 CVE-2012-4195 Permissions, Privileges, and Access Controls vulnerability 5.1 CVE-2012-4196 Permissions, Privileges, and Access Controls vulnerability 5.0 This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page. Note: Solaris 10 patches SPARC: 145080-13 X86: 145081-12 contain the fix for all CVEs between Firefox version 10.0.7 and 10.0.12.

    Read the article

  • Multiple vulnerabilities in Mozilla Firefox

    - by chandan
    CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2011-2372 Permissions, Privileges, and Access Controls vulnerability 3.5 Firefox web browser Solaris 11 11/11 SRU 3 Solaris 10 Contact Support CVE-2011-2995 Denial of Service (DoS) vulnerability 10.0 CVE-2011-2997 Denial of Service (DoS) vulnerability 10.0 CVE-2011-3000 Improper Control of Generation of Code ('Code Injection') vulnerability 4.3 CVE-2011-3001 Permissions, Privileges, and Access Controls vulnerability 4.3 CVE-2011-3002 Denial of Service (DoS) vulnerability 9.3 CVE-2011-3003 Denial of Service (DoS) vulnerability 10.0 CVE-2011-3004 Improper Input Validation vulnerability 4.3 CVE-2011-3005 Denial of Service (DoS) vulnerability 9.3 CVE-2011-3232 Improper Control of Generation of Code ('Code Injection') vulnerability 9.3 CVE-2011-3648 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability 4.3 CVE-2011-3650 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 9.3 CVE-2011-3651 Denial of Service (DoS) vulnerability 10.0 CVE-2011-3652 Denial of Service (DoS) vulnerability 10.0 CVE-2011-3654 Denial of Service (DoS) vulnerability 10.0 CVE-2011-3655 Improper Control of Generation of Code ('Code Injection') vulnerability 9.3 This notification describes vulnerabilities fixed in third-party components that are included in Sun's product distribution.Information about vulnerabilities affecting Oracle Sun products can be found on Oracle Critical Patch Updates and Security Alerts page.

    Read the article

  • Finding Webserver Vulnerability

    - by Brent
    We operate a webserver farm hosting around 300 websites. Yesterday morning a script placed .htaccess files owned by www-data (the apache user) in every directory under the document_root of most (but not all) sites. The content of the .htaccess file was this: RewriteEngine On RewriteCond %{HTTP_REFERER} ^http:// RewriteCond %{HTTP_REFERER} !%{HTTP_HOST} RewriteRule . http://84f6a4eef61784b33e4acbd32c8fdd72.com/%{REMOTE_ADDR} Googling for that url (which is the md5 hash of "antivirus") I discovered that this same thing happened all over the internet, and am looking for somebody who has already dealt with this, and determined where the vulnerability is. I have searched most of our logs, but haven't found anything conclusive yet. Are there others who experienced the same thing that have gotten further than I have in pinpointing the hole? So far we have determined: the changes were made as www-data, so apache or it's plugins are likely the culprit all the changes were made within 15 minutes of each other, so it was probably automated since our websites have widely varying domain names, I think a single vulnerability on one site was responsible (rather than a common vulnerability on every site) if an .htaccess file already existed and was writeable by www-data, then the script was kind, and simply appended the above lines to the end of the file (making it easy to reverse) Any more hints would be appreciated.

    Read the article

  • Multiple Denial of Service (DoS) vulnerabilities in FreeType

    - by chandan
    CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2012-1126 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 10.0 FreeType Font Engine Solaris 11 Contact Support Solaris 10 SPARC: 119812-16 X86: 119813-18 Solaris 9 Contact Support CVE-2012-1127 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 9.3 CVE-2012-1128 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 9.3 CVE-2012-1129 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 9.3 CVE-2012-1130 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 9.3 CVE-2012-1131 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 9.3 CVE-2012-1132 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 9.3 CVE-2012-1133 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 9.3 CVE-2012-1134 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 9.3 CVE-2012-1135 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 9.3 CVE-2012-1136 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 9.3 CVE-2012-1137 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 9.3 CVE-2012-1138 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 9.3 CVE-2012-1139 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 9.3 CVE-2012-1140 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 9.3 CVE-2012-1141 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 9.3 CVE-2012-1142 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 9.3 CVE-2012-1143 Numeric Errors vulnerability 4.3 CVE-2012-1144 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 9.3 This notification describes vulnerabilities fixed in third-party components that are included in Sun's product distribution.Information about vulnerabilities affecting Oracle Sun products can be found on Oracle Critical Patch Updates and Security Alerts page.

    Read the article

  • Reporting SQL Vulnerability [migrated]

    - by Ciaran87Bel
    My first post here so i'll hopefully keep it simple. I have just finished building a CMS targeted at a certain industry and built a test site to see how everything works. Anyway I wrote a program to check for sql injection vulnerabilities and the program followed a blog link to an external website. The program discovered that the external site had a massive vulnerability that left it open to practically anyone who could then access every bit of data on their MYSQL Server and run queries etc. The thing is this external site is the brand leader in their industry and do millions upon millions of sales per annum. I have tried contacting them to let them know and even went as far as contacting the company that built their platform but I was pretty much brushed off and haven't heard back from them. Their database would contain the details of hundreds of thousands of customers and all their data. I could easily make myself site admin etc in a few seconds but they won't listen to me even though I have offered to share the vulnerability with them and help in anyway I can. Is there anything else I can do because it is one of the biggest security risks I have ever personally come across. Is there any other steps I should take to report this? Thanks

    Read the article

  • Network and log monitoring and vulnerability scanning

    - by user137799
    I am trying to find out if there is any application or service in UNIX that will - 1. Monitor network interfaces for bandwidth usage 2. When network flaps occur send out a e-mail. 3. When duplicate mac-addresses or loop occurs in network - send out alerts. 4. Do a network vulnerability scan and be able to detect utorrent application on our network. Need to know which linux distribution will be best to support that specific application Thanks

    Read the article

  • Windows Media Player Vulnerability, PCAnywhere Warning

    Windows Media Player Vulnerability Targeted by Drive-by-download Attack Security firm Trend Micro recently released details on malware that has been targeting the MIDI Remote Code Execution Vulnerability found in Microsoft's Windows Media Player. A post on Trend Micro's Malware Blog offered further insight into the malware that has been exploiting the CVE-2012-0003 vulnerability. The malware's authors have been successful in exploiting the vulnerability by tricking unsuspecting victims into opening a specially engineered MIDI file in Windows Media Player. This Web-based drive-by-download ...

    Read the article

  • Multiple vulnerabilities in Wireshark

    - by RitwikGhoshal
    CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2012-4285 Numeric Errors vulnerability 3.3 Wireshark Solaris 11 11/11 SRU 13.4 CVE-2012-4286 Numeric Errors vulnerability 4.3 CVE-2012-4287 Resource Management Errors vulnerability 5.0 CVE-2012-4288 Numeric Errors vulnerability 3.3 CVE-2012-4289 Resource Management Errors vulnerability 3.3 CVE-2012-4290 Resource Management Errors vulnerability 3.3 CVE-2012-4291 Resource Management Errors vulnerability 3.3 CVE-2012-4292 Improper Input Validation vulnerability 3.3 CVE-2012-4293 Numeric Errors vulnerability 3.3 CVE-2012-4294 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 5.8 CVE-2012-4295 Denial of Service (DoS) vulnerability 3.3 CVE-2012-4296 Resource Management Errors vulnerability 3.3 CVE-2012-4297 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 8.3 CVE-2012-4298 Numeric Errors vulnerability 5.4 This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

    Read the article

  • Multiple vulnerabilities in Oracle Java Web Console

    - by RitwikGhoshal
    CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2011-0534 Resource Management Errors vulnerability 5.0 Apache Tomcat Solaris 10 SPARC: 147673-04 X86: 147674-04 CVE-2011-1184 Permissions, Privileges, and Access Controls vulnerability 5.0 CVE-2011-2204 Information Exposure vulnerability 1.9 CVE-2011-2526 Improper Input Validation vulnerability 4.4 CVE-2011-2729 Permissions, Privileges, and Access Controls vulnerability 5.0 CVE-2011-3190 Permissions, Privileges, and Access Controls vulnerability 7.5 CVE-2011-3375 Information Exposure vulnerability 5.0 CVE-2011-4858 Resource Management Errors vulnerability 5.0 CVE-2011-5062 Permissions, Privileges, and Access Controls vulnerability 5.0 CVE-2011-5063 Improper Authentication vulnerability 4.3 CVE-2011-5064 Cryptographic Issues vulnerability 4.3 CVE-2012-0022 Numeric Errors vulnerability 5.0 This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

    Read the article

  • Multiple vulnerabilities in ImageMagick

    - by chandan
    CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2004-0981 Buffer overflow vulnerability 10.0 ImageMagick Solaris 10 SPARC: 136882-03 X86: 136883-03 CVE-2005-0397 Format string vulnerability 7.5 CVE-2005-0759 Denial of service (DoS) vulnerability 5.0 CVE-2005-0760 Denial of service (DoS) vulnerability 5.0 CVE-2005-0761 Denial of service (DoS) vulnerability 5.0 CVE-2005-0762 Buffer overflow vulnerability 7.5 CVE-2005-1739 Denial of service (DoS) vulnerability 5.0 CVE-2007-4985 Denial of service (DoS) vulnerability 4.3 CVE-2007-4986 Numeric Errors vulnerability 6.8 CVE-2007-4987 Numeric Errors vulnerability 9.3 CVE-2007-4988 Numeric Errors vulnerability 6.8 This notification describes vulnerabilities fixed in third-party components that are included in Sun's product distribution.Information about vulnerabilities affecting Oracle Sun products can be found on Oracle Critical Patch Updates and Security Alerts page.

    Read the article

  • Multiple vulnerabilities in Firefox web browser

    - by chandan
    CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2011-3062 Numeric Errors vulnerability 6.8 Firefox web browser Solaris 11 11/11 SRU 9.5 Solaris 10 SPARC: 145080-11 X86: 145081-10 CVE-2012-0467 Denial of service (DoS) vulnerability 10.0 CVE-2012-0468 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 10.0 CVE-2012-0469 Resource Management Errors vulnerability 10.0 CVE-2012-0470 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 10.0 CVE-2012-0471 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability 4.3 CVE-2012-0473 Numeric Errors vulnerability 5.0 CVE-2012-0474 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability 4.3 CVE-2012-0477 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability 4.3 CVE-2012-0478 Permissions, Privileges, and Access Controls vulnerability 9.3 CVE-2012-0479 Identity spoofing vulnerability 4.3 This notification describes vulnerabilities fixed in third-party components that are included in Sun's product distribution.Information about vulnerabilities affecting Oracle Sun products can be found on Oracle Critical Patch Updates and Security Alerts page.

    Read the article

  • Multiple vulnerabilities in Pidgin

    - by RitwikGhoshal
    CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2010-4528 Improper Input Validation vulnerability 4.0 Pidgin Solaris 10 SPARC: 147992-02 X86: 147993-02 CVE-2011-1091 Denial of service(DOS) vulnerability 4.0 CVE-2011-2943 Denial of service(DOS) vulnerability 4.3 CVE-2011-3184 Resource Management Errors vulnerability 4.3 CVE-2011-3185 Improper Input Validation vulnerability 9.3 CVE-2011-4601 Improper Input Validation vulnerability 5.0 CVE-2011-4602 Improper Input Validation vulnerability 5.0 CVE-2011-4603 Improper Input Validation vulnerability 5.0 CVE-2011-4922 Information Exposure vulnerability 2.1 CVE-2011-4939 Permissions, Privileges, and Access Controls vulnerability 6.4 CVE-2012-1178 Resource Management Errors vulnerability 5.0 This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

    Read the article

  • Security vulnerability and nda's [closed]

    - by Chris
    I want to propose a situation and gain insight from the communities thoughts. A customer, call them Customer X has a contract with a vendor, Vendor Y to provide an application and services. Customer X discovers a serious authentication vulnerability in Vendor Y's software. Vendor Y and Customer X has a discussion. Vendor Y acknowledges/confirms flaw. Vendor Y confirms they will put effort to fix. Customer X requests Vendor Y to inform all customers impacted by this. Vendor agrees. Fast forward 2 months, and the flaw has not been fixed. Patches were applied to mitigate but the flaw still exists. However, no customers were informed of issue. At this point customer X contacts Vendor Y to determine the status and understand why customer's were not informed. The vendor nicely reminds the customer they are under an NDA and are still working on the issue. A few questions/discussion pieces out of this. By discussing a software flaw with a vendor, does this imply you have agreed to any type of NDA disclosure? Additionally, what rights as does Customer X have to inform other customers of this vulnerability if vendor does not appear willing to comply? I (the op) am under the impression that when this situation occurs, you are supposed to notify vendor of issue, provide them with ample time to respond and if no response you are able to do what you wish with the information. I am thinking back to the MIT/subway incident where they contacted transit authorities, transit authorities didn't respond in a timely fashion so the students disclosed the information publicly on their own. Few things to note about this: I am not the customer in above situation, also lets assume for purposes of keeping discussion inline that customer X has no intentions of disclosing information, they are merely concerned and interested in making sure other customers are aware until it is fixed so they do not expierence a major security breach. (More information can be supplied if needed to add context to question. )

    Read the article

  • CVE-2014-3520 Privilege Escalation vulnerability in OpenStack Keystone

    - by Ritwik Ghoshal
    CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2014-3520 Privilege Escalation vulnerability 3.5 OpenStack Identity (Keystone) Solaris 11.2 11.2.1.5.0 This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

    Read the article

  • CVE-2011-2896 Buffer overflow vulnerability in GIMP

    - by chandan
    CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2011-2896 Buffer Overflow vulnerability 5.1 GIMP Image Editor Solaris 10 SPARC: 147988-01 X86: 147989-01 Solaris 11 Express snv_151a + 7079990 This notification describes vulnerabilities fixed in third-party components that are included in Sun's product distribution.Information about vulnerabilities affecting Oracle Sun products can be found on Oracle Critical Patch Updates and Security Alerts page.

    Read the article

  • CVE-2010-1634 Integer Overflow vulnerability in Python

    - by chandan
    CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2010-1634 Integer Overflow vulnerability 5.0 Python Solaris 10 SPARC: 143506-03 X86: 143507-03 Solaris 11 Contact Support This notification describes vulnerabilities fixed in third-party components that are included in Sun's product distribution.Information about vulnerabilities affecting Oracle Sun products can be found on Oracle Critical Patch Updates and Security Alerts page.

    Read the article

  • CVE-2011-2895 Buffer Overflow vulnerability in X.Org

    - by chandan
    CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2011-2895 Buffer Overflow vulnerability 9.3 X.Org Solaris 10 SPARC: 125719-41 119059-60 X86: 119060-59 125720-51 Solaris 9 Contact Support Solaris 8 Contact Support This notification describes vulnerabilities fixed in third-party components that are included in Sun's product distribution.Information about vulnerabilities affecting Oracle Sun products can be found on Oracle Critical Patch Updates and Security Alerts page.

    Read the article

  • CVE-2004-1010 Buffer Overflow vulnerability in Zip utility

    - by chandan
    CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2004-1010 Buffer Overflow vulnerability 10.0 Zip Solaris 10 SPARC: 147378-01 X86: 147379-01 Solaris 9 Contact Support This notification describes vulnerabilities fixed in third-party components that are included in Sun's product distribution.Information about vulnerabilities affecting Oracle Sun products can be found on Oracle Critical Patch Updates and Security Alerts page.

    Read the article

  • CVE-2011-4313 Denial of Service Vulnerability in BIND Domain Name Server

    - by chandan
    CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2011-4313 Denial of Service vulnerability 5 BIND DNS software Solaris 11 Contact support Solaris 10 SPARC: IDR148282-01 X86: IDR148283-01 Solaris 8 SPARC: IDR148278-01 X86: IDR148279-01 Solaris 9 SPARC: IDR148280-01 X86: IDR148281-01 This notification describes vulnerabilities fixed in third-party components that are included in Sun's product distribution.Information about vulnerabilities affecting Oracle Sun products can be found on Oracle Critical Patch Updates and Security Alerts page.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >