Vulnerability Resources on ZDNet

Did you mean security vulnerability (87 results), WMF vulnerability (25 results), vulnerability assessment (17 results), cross-site scripting vulnerability (4 results), Windows vulnerability (2 results)

ZDNet Dictionary Definition

Vulnerability: A security exposure in an operating system or other system software or application software component. Before the Internet became mainstream and exposed every organization in the world to every...; Full Vulnerability Definition >>

ZDNet Resources

Gmail can be used as "Spam Bazooka": INSERT, the Information Security Research Team, has sucessfully created a proof of concept exploiting the "trust hierarchy" that exists between mail service providers. Taking advantage of the way Gmail forwards messages, the team was able to send 4000 messages in a short period of time from a single account...; Tags: Google Inc., Google Gmail, Vulnerability, Spam, E-mail Providers, Security, Internet, Garett Rogers; Blog posts 2008-05-09
Do we need another CERT?: Yes. Google's backing of oCERT is a major milestone in the history of open source. It's not that I have anything against the Computer Emergency Response TeamCERT at Carnegie-Mellon. They do important work, not only in identifying risks but in educating people on them. ...; Tags: Vulnerability, CERT, Windows Machine, Dana, Security, Open Source, Dana Blankenhorn; Blog posts 2008-05-06
Hacking NASA: One small step for man, one giant leap for hackers?: The CORE Security Team released an advisory to the Full-Disclosure mailing list today that documented a stack overflow in NASA's Common Data Format libs. Looking at this bug, the tech details aren't overwhelming, I think I'm mostly excited about it due to the high profile of hacking NASA libs. One...; Tags: NASA, Vulnerability, Hacker, Exploitation, Common Data Format 3.2.1, Security, Patches, Hacking, Nathan McFeters; Blog posts 2008-05-05
More bad news for McAfee, HackerSafe certification: Dan Godin posted a great article that was picked up by The Register a couple days ago about continued challenges for McAfee's newly purchased HackerSafe division. I find the article interesting as HackerSafe uses a scanning tool that probes for web application security flaws... of course, tools are limited in...; Tags: McAfee Inc., Security, Certification, Vulnerability, XSS, HackerSafe, Godin, Goodin, Nathan McFeters; Blog posts 2008-05-01
Novell GroupWise 'mailto' URI handler buffer overflow Vulnerability: Researcher Juan Pablo Lopez Yacubian has reported another URI abuse exploit. From Security Focus: Novell GroupWise is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. Successfully exploiting this issue will allow an attacker to execute...; Tags: Novell Inc., Researcher, Vulnerability, Buffer-overflow, Novell GroupWise, E-mail Servers, E-mail Clients, Groupware, Viruses And Worms, Security, Enterprise Software, Software, Nathan McFeters; Blog posts 2008-04-29

HP plugs latest ActiveX software update flaw: HP has plugged another ActiveX vulnerability in its software update application. The patch (CVE-2008-0712) covers "a potential vulnerability has been identified with the HPeDiag ActiveX control which is a component of HP Software Update running under windows. The vulnerability could be exploited to allow remote disclosure of...; Tags: Software, Hewlett-Packard Co., Vulnerability, ActiveX, Flaw, ActiveX/COM/COM+/DCOM, Security, Software Development, Software/Web Development, Larry Dignan; Blog posts 2008-04-29
Apple plugs Pwn2Own winning Vulnerability: Apple plugged the winning vulnerability in the Pwn2own contest on Wednesday in a Safari update. In an update for Safari (3.1.1), Apple fixed the following vulnerabilities: CVE-2008-1026, also known as the flaw that won hacker Charlie Miller $10,000.in the Pwn2Own contest at CanSecWest. This...; Tags: Apple Macintosh, Apple Safari, Vulnerability, Mac OS X Server, Apple Inc., Apple Mac OS X, Apple Mac OS, Operating Systems, Desktops, Software, Hardware, Larry Dignan; Blog posts 2008-04-16
Oracle patches DB, apps: Oracle patches DB, appsOracle Critical Patch Update Risk Matrix & CVSSHi Larry! This is Eric Maurice of Oracle. An important document for Oracle customers, the Critical Patch Update (CPU) Advisory lists vulnerabilities addressed in the CPU as well as provides other information related to the patches (affected platforms,...; Tags: SECURITY, Common Vulnerability Scoring System, vulnerability, Oracle Corp., Critical Patch Update, matrice, CVSS 2.0, severity; Discussion threads 2008-04-16
Adobe Flash Pwn2Own details released by ZDI...: ... and unfortunately leaves much to be desired. I think many people were hoping for the disclosure from ZDI to contain a lot of details on what could've been exploited with this issue, unfortunately, the details just aren't really there. In fact, after reading it, I think I have more...; Tags: User Interaction, Adobe Systems Inc., Vulnerability, Adobe Flash Player, ZDI Advisory, Security, Nathan McFeters; Blog posts 2008-04-08
Microsoft patches Vista, Windows Server 2008, IE: Microsoft delivered 10 patches including six critical ones on Tuesday. Among the critical patches for Vista, Windows Server 2008 and Internet Explorer. Critical patches by the CVEs: CVE-2008-0083: Covers Windows Vista and Windows Server 2008. Microsoft says: "A remote code execution vulnerability...; Tags: Web, Attacker, Microsoft Windows Server, Vulnerability, Microsoft Internet Explorer, Microsoft Corp., Microsoft Windows Server 2008, Microsoft Windows, Security, Operating Systems, Software, Larry Dignan; Blog posts 2008-04-08
Microsoft readies Vista, Windows Server 2008 critical patches: Microsoft on Thursday issued five critical security bulletins and three important ones for all flavors of Windows, Internet Explorer and Office. Vista and Windows Server 2008 are affected by four of the five critical bulletins. In its patch day advance notification for its Tuesday update, Microsoft issued...; Tags: Microsoft Windows Server, Vulnerability, Patch Management, Microsoft Windows Vista, Microsoft Corp., Bulletin, Microsoft Windows, Microsoft Windows Server 2008, Microsoft Windows Vista (Longhorn), Servers, Operating Systems, Software, Hardware, Larry Dignan; Blog posts 2008-04-03
Interview with the Vista Pwn2Own contest winners: Update 04/03/2008: I've updated the article as apparently the link to k2's blog was broken. Also, it's important to note that Derek Callaway was a part of this research and exploitation as well, and I neglected to mention that. So obviously our coverage of the Pwn2Own contest has...; Tags: Adobe Systems Inc., Vulnerability, JavaScript, Microsoft Windows Vista, Exploit, Data Execution Prevention, Flaw, Nate, Programming Languages, Java, Security, Software Development, Software/Web Development, Nathan McFeters; Blog posts 2008-04-02
Fortify aims for the security suite spot; Moves upstream: Fortify Software, which heads off insecure software code in the development, said Monday that it has launched a suite designed to head off vulnerabilities in automated and older applications. The suite, dubbed Fortify 360, expands the company's market. Previously, Fortify was mostly focused on checking code for...; Tags: Software, Suite, Vulnerability, Fortify 360, Security, Larry Dignan; Blog posts 2008-03-31
MacBook Air falls in two minutes at PWN 2 OWN: The MacBook Air fell in two minutes at the CanSecWest security conference's PWN 2 OWN. According to Infoworld, Charlie Miller won the $10,000 prize. Under the contest rules, organizers offered Sony Vaio, Fujitsu U810, and the MacBook as prizes. On day 1 no one won because they...; Tags: Apple Safari, Vulnerability, Apple MacBook, Apple Inc., Charlie Miller, Zero Day Initiative, Notebooks, Hardware, Notebooks & Tablets, Larry Dignan; Blog posts 2008-03-27
Cisco patches IOS vulnerabilities: Cisco patched multiple vulnerabilities on Wednesday with the most important fixes covering data-link switching, IPv6 and VPN flaws. Among the highest rated patches (all rated 7 or above on a 10 scale): Cisco patched multiple vulnerabilities in the Data-link Switching (DLSw) feature in its...; Tags: Cisco IOS, Device, Vulnerability, IP, Cisco Systems Inc., Security, Larry Dignan; Blog posts 2008-03-26
Mozilla updates Firefox; Fixes multiple vulnerabilities: Mozilla updates Firefox; Fixes multiple vulnerabilitiesAs Usual, Nice And Speedy!Thanks Mozilla!RE: Mozilla updates Firefox; Fixes multiple vulnerabilitiesSince I use FF3b4, will this fix find its way into FF3b5?find it's way into ff3b5I don't think ff3 is affected.RE: Mozilla updates Firefox; Fixes multiple vulnerabilitiesAfter Apple's several software updates last week, Firefox...; Tags: Web browsers, Mozilla Firefox, multiple vulnerability, MAC Pro, Mozilla Corp., vulnerability; Discussion threads 2008-03-26
Mozilla updates Firefox; Fixes multiple vulnerabilities: Mozilla has patched 10 vulnerabilities in Firefox 2.0 with update 2.0.0.13. In an update early Wednesday Firefox addressed the following: MFSA 2008-19 XUL popup spoofing variant (cross-tab popups) MFSA 2008-18 Java socket connection to any local port via LiveConnect MFSA 2008-17 Privacy issue with...; Tags: Mozilla Firefox, Vulnerability, Mozilla Corp., Web Browsers, Programming Languages, Java, Security, Internet, Software Development, Software/Web Development, Larry Dignan; Blog posts 2008-03-26
Security: Lintel vs Wintel: In the PC community "security" just means defending against attacks aimed at destroying or misusing all or part of a computer system. In that context most of the complexities associated with trying to decide whether wintel or lintel will expose you to less security risk arise from the absense of...; Tags: Wintel, Attacker, Vulnerability, Flaw, National Vulnerability Database, Petreley, Security, Paul Murphy; Blog posts 2008-03-24
How to detect network vulnerabilities?: Computer scientists at George Mason University (GMU) have developed a new software to identify complex cyber network attacks. This software is named CAULDRON (short for 'Combinatorial Analysis Utilizing Logical Dependencies Residing on Networks'). The developers claim that CAULDRON 'can reduce the impact of cyber attacks by identifying the possible vulnerability...; Tags: Software, Network, Vulnerability, George Mason University, CAULDRON, Networking, Security, Roland Piquepaille; Blog posts 2008-03-18
ActiveX woes bite CA BrightStor: Another day another ActiveX problem. This time an ActiveX vulnerability in CA BrightStor ARCServe Backup could be exploited to compromise a user's system. A Secunia alert rates the vulnerability "highly critical." Here are the details: Krystian Kloskowski has reported a vulnerability in CA BrightStor ARCserve Backup,...; Tags: Vulnerability, Computer Associates International Inc., ActiveX, CA BrightStor, Exploitation, ActiveX/COM/COM+/DCOM, Storage Management, It Management, Security, Software Development, Software/Web Development, Storage, Hardware, It service Management, Larry Dignan; Blog posts 2008-03-17