vulnerability

ZDNet Resources

• sort by:
• Relevance
• Date
• Popularity

Protocol handlers cause Mozilla Firefox 3 remote command execution vulnerabilities

Update 07/16/2008: Apparently I neglected to mention that this has been patched already.  Reading over it again and a heads up from a reader pointed out the error to me.  As always, great job by Window Snyder and the Mozilla Security Team for getting this patched quickly. ...

Tags: Mozilla Firefox 3.0, Mozilla Firefox, URI, Vulnerability, Mozilla Corp., Attack, Web Browsers, Security, Internet, Nathan McFeters

Blog posts 2008-07-16

Ounce Labs finds 2 security vulnerabilities in Spring framework

Code inspector Ounce Labs has identified two vulnerabilities in the open source Spring framework that exposes their enterprise applications to would-be hackers and hijackers. The two issues, ModelView Injection and Data Submission to Non-Editable Fields, affect only the MVC module of the Spring framework, which is used to...

Tags: Vulnerability, XSS, Framework, Ounce Labs, Spring, Security, Operational Planning, Databases, Business Operations, Enterprise Software, Software, Data Management, Paula Rooney

Blog posts 2008-07-16

Symantec says Microsoft Access ActiveX attacks to increase

Symantec has reported that the Neosploit toolkit has been updated to include attack vectors for the recent Microsoft Access ActiveX vulnerability.  Neosploit is a toolkit for sale on the market (price estimates fall between $1500-$3000) that seeks to automate and extend the capability of browser exploits. Symantec...

Tags: Web, Symantec Corp., Microsoft Access, Vulnerability, Trusted Site, ActiveX Control, Microsoft Internet Explorer, Microsoft Corp., Web Site, Site, Zone, Intranet, Attack, Neosploit, Internet, ActiveX/COM/COM+/DCOM, Web Browsers, Security, Software Development, Software/Web Development, Nathan McFeters

Blog posts 2008-07-14

XSS worm at Justin.tv infects 2,525 profiles

A XSS worm was crawling across Justin.tv, the popular lifecasting platform at the end of June, details of the incident emerged in the middle of last week. Basically, the group that found the XSS vulnerability abused it for the purpose of generating the following graph as a proof of concept,...

Tags: Vulnerability, XSS, Worm, Security, Dancho Danchev

Blog posts 2008-07-14

On deck from Oracle: 45 critical database, server patches

Database server giant Oracle plans to ship patches for a total of 45 security vulnerabilities on Thursday (July 17), bringing the vulnerability count for 2008 to a whopping 112. Since January 2006 this CPU included, Oracle has shipped fixes for a total of  572 vulnerabilities. ...

Tags: Oracle Corp., Vulnerability, Patch Management, Server, Storage, Patches, Databases, Security, Enterprise Software, Hardware, Software, Data Management, Ryan Naraine

Blog posts 2008-07-14

Late breaking news: Microsoft investigates reports of Office Word 2002 SP 3 exploited in the wild

From Bill Sisk, security response communications manager for Microsoft: Microsoft Security Advisory (953635) Vulnerability in Microsoft Word Could Allow Remote Code Execution Published: July 8, 2008 Microsoft is investigating new public reports of a possible vulnerability in Microsoft Office Word 2002 Service Pack 3....

Tags: Attacker, Vulnerability, Microsoft Corp., Microsoft Word, Word Processors, Microsoft Office, Security, Office Suites, Software, Nathan McFeters

Blog posts 2008-07-08

Microsoft addresses 9 security vulnerabilities with 4 "Important" bulletins

Microsoft announced 4 "Important" security bulletins today that cover 9 separate vulnerabilities. Of note were vulnerabilities reported in Windows DNS server and client, and within SQL Server. Briefly, the vulnerabilities involve: Cache poisoning and insufficient socket entropy flaws in Microsoft DNS Server A remote...

Tags: Attacker, Microsoft SQL Server, Vulnerability, Server, Microsoft Windows, Microsoft Corp., Microsoft Outlook Web Access, Microsoft Outlook, Security, Microsoft Office, Office Suites, Software, Nathan McFeters

Blog posts 2008-07-08

Microsoft delivers 'important' patches

Microsoft on Tuesday delivered nine important patches to fix vulnerabilities in SQL Server, Exchange Server, Vista and Windows Server. Among the details, which were previewed last week. CVE-2008-0085: A vulnerability in the way SQL Server manages memory page reuse. An attacker with database operator...

Tags: Microsoft SQL Server, Vulnerability, Patch Management, Microsoft Corp., Microsoft Outlook Web Access, Microsoft Windows, Microsoft Outlook, Microsoft Office, Security, Databases, Servers, Operating Systems, Software, Office Suites, Enterprise Software, Data Management, Hardware, Larry Dignan

Blog posts 2008-07-08

Approximately 800 vulnerabilities discovered in antivirus products

Approximately 800 vulnerabilities discovered in antivirus productsNo matter what you do---You'll never get rid of virus.This could even be a threat to the United Nations.Oh the Humanity!ntYou know it's pretty bad when AV vulnerabilities are found......by [url=http://secunia.com/advisories/19284/]hacks like me[/url].RE: Approximately 800 vulnerabilities discovered in antivirus productsParsing error can occur in...

Tags: SECURITY, Viruses and worms, Cyberthreats, AV company, vulnerability, antivirus

Discussion threads 2008-07-07

Approximately 800 vulnerabilities discovered in antivirus products

In what appears to be either a common scenario of "when the security solution ends up the security problem itself", or a product launch basing its strategy on outlining the increasing number of critical vulnerabilities found in competing antivirus products, the IT/Security consulting firm n.runs AG claims to have discovered...

Tags: Antivirus Product, Antivirus, Vulnerability, Malware, Security, Viruses And Worms, Dancho Danchev

Blog posts 2008-07-07

Microsoft warns of "active, targeted" ActiveX control attacks

Microsoft has issued a pre-patch security advisory to warn about "active, targeted attacks" against an ActiveX control for the  Snapshot Viewer for Microsoft Access. The skinny: An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page,...

Tags: Vulnerability, ActiveX Control, Microsoft Corp., Attack, ActiveX/COM/COM+/DCOM, Microsoft Office, Security, Software Development, Software/Web Development, Office Suites, Software, Ryan Naraine

Blog posts 2008-07-07

Multiple Facebook vulnerabilities reported on Full-Disclosure

Jouko Pynnonen posted a message to the Full-Disclosure mailing list today, citing multiple "script injection" vulnerabilities within Facebook.  I'm not sure if this is a surprise to anybody out there, it's certainly not to me, as numerous web applications have major problems with Cross-site Scripting vulnerabilities, but I think this...

Tags: Facebook, Vulnerability, XSS, JavaScript, Microsoft Internet Explorer, Web Browser, Sandbox, JS, Canvas Page, Web Browsers, Internet, Nathan McFeters

Blog posts 2008-07-02

Remote code execution flaw in VLC Media Player

Researchers at Secunia have found a "highly critical" vulnerability that puts users of the cross-platform VLC Media Player at risk of remote code execution attacks. The vulnerability is confirmed in version 0.8.6h on Windows. Prior versions may also be affected.    A patch is expected soon from...

Tags: Vulnerability, WAV, Secunia, Flaw, Security, Ryan Naraine

Blog posts 2008-07-02

Apple plugs 25 Mac OS X security vulnerabilities

Apple plugs 25 Mac OS X security vulnerabilitiesAnother 25?Wow, how come people are finding so many holes in OS X? Has anything changed? There never used to be so many security vulnerabilities in OS X or could it simply be that they've [b]always[/b] been there and they've simply never been...

Tags: Operating systems, UNIX, OSX, Apple Mac OS X, Mac OS X security vulnerability, Mac OS X security, BSD, Apple Inc., Apple Mac OS, vulnerability, Apple Macintosh, security

Discussion threads 2008-06-30

Exploit code released for unpatched IE 7 vulnerability

Exploit code released for unpatched IE 7 vulnerabilityYour picture looks like Google hacked MicrosoftGoogle pages enter unannounced.Can this happen if another window isn't open?or a tab?There has to be somebody looking at the doc model, right?So if one uses IE one window, one website at a time, is this safe?I...

Tags: Web browsers, Construction, Microsoft Internet Explorer, exploit code, Microsoft Internet Explorer 7

Discussion threads 2008-06-30

Exploit code released for unpatched IE 7 vulnerability

Another day, another gaping hole affecting fully patched versions of Microsoft's Internet Explorer browser. According to a warning from US-CERT, proof-of-concept exploit code has been published for a new zero-day bug that can be used for a variety of malicious attacks against Windows users running IE 6,...

Tags: Attacker, Vulnerability, Frame, Microsoft Internet Explorer 7, Domain, Exploit Code, Microsoft Internet Explorer, Web Page, Web Browsers, Internet, Ryan Naraine

Blog posts 2008-06-30

HSBC sites vulnerable to XSS flaws, could aid phishing attacks

What would the perfect phishing attack from a social engineering perspective? The one that compared to using typosquatted domains impersonating the bank's web application directory structure is in fact using the bank's legitimate domain names as redirectors due to XSS flaws within. It's even more interesting to measure the average...

Tags: Bank, Vulnerability, XSS, Flaw, Phishing, Cyberthreats, Financial Services, Security, Viruses And Worms, Spam And Phishing, Dancho Danchev

Blog posts 2008-06-29

An effective way to treat Web 2.0 vulnerabilities

An effective way to treat Web 2.0 vulnerabilitiesIt does work!Hi Nate,I couldn't agree more! We changed our approach to application security around 1 year ago and one of the core changes was that security is as much of a defect as a functional issue. It really has made a world...

Tags: Nate, Web 2.0 vulnerability, security, Web 2.0, vulnerability, Web

Discussion threads 2008-06-29

An effective way to treat Web 2.0 vulnerabilities

I'm personally a huge fan of the Matasano blog, and have a lot of respect for their group.  I took a peek over at their blog today and noticed an article by Dave Goldsmith that deals with "Vulnerability Reporting in a Web 2.0 World Continued". In this...

Tags: Web, Web 2.0, Vulnerability, Defect, Security, Nathan McFeters

Blog posts 2008-06-28

Zero-day flaw haunts Internet Explorer

Zero-day flaw haunts Internet ExplorerJelloWow, Ryan, that really tells me a lot. What does this vulnerability do? Change my hard drive into Jello?While the information is appreciatedit would have been nice if the headline had included that little number 6. It makes a huge difference.this flaw haunts only OLD Internet...

Tags: Web browsers, Manuel Caballero, Microsoft Internet Explorer, zero-day bug, Mozilla Firefox, vulnerability

Discussion threads 2008-06-26