Twitter
LinkedIn
RSS

Posts Tagged ‘vulnerability’


SB14-209: Vulnerability Summary for the Week of July 21, 2014

Original release date: July 28, 2014 The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT)

Read More...

VU#867980: Silver Peak VX is vulnerable to cross-site request forgery and cross-site scripting

Vulnerability Note VU#867980 Silver Peak VX is vulnerable to cross-site request forgery and cross-site scripting Original Release date: 28 Jul 2014 | Last revised: 28 Jul 2014 Overview Silver Peak VX version 6.2.2.0_47968 is vulnerable to cross-site request forgery and cross-site scripting. Description CWE-352 : Cross-Site Request Forgery (CSRF) – CVE-2014-2974 Silver Peak VX version 6.2.2.0_47968 contains a cross-site request forgery vulnerability in  /php/user_account.php that allows an unauthenticated user to create a new administrator account. CWE-79 : Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) – CVE-2014-2975 Silver Peak VX version 6.2.2.0_47968 also contains a reflected cross-site scripting vulnerability in /php/user_account.php that can allow an attacker to inject arbitrary HTML content (including scripts) via the vulnerable query string parameter user_id

Read More...

Almost 1 in 10 Android apps are now malware (and Asia has highest infection rate, then France and Russia)

21 retweets 3 favorites

Read More...

VU#394540: Sabre AirCentre Crew solutions contain a SQL injection vulnerability

Vulnerability Note VU#394540 Sabre AirCentre Crew solutions contain a SQL injection vulnerability Original Release date: 25 Jul 2014 | Last revised: 25 Jul 2014 Overview Sabre AirCentre Crew solutions version 2010.2.12.20008 and earlier contain an SQL injection vulnerability. Description CWE-89 : Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) Sabre AirCentre Crew solutions version 2010.2.12.20008 and earlier are vulnerable to an SQL Injection attack in the username and password fields in CWPLogin.aspx.

Read More...

VU#565580: BulletProof FTP Client 2010 is vulnerable to a stack-based buffer overflow

Vulnerability Note VU#565580 BulletProof FTP Client 2010 is vulnerable to a stack-based buffer overflow Original Release date: 24 Jul 2014 | Last revised: 24 Jul 2014 Overview BulletProof FTP Client 2010 is vulnerable to a stack-based buffer overflow Description CWE-121 – Stack-based Buffer Overflow BulletProof FTP Client 2010 does not check the length of the host parameter set in the quick connect bar. A long host value causes a stack-based buffer overflow, possibly allowing for arbitrary code execution

Read More...

VU#162308: Resin Pro improperly performs Unicode transformations

Vulnerability Note VU#162308 Resin Pro improperly performs Unicode transformations Original Release date: 23 Jul 2014 | Last revised: 23 Jul 2014 Overview Resin Pro 4.0.39 and possibly earlier versions improperly performs Unicode transformations. Description CWE-20 : Improper Input Validation Resin Pro 4.0.39 and possibly earlier versions perform incorrect Unicode transformations on output to HTTP responses for ISO-8859-1

Read More...

The First 1 Terabit Per Second Firewall Has Arrived

Today we announced the availability of the first firewall to cross the 1 Terabit per second threshold. That’s 1 trillion bits, or 1 with 12 zero’s after it (1,000,000,000,000). But why is it needed now and why is it important

Read More...

CPNI Releases Paper on Improving Defenses Against Targeted Attack

Original release date: July 22, 2014 The United Kingdom’s Centre for the Protection of National Infrastructure (CPNI) has released a report on its “Improving Defenses Against Targeted Attack” (iDATA) cyber research program. The report contains descriptions and outcomes from a number of projects aimed at addressing threats posed by nation states and state-sponsored actors. CPNI is the government authority for providing protective security advice to businesses and organizations across the UK’s national infrastructure

Read More...

VU#875548: MicroPact iComplaints cross-site scripting vulnerability

Vulnerability Note VU#875548 MicroPact iComplaints cross-site scripting vulnerability Original Release date: 21 Jul 2014 | Last revised: 21 Jul 2014 Overview MicroPact iComplaints contains a persistent cross-site scripting vulnerability.

Read More...

VU#688812: Huawei E355 contains a stored cross-site scripting vulnerability

Vulnerability Note VU#688812 Huawei E355 contains a stored cross-site scripting vulnerability Original Release date: 21 Jul 2014 | Last revised: 21 Jul 2014 Overview The Huawei E355 built-in web interface contains a stored cross-site scripting vulnerability. Description Huawei E355 wireless broadband modems include a web interface for administration and additional services. The web interface allows users to receive SMS messages using the connected cellular network

Read More...