Keep updated on daily information technology security, new discoveries and other related issues pertaining the information technology field
Wednesday, 18 December 2013
Tuesday, 10 December 2013
Friday, 6 December 2013
Thursday, 5 December 2013
Tuesday, 3 December 2013
Monday, 2 December 2013
Friday, 29 November 2013
Preparing for war: how far are we from a mass mobile cyber battle?
Security is not just a concern
for smartphone users – mobile operators can also be hit, and ignorance could
cost them dearly
The demand for smarter
mobile devices and multimedia content has seen a tremendous growth in the
number of smartphones and tablets across the world. While PC shipments are
dropping, personal mobile devices are destined for a bright future. There are
reports that already claim up to 40% of internet time is spent
on mobile devices, and there's no doubt they will become
increasingly important in the personal as well as professional lives of
millions of people.
Wednesday, 27 November 2013
Why we are losing the cyber security war and what we can do about it
If this year’s attacks on Adobe, LexisNexis, NASDAQ, US Airways, and dozens
of other large and technologically sophisticated US enterprises didn’t provide
sufficient evidence that we are losing the cyber security war, the ongoing
breaches by Anonymous make it undeniable. Why are the world’s most IT savvy
companies unable to keep attackers out of their networks?
Tuesday, 26 November 2013
Tuesday, 19 November 2013
Thursday, 14 November 2013
Tuesday, 12 November 2013
Businesses failing to fight IT security threats, but the biggest problem is staff, PwC survey shows
Information technology hackers can still
get the better of businesses, with companies around the world failing to keep a
step ahead of information security threats, new
research has found.
And it is not just anonymous
external hackers that businesses need to worry about, but their staff, with the
biggest internal risk to a company’s IT security identified as its people.
Monday, 11 November 2013
Biggest cyber security threats to businesses
As we round out our 2013 business and IT
plans, cyber criminals are resolving to implement increasingly sophisticated
threats targeting specific computer systems and organisations big and small.
In the past year, businesses have seen
several serious hacks and breaches.
As the arms race between attackers and businesses
continues to evolve in 2013, IT departments and security professionals will
need to stay on top of the changing tactics and approaches used by criminal
hackers in order to protect their organisations.
Below are Check Point’s top resolutions
and the greatest security threats to businesses:
Friday, 8 November 2013
Thursday, 7 November 2013
Monday, 4 November 2013
Malware goes smart, too
IT SECURITY experts’
predictions that 2013 would see an increase in malware designed for mobile
phones have come true. Experts say the rise of new and already known mobile
malware will continue.“Expectations have been met; we register a higher amount of modifications of so-far known malware,” Gabriel BraniÅ¡a, analyst at IT security company ESET, who specialises in malware for Android-based mobile devices, told The Slovak Spectator, adding that the first example of so-called ransomware, i.e. malicious software which blocks a device and requires a ransom to unblock it, has also surfaced.
Thursday, 31 October 2013
Saturday, 26 October 2013
IT Security Policy: Are You Implementing Yours?
Information monitoring
is a tricky subject. We all want to be able to trust others with data, but
information theft and data leakage happen all too often, and organizations are
asking themselves how much they should be monitoring the way company information
is used. But why is it an issue and how should it be done?Tuesday, 22 October 2013
Wednesday, 16 October 2013
Thursday, 10 October 2013
Cyber security takes discipline
Policies, training are
essential with new employees accessing data via mobile devices
Judging by frequent
headlines about stolen credit card numbers and hacker attacks, companies face
cyber security threats from literally around the world. But are Kentucky
companies doing enough to keep their information – and customers’ data – safe?
Cyber threats take many
shapes, from the proverbial hacker in his mom’s basement to organized gangs in
Eastern European countries. And experts say the bad guys have to be right only
one time to pull off an attack, whereas the corporate guardians have to get it
right every day, all day to keep company assets safe.
Tuesday, 8 October 2013
Monday, 7 October 2013
Wednesday, 2 October 2013
Top Microsoft investors want chairman Bill Gates to step down
New York/Seattle: Three of the top 20 investors in Microsoft Corp.are lobbying the board
to press for Bill Gates to step down as chairman of the software company he co-founded 38 years
ago, according to people familiar with matter.
While Microsoft chief executive Steve Ballmer has been under pressure for years to improve the company’s performance and
share price, this appears to be the first time that major shareholders are
taking aim at Gates, who remains one of the most respected and influential
figures in technology.
Monday, 30 September 2013
Thursday, 26 September 2013
Tuesday, 24 September 2013
HACKERS BYPASS IPHONE 5S TOUCH ID
Hackers from the
venerable Chaos Computer Club in Germany have found a method for bypassing the
new iPhone 5S Touch ID fingerprint security mechanism. The method, which is the
first known technique for circumventing the iPhone’s newest security feature, involves
taking a picture
of a user’s fingerprint and then creating a latex copy of it to
unlock the phone.
Saturday, 21 September 2013
Friday, 20 September 2013
OIL, ENERGY WATERING HOLE ATTACKS COULD BE TIED TO DOL ATTACKS
A
string of watering hole attacks targeting oil and energy companies dating back
to May could be linked to similar attacks against the U.S. Department of Labor website.
Researchers at Cisco discovered the compromised domains of 10
oil and energy companies worldwide,
including hydroelectric plants, natural gas distributors, industrial suppliers
to the energy sector and investment firms serving those markets. Six of the 10
sites shared the same Web design firm and >>>
Thursday, 19 September 2013
Saturday, 14 September 2013
Will Samsung's Galaxy Gear change mobile trend?
Samsung
Electronics, the world's No. 1 smarthone maker, unveiled its newest version of
phablet Galaxy Note 3 and its companion gadget Galaxy Gear, a first-generation
wearable device to complement Samsung's smartphones and phablets, at the Berlin
trade show Thursday.The Galaxy Gear smart watch, which will be on display at the IFA consumer electronics fair in Berlin for six days to Sept. 11, will be worn on the wrist to serve as a companion, or a supplementary device, to the new phablet, or a hybrid of smarpthone and tablet PC.
The voice-controlled smart watch..
Thursday, 12 September 2013
Tuesday, 10 September 2013
Thursday, 5 September 2013
Tuesday, 3 September 2013
Monday, 2 September 2013
SYRIA’S OTHER ARMY: HOW THE HACKERS WAGE WAR
At 5:41 P.M. on Tuesday, a tweet from the account of the hacker collective known as the Syrian Electronic Army, which supports the
regime of Syria’s President, Bashar al-Assad,said,
“Media is going down…” It had been a couple of hours since the Web site of theTimeshad gone offline for the second time
this month. Roughly forty-five minutes later, the account asked Twitter,
“Are you ready?” Some users had noticed that the backgrounds of their Twitter
profiles had been transformed to Syria-related pictures. While Twitter quickly
recovered, theTimes continued to be Thursday, 29 August 2013
Registrar Hack at Root of NY Times and Twitter Attacks
The attack that took down the
New York Times Web site Tuesday
afternoon, along with domains belonging to Twitter and the Huffington Post, was
accomplished through the use of compromised credentials belonging to a reseller
for the registrar that those companies use to buy their domains. MelbourneIT,
the registrar the Times, Twitter and others use, was the initial target of the
attack, which enabled the Syrian Electronic Army to change the DNS records for
the targeted domains and redirect traffic from those sites to a domain that may
have been hosting malware.Thursday, 22 August 2013
Friday, 16 August 2013
9 Household Items That Could Be Spying on You
For Americans concerned about their privacy, the NSA data
grabs are daunting, but what about the data grabs happening inside your own
home, perpetrated not by the government, but by your coffee machine?
Consider every appliance
and every piece of home electronics that you own. Does it gather data about how
you use it? Does it connect to the Internet? If so,
Hackers use new tactic to attack U.S. media sites
Hackers promoting the
Syrian Electronic Army simultaneously targeted websites belonging to CNN, Time
and the Washington Post on Thursday by breaching Outbrain, a firm which
publishes content recommendations on those sites.
That resulted in some
WashingtonPost.com and Time.com customers being redirected to the website of
the Syrian Electronic Army when they clicked on the content from Outbrain, said
Outbrain Vice President Lisa LaCour. The CNN International site briefly displayed
a headline that said "Hacked by SEA," she said.
Thursday, 15 August 2013
Wednesday, 14 August 2013
Tuesday, 13 August 2013
SIM card hacking makes most of US targets
With six
billion people worldwide now using mobile phones, it’s become clear how
globally reliant we are on cellular technology. Of course no great new
technological wonder comes without its risks.
The dangers we face via our mobiles have reached epic
proportions. Up until now the mobile related danger list comprised of cyber
bulling....,
Monday, 12 August 2013
Thursday, 8 August 2013
Friday, 2 August 2013
China Mobile announces its first own-branded smartphones, including an LTE model for $210
China Mobile has launched two self-branded
smartphones today, with one that is retailing at a mere RMB499 ($81), becoming
the first-ever Chinese operator to manufacture phones as it seeks to increase
its diversity and make up for not offering the iPhone on its network.
The
world’s largest operator announced the launch of its phones on its
official Sina Weibo page. The phone that is priced at RMB499 is a 4-inch
smartphone called M601, which is powered by a MARVELL dual-core A9 1.2G
high-speed processor and features a 3-megapixel rear camera.
Thursday, 1 August 2013
United Kingdom completes digital switchover for 4G mobile networks
The UK's
digital switchover is set to be completed later, five months ahead of the
original deadline.
Engineers
are expected to sign off on work in the north-east of Scotland and the Western
Isles, paving the way for more 4G super-fast mobile networks.
Tuesday, 30 July 2013
Friday, 26 July 2013
Thursday, 25 July 2013
Wednesday, 24 July 2013
Tuesday, 23 July 2013
Millions of Sim cards are 'vulnerable to hack attack'
Millions of Sim cards are
'vulnerable to hack attack'
A flaw with
mobile phones' Sim card technology is putting millions of people at risk of being spied on and
robbed, according to a leading security expert.
Karsten Nohl
has said he has found a way to discover some Sims' digital keys by sending them a special text message.
Friday, 19 July 2013
Microsoft Has an Operating System for Your House
Researchers
at Microsoft have released software aimed at making
it easier for homes to be monitored, automated, and controlled using computers
and the Internet.
It also paves the way for developers to create apps that can be “installed”
into homes with numerous different devices to make use of them in new ways.
Although Internet-connected
products for the home—including security cameras, thermostats, and motion
sensors—are readily available, it can be challenging to install them, and they
typically work independently.
Thursday, 18 July 2013
Wednesday, 17 July 2013
GlassUp Takes on Google Glass With Connected Specs
Miss out on becoming a
Google Glass Explorer? Well you're in luck—sort of. GlassUp is here to fill the heads-up-display
void with its GlassUp eyeglasses. These app-enabled specs connect directly with
smartphones to deliver information right onto its lenses. The company has
launched an Indiegogo campaign, with a
goal of $150,000, and is opening up pre-orders starting today.
So
let's be clear, GlassUp eyeglasses might share the same concept as Google
Glass, but they are two entirely different products. While Google Glass
features native voice control and a built-in camera, GlassUp's eyeglasses have
neither. The company touts its lack of privacy issues, but really these are two
big omissions. GlassUp's eyeglasses will be "receive only" to start,
meaning they can only receive information like notifications and not actually
do anything, like snap a picture.
Monday, 15 July 2013
Thursday, 27 June 2013
Wednesday, 26 June 2013
Tuesday, 25 June 2013
Wednesday, 19 June 2013
Wednesday, 12 June 2013
Monday, 10 June 2013
Thursday, 6 June 2013
Social networks hot targets for hackers: McAfee
McAfee Labs on Monday reported a surge early this year in malicious software aimed at stealing passwords at social networks such as Facebook and Twitter.
How to avoid Facebook virus that can drain your bank account
If you click on the wrong link on Facebook, a virus may find its way into your bank account and drain it of all your money.
The New York Times' Bits Blogs details how a 6-year-old virus called Zeus is all over Facebook right now. Here's how to avoid it.
Tuesday, 4 June 2013
Monday, 3 June 2013
Important Security Update: Reset Your Drupal.org Password
The Drupal.org Security Team and Infrastructure Team has discovered unauthorized access to account information on Drupal.org and groups.drupal.org.
This access was accomplished via third-party software installed .......
Thursday, 30 May 2013
Wednesday, 29 May 2013
Bulletin (SB13-147) Vulnerability Summary for the Week of May 20, 2013
Original release date: May 28, 2013
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.
The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0
- Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9
- Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9
Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.
| 3s-software -- codesys_gateway-server | Use-after-free vulnerability in the server application in 3S CODESYS Gateway 2.3.9.27 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via unspecified vectors. | 2013-05-23 | 10.0 | CVE-2013-2781 |
| angusj -- resource_hacker | Heap-based buffer overflow in Resource Hacker 3.6.0.92 allows remote attackers to execute arbitrary code via a Portable Executable (PE) file with a resource section containing a string that has many tab or line feed characters. | 2013-05-23 | 9.3 | CVE-2012-6553 |
| apple -- quicktime | Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted enof atoms in a movie file. | 2013-05-24 | 9.3 | CVE-2013-0986 |
| apple -- quicktime | Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted QTIF file. | 2013-05-24 | 9.3 | CVE-2013-0987 |
| apple -- quicktime | Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FPX file. | 2013-05-24 | 9.3 | CVE-2013-0988 |
| apple -- quicktime | Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MP3 file. | 2013-05-24 | 9.3 | CVE-2013-0989 |
| apple -- quicktime | Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted TeXML file. | 2013-05-24 | 9.3 | CVE-2013-1015 |
| apple -- quicktime | Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.263 encoding. | 2013-05-24 | 9.3 | CVE-2013-1016 |
| apple -- quicktime | Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted dref atoms in a movie file. | 2013-05-24 | 9.3 | CVE-2013-1017 |
| apple -- quicktime | Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.264 encoding. | 2013-05-24 | 9.3 | CVE-2013-1018 |
| apple -- quicktime | Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with Sorenson encoding. | 2013-05-24 | 9.3 | CVE-2013-1019 |
| apple -- quicktime | Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted JPEG data in a movie file. | 2013-05-24 | 9.3 | CVE-2013-1020 |
| apple -- quicktime | Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JPEG data in a movie file. | 2013-05-24 | 9.3 | CVE-2013-1021 |
| apple -- quicktime | Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted mvhd atoms in a movie file. | 2013-05-24 | 9.3 | CVE-2013-1022 |
| freenac -- freenac | SQL injection vulnerability in deviceadd.php in FreeNAC 3.02 allows remote attackers to execute arbitrary SQL commands via the status parameter. | 2013-05-23 | 7.5 | CVE-2012-6560 |
| google -- chrome | Multiple unspecified vulnerabilities in Google Chrome before 27.0.1453.93 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | 2013-05-22 | 7.5 | CVE-2013-2836 |
| google -- chrome | Use-after-free vulnerability in the SVG implementation in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | 2013-05-22 | 7.5 | CVE-2013-2837 |
| google -- chrome | Google Chrome before 27.0.1453.93 does not properly perform a cast of an unspecified variable during handling of clipboard data, which allows remote attackers to cause a denial of service or possibly have other impact via unknown vectors. | 2013-05-22 | 7.5 | CVE-2013-2839 |
| google -- chrome | Use-after-free vulnerability in the media loader in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2013-2846. | 2013-05-22 | 7.5 | CVE-2013-2840 |
| google -- chrome | Use-after-free vulnerability in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of Pepper resources. | 2013-05-22 | 7.5 | CVE-2013-2841 |
| google -- chrome | Use-after-free vulnerability in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of widgets. | 2013-05-22 | 7.5 | CVE-2013-2842 |
| google -- chrome | Use-after-free vulnerability in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of speech data. | 2013-05-22 | 7.5 | CVE-2013-2843 |
| google -- chrome | Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to style resolution. | 2013-05-22 | 7.5 | CVE-2013-2844 |
| google -- chrome | The Web Audio implementation in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. | 2013-05-22 | 7.5 | CVE-2013-2845 |
| google -- chrome | Use-after-free vulnerability in the media loader in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2013-2840. | 2013-05-22 | 7.5 | CVE-2013-2846 |
| infotecs -- vipnet_client | Infotecs ViPNet Client 3.2.10 (15632) and earlier, ViPNet Coordinator 3.2.10 (15632) and earlier, ViPNet Personal Firewall 3.1 and earlier, and ViPNet SafeDisk 4.1 (0.5643) and earlier use weak permissions (Everyone: Full Control) for a folder under %PROGRAMFILES%\Infotecs, which allows local users to gain privileges via a Trojan horse (1) executable file or (2) DLL file. | 2013-05-22 | 7.2 | CVE-2013-3496 |
| turck -- bl20_programmable_gateway | TURCK BL20 Programmable Gateway and BL67 Programmable Gateway have hardcoded accounts, which allow remote attackers to obtain administrative access via an FTP session. | 2013-05-23 | 10.0 | CVE-2012-4697 |
| a51dev -- activecollab_chat_module | functions/html_to_text.php in the Chat module before 1.5.2 for activeCollab allows remote authenticated users to execute arbitrary PHP code via the message[message_text] parameter to chat/add_messag, which is not properly handled when executing the preg_replace function with the eval switch. | 2013-05-23 | 6.5 | CVE-2012-6554 |
| apple -- itunes | WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. | 2013-05-20 | 6.8 | CVE-2013-0991 |
| apple -- itunes | WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. | 2013-05-20 | 6.8 | CVE-2013-0992 |
| apple -- itunes | WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. | 2013-05-20 | 6.8 | CVE-2013-0993 |
| apple -- itunes | WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. | 2013-05-20 | 6.8 | CVE-2013-0994 |
| apple -- itunes | WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. | 2013-05-20 | 6.8 | CVE-2013-0995 |
| apple -- itunes | WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. | 2013-05-20 | 6.8 | CVE-2013-0996 |
| apple -- itunes | WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. | 2013-05-20 | 6.8 | CVE-2013-0997 |
| apple -- itunes | WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. | 2013-05-20 | 6.8 | CVE-2013-0998 |
| apple -- itunes | WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. | 2013-05-20 | 6.8 | CVE-2013-0999 |
| apple -- itunes | WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. | 2013-05-20 | 6.8 | CVE-2013-1000 |
| apple -- itunes | WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. | 2013-05-20 | 6.8 | CVE-2013-1001 |
| apple -- itunes | WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. | 2013-05-20 | 6.8 | CVE-2013-1002 |
| apple -- itunes | WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. | 2013-05-20 | 6.8 | CVE-2013-1003 |
| apple -- itunes | WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. | 2013-05-20 | 6.8 | CVE-2013-1004 |
| apple -- itunes | WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. | 2013-05-20 | 6.8 | CVE-2013-1005 |
| apple -- itunes | WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. | 2013-05-20 | 6.8 | CVE-2013-1006 |
| apple -- itunes | WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. | 2013-05-20 | 6.8 | CVE-2013-1007 |
| apple -- itunes | WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. | 2013-05-20 | 6.8 | CVE-2013-1008 |
| apple -- itunes | WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. | 2013-05-20 | 6.8 | CVE-2013-1010 |
| apple -- itunes | WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. | 2013-05-20 | 6.8 | CVE-2013-1011 |
| canonical -- telepathy-idle | telepathy-idle before 0.1.15 does not verify (1) that the issuer is a trusted CA, (2) that the server hostname matches a domain name in the subject's Common Name (CN), or (3) the expiration date of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | 2013-05-21 | 5.8 | CVE-2007-6746 |
| cisco -- ios_xr | Memory leak in the SNMP process in Cisco IOS XR allows remote attackers to cause a denial of service (memory consumption or process reload) by sending many port-162 UDP packets, aka Bug ID CSCug80345. | 2013-05-23 | 5.0 | CVE-2013-1204 |
| elgg -- elgg | Cross-site scripting (XSS) vulnerability in engine/lib/views.php in Elgg before 1.8.5 allows remote attackers to inject arbitrary web script or HTML via the view parameter to index.php. NOTE: some of these details are obtained from third party information. | 2013-05-23 | 4.3 | CVE-2012-6561 |
| elgg -- elgg | engine/lib/users.php in Elgg before 1.8.5 does not properly specify permissions for the useradd action, which allows remote attackers to create arbitrary accounts. | 2013-05-23 | 6.8 | CVE-2012-6562 |
| elgg -- elgg | engine/lib/access.php in Elgg before 1.8.5 does not properly clear cached access lists during plugin boot, which allows remote attackers to read private entities via unspecified vectors. | 2013-05-23 | 4.3 | CVE-2012-6563 |
| emc -- rsa_authentication_agent | Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Agent 7.1 before 7.1.1 for Web for Internet Information Services, and 7.1 before 7.1.1 for Web for Apache, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2013-05-22 | 4.3 | CVE-2013-0942 |
| emc -- celerra_control_station | EMC VNX Control Station before 7.1.70.2 and Celerra Control Station before 6.0.70.1 have an incorrect group ownership for unspecified script files, which allows local users to gain privileges by leveraging nasadmin group membership. | 2013-05-20 | 6.8 | CVE-2013-3270 |
| freenac -- freenac | Multiple cross-site scripting (XSS) vulnerabilities in FreeNAC 3.02 allow remote attackers to inject arbitrary web script or HTML via the (1) comment, (2) mac, (3) graphtype, (4) name, or (5) type parameter to stats.php; or (6) comment parameter to deviceadd.php. | 2013-05-23 | 4.3 | CVE-2012-6559 |
| google -- chrome | Google V8, as used in Google Chrome before 27.0.1453.93, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | 2013-05-22 | 5.0 | CVE-2013-2838 |
| google -- chrome | Race condition in the workers implementation in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact via unknown vectors. | 2013-05-22 | 6.8 | CVE-2013-2847 |
| google -- chrome | The XSS Auditor in Google Chrome before 27.0.1453.93 might allow remote attackers to obtain sensitive information via unspecified vectors. | 2013-05-22 | 5.0 | CVE-2013-2848 |
| google -- chrome | Multiple cross-site scripting (XSS) vulnerabilities in Google Chrome before 27.0.1453.93 allow user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a (1) drag-and-drop or (2) copy-and-paste operation. | 2013-05-22 | 4.3 | CVE-2013-2849 |
| heaventools -- pe_explorer | Heap-based buffer overflow in HeavenTools PE Explorer 1.99 R6 allows remote attackers to execute arbitrary code via the size value for a string in the resource section of a Portable Executable (PE) file. | 2013-05-23 | 6.8 | CVE-2012-6558 |
| jspautsch -- firstlastnames | Multiple cross-site scripting (XSS) vulnerabilities in the FirstLastNames plugin 1.1.1 for Vanilla Forums allow remote attackers to inject arbitrary web script or HTML via the (1) User/FirstName or (2) User/LastName parameter to the edit user page. NOTE: some of these details are obtained from third party information. | 2013-05-23 | 4.3 | CVE-2012-6556 |
| microsys -- promotic | Directory traversal vulnerability in the PmWebDir object in the web server in MICROSYS PROMOTIC before 8.1.5 allows remote attackers to read arbitrary files via unspecified vectors. | 2013-05-23 | 5.0 | CVE-2011-4518 |
| microsys -- promotic | Stack-based buffer overflow in an ActiveX component in MICROSYS PROMOTIC before 8.1.5 allows remote attackers to cause a denial of service via a crafted web page. | 2013-05-23 | 4.3 | CVE-2011-4519 |
| microsys -- promotic | Heap-based buffer overflow in an ActiveX component in MICROSYS PROMOTIC before 8.1.5 allows remote attackers to cause a denial of service via a crafted web page. | 2013-05-23 | 4.3 | CVE-2011-4520 |
| openstack -- keystone | OpenStack Identity (Keystone) Folsom 2012.2.4 and earlier, Grizzly before 2013.1.1, and Havana does not immediately revoke the authentication token when deleting a user through the Keystone v2 API, which allows remote authenticated users to retain access via the token. | 2013-05-21 | 6.0 | CVE-2013-2059 |
| qemu -- qemu | The qemu guest agent in Qemu 1.4.1 and earlier, as used by Xen, when started in daemon mode, uses weak permissions for certain files, which allows local users to read and write to these files. | 2013-05-21 | 6.9 | CVE-2013-2007 |
| redhat -- enterprise_linux | rhn-migrate-classic-to-rhsm tool in Red Hat subscription-manager does not verify the Red Hat Network Classic server's X.509 certificate when migrating to a Certificate-based Red Hat Network, which allows remote man-in-the-middle attackers to obtain sensitive information such as user credentials. | 2013-05-21 | 4.3 | CVE-2012-6137 |
| sahotataran -- latestcomment | Cross-site scripting (XSS) vulnerability in the LatestComment plugin 1.1 for Vanilla Forums allows remote attackers to inject arbitrary web script or HTML via the discussion title. | 2013-05-23 | 4.3 | CVE-2012-6555 |
| vercot -- serva32 | Buffer overflow in the TFTPD service in Serva32 2.1.0 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long string in a read request. | 2013-05-20 | 5.0 | CVE-2013-0145 |
| web2py -- web2py | Cross-site scripting (XSS) vulnerability in static/js/share.js (aka the social bookmarking widget) in Web2py before 2.3.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2013-05-22 | 4.3 | CVE-2013-2311 |
| xen -- xen | Xen 4.0.x and 4.1.x incorrectly releases a grant reference when releasing a non-v1, non-transitive grant, which allows local guest administrators to cause a denial of service (host crash), obtain sensitive information, or possible have other impacts via unspecified vectors. | 2013-05-21 | 6.9 | CVE-2013-1964 |
| zodiacdm -- aboutme-plugin | Multiple cross-site scripting (XSS) vulnerabilities in the AboutMe plugin 1.1.1 for Vanilla Forums allow remote attackers to inject arbitrary web script or HTML via the (1) AboutMe/RealName, (2) AboutMe/Name, (3) AboutMe/Quote, (4) AboutMe/Loc, (5) AboutMe/Emp, (6) AboutMe/JobTit, (7) AboutMe/HS, (8) AboutMe/Col, (9) AboutMe/Bio, (10) AboutMe/Inter, (11) AboutMe/Mus, (12) AboutMe/Gam, (13) AboutMe/Mov, (14) AboutMe/FTV, or (15) AboutMe/Bks parameter to the Edit My Details page. NOTE: some of these details are obtained from third party information. | 2013-05-23 | 4.3 | CVE-2012-6557 |
| apple -- itunes | Apple iTunes before 11.0.3 does not properly verify X.509 certificates, which allows man-in-the-middle attackers to spoof HTTPS servers via an arbitrary valid certificate. | 2013-05-20 | 2.9 | CVE-2013-1014 |
| openstack -- devstack | OpenStack devstack uses world-readable permissions for keystone.conf, which allows local users to obtain sensitive information such as the LDAP password and admin_token secret by reading the file. | 2013-05-21 | 2.1 | CVE-2013-1977 |
| openstack -- keystone | OpenStack Identity (Keystone) Grizzly 2013.1.1, when DEBUG mode logging is enabled, logs the (1) admin_token and (2) LDAP password in plaintext, which allows local users to obtain sensitive by reading the log file. | 2013-05-21 | 2.1 | CVE-2013-2006 |
| rsa -- authentication_agent | EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Windows use an improper encryption algorithm and a weak key for maintaining the stored data of the node secret for the SecurID Authentication API, which allows local users to obtain sensitive information via cryptographic attacks on this data. | 2013-05-22 | 2.1 | CVE-2013-0941 |
Subscribe to:
Posts (Atom)