There’s a reflected cross-site scripting vulnerability in a variety of Cisco security appliances that enables a remote, unauthenticated attacker to execute arbitrary code in the context of the user. The vulnerability affects the Cisco Email Security Appliance, the Cisco Web Security Appliance and the Content Security Management Appliance. Cisco has released updated software to fix[…]
Browsing Tag: vulnerabilities
A vulnerability in an emerging interactive television standard could open up number of smart TVs to untraceable drive-by attacks.
Several vulnerabilities have been patched in the Linux kernel that could have led to a denial of service or privilege escalation.
Noted researcher Dan Farmer published a paper on the depth and breadth of IPMI vulnerabilities in server Baseboard Management Controllers, and the news isn’t good.
There is a new, remotely exploitable vulnerability in OpenSSL that could enable an attacker to intercept and decrypt traffic between vulnerable clients and servers.
Open source cryptographic library GnuTLS recently patched a remote code execution and denial of service vulnerability.
The Heartbleed OpenSSL vulnerability can be exploited over wireless networks, according to a researcher who released PoC code for attacks against wireless authentication programs hostapd and wpa_supplicant.
UPDATE–Microsoft officials say they’re well aware of the Internet Explorer 8 zero day disclosed Wednesday by the Zero Day Initiative and have been working on a fix for it. However, there’s no stated timeline for releasing that patch. The vulnerability in IE 8 is a use-after-free bug in the way that the browser handles CMarkup[…]
Researchers have disclosed a new zero day vulnerability in Internet Explorer 8 that could enable an attacker to run arbitrary code on vulnerable machines via drive-by downloads or malicious attachments in email messages. The vulnerability was discovered and disclosed to Microsoft in October, but the company has yet to produce a patch, so HP’s Zero[…]
Exploit vendor VUPEN disclosed details on a Firefox vulnerability it brought to this year’s Pwn2Own contest. The bug was patched in March, one week after the contest.