취약점 정보1 썸네일형 리스트형 Logjam - vulnerabilities in Diffie-Hellman key exchange affect browsers and servers using TLS There's a new vulnerability in town... "The new bug, dubbed LogJam, is a cousin of Freak. But it’s in the basic design of TLS itself, meaning all Web browsers, and some email servers, are vulnerable." [1] According to the article, "Internet-security experts crafted a fix for a previously undisclosed bug in security tools used by all modern Web browsers. But deploying the fix could break the Inte.. 더보기 아래한글 임의코드 실행 취약점 보안 업데이트 권고 개요한글과컴퓨터社의 한글 등 오피스 프로그램에서 임의 코드실행이 가능한 취약점이 발견됨 [1] - 공격자는 특수하게 조작한 웹페이지 방문 유도 또는 웹 게시물, 메일, 메신저의 링크 등을 통해 특수하게 조작된 문서를 열어보도록 유도하여 임의코드를 실행시킬 수 있음영향 받는 버전의 사용자는 악성코드 감염에 취약할 수 있으므로 해결방안에 따라 보안 업데이트를 권고함해당 시스템제품군세부제품영향 받는 버전한컴오피스 2014공통 요소9.1.0.2562 이전버전한글9.1.0.2421 이전버전한셀9.1.0.2427 이전버전한쇼9.1.0.2512 이전버전한컴오피스 2010공통 요소8.5.8.1521 이전버전한글8.5.8.1459 이전버전한셀8.5.8.1371 이전버전한쇼8.5.8.1515 이전버전한컴오피스 2007공통.. 더보기 CVE-2015-0935: PHP Object Injection in Bomgar Remote Support Portal Serialization is often used to convert objects into a string representation for communication or to save them for later use. However, deserialization in PHP has certain side-effects, which can be exploited by an attacker who is able to provide the data to be deserialized.This post will give you an insight on the deserialization of untrusted data vulnerability in the Bomgar Remote Support Portal .. 더보기 Automated Data Exfiltration With XXE During a recent penetration test GDS assessed an interesting RESTful web service that lead to the development of a tool for automating the process of exploiting an XXE (XML External Entity) processing vulnerability to exfiltrate data from the compromised system’s file system. In this post we will have a look at a sample web service that creates user accounts in order to demonstrate the usefulnes.. 더보기 The BACKRONYM MySQL Vulnerability Earlier this year, I - along with some members of our DevOps team - noticed some interesting behavior in libmysqlclient and the MySQL CLI: no matter how hard we tried (no matter how many MYSQL_OPT_SSL_* options we set) we could not make the clientenforce the use of SSL. If the server claimed not to support it, the client would happily communicate over plain old, unencrypted TCP!This means that M.. 더보기 10 TIPS FOR ASPIRING SECURITY PROFESSIONALS Nobody enters a new profession as an expert. The information security industry is so lucrative right now that schools are now implementing Information Security programs. As some of you may know, I am currently 22 years old and about to graduate college with a degree in Information Security. I will be the very first to say that after 4 years in a program tailored to security, I have learned nothi.. 더보기 Securing End-to-End Communications Systems AffectedNetworked systemsOverviewSecuring end-to-end communications plays an important role in protecting privacy and preventing some forms of man-in-the-middle (MITM) attacks. Recently, researchers described a MITM attack used to inject code, causing unsecured web browsers around the world to become unwitting participants in a distributed denial-of-service attack. That same code can be .. 더보기 Top 30 Targeted High Risk Vulnerabilities Systems AffectedSystems running unpatched software from Adobe, Microsoft, Oracle, or OpenSSL. OverviewCyber threat actors continue to exploit unpatched software to conduct attacks against critical infrastructure organizations. As many as 85 percent of targeted attacks are preventable [1](link is external).This Alert provides information on the 30 most commonly exploited vulnerabilities used in t.. 더보기 WordPress 긴급 보안 업데이트 개요Wordpress에서 취약점을 보완한 긴급 보안 패치를 공개댓글 입력란에 XSS 취약점이 발생할 수 있으며, 공격자가 작성한 댓글을 관리자가 열람할 경우 웹셀 업로드 및 관리자 계정 탈취 등이 가능 영향 받는 소프트웨어WordPress 4.2 이하 버전 해결 방안4.2.1 버전으로 업데이트 - Dashboard(알림판) -> Updates(업데이트) - Update Now(지금 업데이트) 클릭 [참고사이트] - https://wordpress.org/news/2015/04/wordpress-4-2-1/ 더보기 InFocus IN3128HD Projector Multiple Vulnerabilities 1. Advisory InformationTitle: InFocus IN3128HD Projector Multiple Vulnerabilities Advisory ID: CORE-2015-0008 Advisory URL: http://www.coresecurity.com/advisories/infocus-in3128hd-projector-multiple-vulnerabilities Date published: 2015-04-27 Date of last update: 2015-04-22 Vendors contacted: InFocus Release mode: User release2. Vulnerability InformationClass: Authentication Bypass Using an Alter.. 더보기 이전 1 ··· 20 21 22 23 24 25 26 ··· 62 다음