취약점 정보1 썸네일형 리스트형 Adobe Releases Security Updates for Flash Player, ColdFusion, and Flex Adobe has released three security updates to address multiple vulnerabilities in Flash Player, ColdFusion, and Flex. Exploitation of these vulnerabilities could potentially allow an attacker to take control of the affected system, or lead to a reflected cross-site scripting attack.Users and administrators are encouraged to review Adobe Security Bulletins APSB15-06(link is external), APSB15-07(li.. 더보기 Looking for security trouble spots in Go code Different languages have certain areas where mistakes are commonly made, and which code auditors focus on. With C, you might grep for strcpy and memcpy. With ruby, you might look for regex that use ^ and $ instead of \A and \z. The use of those functions or idioms are not always vulnerabilities, but are good places to check first. I decided to look for such trouble spots for Go (golang). I did n.. 더보기 Cisco Desktop Cache Cleaner Remote Execution Vulnerability Cisco Desktop Cache Cleaner Remote Execution Vulnerabilityhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150415-csd 더보기 Oracle Critical Patch Update Oracle Critical Patch Update http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html 더보기 Mitigating Remote Code Execution in "HTTP.sys" (CVE-2015-1635) A critical Windows vulnerability in its HTTP stack ("HTTP.sys"), which was resolved in a recent Microsoft's Patch Tuesday release, could allow remote attackers to execute code on an IIS server with the privileges of the System account. A Proof-of-Concept code to check the existence of this vulnerability was soon to follow. Remote attackers could exploit the way "HTTP.sys" parses requests with a .. 더보기 A Tale of Two Exploits A Tale of Two ExploitsPosted by Natalie Silvanovich, Collision Investigator and (Object) Field Examiner CVE-2015-0336 is a type confusion vulnerability in the AS2 NetConnection class. I reported this issue in January and soon wrote a proof-of-concept exploit for the bug. The issue was patched by Adobe in March and less than a week later, in what was likely a case of bug collision, it was found i.. 더보기 Analysis of Adobe Flash Player shared ByteArray Use-After-Free Vulnerability IntroductionIn February, just a few days after CVE-2015-0311 was found being exploited in the wild, a new Adobe Flash Player vulnerability popped up.Trend Micro and SpiderLabs have already published their analysis of the bug, but I thought it would be worth providing my own analysis, which I carried out in order to create a reliable exploit from scratch for our productsCore Impact Pro and Core I.. 더보기 How to bypass Google’s Santa LOCKDOWN mode Santa is a binary whitelisting/blacklisting system made by Google’s Macintosh Operations Team. While I refer to it as Google’s Santa it is not an official Google product. It is based on a kernel extension and userland components to control the execution of binaries in OS X systems. It features two interesting modes of execution, monitor and lockdown. The monitor mode is a blacklisting system, wh.. 더보기 HP Support Solutions Framework RCE After discovering the flaw in Dell's System Detect software I looked into other similar software for issues. This post details two issues I found with the HP Product Detection software and explores the protections HP put in place. I'm also going to explain how they could be easily bypassed to allow an attacker to force files to be downloaded, read arbitrary data, registry keys and system informa.. 더보기 Microsoft Patch Tuesday - April 2015 Overview of the April 2015 Microsoft patches and their status.#AffectedContra Indications - KBKnown ExploitsMicrosoft rating(**)ISC rating(*)clientsserversMS15-032Cumulative Security Update for Internet Explorer (ReplacesMS15-018 )CVE-2015-1652, CVE-2015-1657, CVE-2015-1659, CVE-2015-1660, CVE-2015-1661, CVE-2015-1662, CVE-2015-1665, CVE-2015-1666, CVE-2015-1667, CVE-2015-1668KB 3038314NoSeverit.. 더보기 이전 1 ··· 23 24 25 26 27 28 29 ··· 62 다음