취약점 정보1 썸네일형 리스트형 SChannel Update and Experimental Vulnerability Scanner (MS14-066) Just a quick update on the SChannel problem (MS14-066, CVE-2014-6321). So far, there is still no public available exploit for the vulnerability, and details are still sparse. But apparently, there is some progress in developing a working exploit. For example, this tweet by Dave Aitel :Overall: Keep patching, but I hope your weekend will not be disrupted by a major new exploit being released.Eme.. 더보기 Shellshock–Related Attacks Continue, Targets SMTP Servers A new Shellshock attack targeting SMTP servers was discovered by Trend Micro. Attackers used email to deliver the exploit. If the exploit code is executed successfully on a vulnerable SMTP server, an IRC bot known as “JST Perl IrcBot” will be downloaded and executed. It will then delete itself after execution, most likely as a way to go under the radar and remain undetected.The diagram below ill.. 더보기 unsaved "recovery" documents saved to iCloud in OS X Yosemite With OSX 10.10 Yosemite, Apple has moved iCloud Drive, their Dropbox competitor, to the forefront. Other features include Continuity, the ability to seamlessly switch from editing a file on one’s Mac to an iOS device.Prior to 10.10, a change was made that abolishes the save/delete “What do you want to do with this file?” prompt when you’d quit a document-based application. Files in open windows .. 더보기 Microsoft security advisory: Vulnerability in SSL 3.0 could allow information disclosure: October 15, 2014 Microsoft has released a Microsoft security advisory about this issue for IT professionals. The security advisory contains additional security-related information. To view the security advisory, go to the following Microsoft website: https://technet.microsoft.com/security/advisory/3009008 To have us fix this problem for you, see the "Fix it for me" section.Fix it for meThe Fix it solution that's.. 더보기 Trivially evading virus scanning in Yahoo! Web Mail and various IDS and antivirus products. Because of different interpretations of standards in mail clients, IDS/IPS and antivirus products, it is possible to pass malware undetected to the end user. This is especially funny and dangerous if different interpretations happen inside a single product, like in Yahoo! Web Mail.What is this about?MIME describes the common transfer format for anything than trivial e-mails, that is e-mails whic.. 더보기 A Tale of Two Powerpoint Vulnerabilities It's been already a week after the announcement of the CVE-2014-4114 vulnerability, and the tally of the exploiters have only increased. There are even files where the metadata has remained the same, which clearly shows that they have been copied from the original as in the case of Mirtec and Cueisfry (a trojan linked to Japanese-related APT attacks). Authors behind these malware copied the Powe.. 더보기 PHP Bug allows Integer overflow in unserialize() PHP, Patch Released A Recent bug discovered in the PHP allows integer overflow in unserialize() PHPThe vulnerability discovered by Security Researcher Symeon Paraschoudis of htbridge allows integer overflow in unserialize() PHP (version 더보기 Incorrect implementation of NAT-PMP in multiple devices Many NAT-PMP devices are incorrectly configured, allowing them to field requests received on external network interfaces or map forwarding routes to addresses other than that of the requesting host, making them potentially vulnerable to information disclosure and malicious port mapping requests.DescriptionCWE-200: Information ExposureNAT-PMP is a port-mapping protocol in which a network address .. 더보기 Cisco Non-IOS 제품군 TCP 취약점 보안 업데이트 권고 CISCO社는 Non-IOS 제품에서 TCP 세션을 리셋(Reset)할 수 있는 취약점을 해결한 보안 업데이트를 발표[1]공격자가 특수하게 조작한 패킷을 전송할 경우 두 호스트간의 연결된 TCP세션을 끊을 수 있는 서비스 거부 공격 등을 발생시킬 수 있으므로 최신버전으로 업데이트 권고 해당 시스템영향을 받는 제품 - 참고사이트에 명시되어 있는 ‘Affected Products’을 통해 취약한 제품 확인 해결 방안취약점이 발생한 Cisco 장비의 운영자는, 해당되는 참고사이트에 명시되어 있는 “Software Versions and Fixes”와 “Obtaining Fixed Software”내용을 확인하여, 패치 적용 용어 정리Non-IOS : Cisco장비의 운영체제가 IOS가 아닌 다른 운영체제를 사.. 더보기 Cisco Ironport WSA Telnetd Remote Code Execution Vulnerability Vendor: Cisco Product web page: http://www.cisco.com Affected version: Cisco Ironport WSA - AsyncOS 8.0.5 for Web build 075 Date: 22/05/2014 Credits: Glafkos Charalambous CVE: CVE-2011-4862 CVSS Score: 7.6 Impact: Unauthenticated Remote Code Execution with elevated privileges Description: The Cisco Ironport WSA virtual appliances are vulnerable to an old FreeBSD telnetd encryption Key ID buffer .. 더보기 이전 1 ··· 28 29 30 31 32 33 34 ··· 62 다음