취약점 정보1 썸네일형 리스트형 IBM Server RAID Manager Browser Edition version 1.2 suffers from a remote blind SQL injection vulnerability. IBM Server RAID Manager Browser Edition version 1.2 suffers from a remote blind SQL injection vulnerability.# Exploit Title: IBM Server RAID Manager Browser Edition Blind SQL Injection Bypassing Authentication # Google Dork: None # Date: 22/04/2014 # Exploit Author: JoeV # Vendor Homepage: https://www.adaptec.com/ # Software Link: https://www.adaptec.com/en-us/speed/raid/storage_manager/smbe_win.. 더보기 Debian Security Advisory 2808-2 Debian Linux Security Advisory 2808-2 - A regression in the decoding of chroma-subsampled images in OpenJPEG was introduced by one of the patches for CVE-2013-6045. This update fixes the regression.-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2808-2 security@debian.org http://www.debian.org/.. 더보기 Firmware Update for Apple AirPort Devices Apple has released firmware update 7.7.3 for AirPort Extreme and AirPort Time Capsule base stations with 802.11ac. The update addresses the OpenSSL "Heartbleed" vulnerability where an attacker may obtain memory contents.US-CERT recommends that users and administrators review Apple Security Update HT6203 and apply the necessary update.For more details and recommended actions regarding the OpenSSL.. 더보기 Pwn the n00bs - Acunetix 0day A few weeks ago I have published an article about WINRAR 0DAY. That article revealed a new vulnerability that gave attackers, the ability to perform spoofing attack.Many people wrote to me about the problems of that kind of article (for example).So this time I’m goanna reveal a new 0DAY that will help security managers to protect their web sites against many vulnerability scans.A lot of sites ow.. 더보기 Apache Struts2 취약점 대책에 대해 (CVE-2014-0094) (S2-020) Apache Software Foundation에서 제공하는 Apache Struts는 Java 웹 응용 프로그램을 만들기위한 소프트웨어 프레임 워크입니다. Apache Struts 버전 2.0.0에서 2.3.16에는 ClassLoader를 조작 취약점이 존재 하여 2014 년 3 월에 대책 된 버전 2.3.16.1이 공개되었습니다. 이 취약점을 공격하는 코드가 공개되어 있다는 제보가있어, IPA로 재현 검증을 실시한 결과, 웹 응용 프로그램의 작동 권한 내에서 정보의 절취 나 특정 파일 작업 및 웹 응용 프로그램을 일시적으로 사용 불가능하게 할 수 있는지 확인했습니다. 또한 공격자가 조작 한 파일에 Java 코드가 포함되어있는 경우 임의의 코드가 실행될 수 있습니다.악용 될 가능성이 높기 때문에 시급히.. 더보기 Fun with Passphrases! As systems administrators and security folks, we've all had our fill of our users and customers using simple passwords. Most operating systems these days now enforce some level of password complexity by default, with options to "beef up" the password requirements for passwords.The prevailing wisdom today is to use passphrases - demonstrated nicely by our bud at xkcd - http://xkcd.com/936/So I ro.. 더보기 Be Careful what you Scan for! After some fun and games at one customer site in particular, I found that the SSL services on the earlier versions of the HP Proiliant Servers iLo ports (iL01 and iLO2) are not susceptible to heartbleed.However, their implementation of SSL is fragile enough that scanning them for the Heartbleed vulnerability will render them inoperable. This affects Proliants from G1 all the way up to G6, as wel.. 더보기 apple 취약점 Apple today released patches for OS X, iOS and Apple TV. The OS X patches apply for versions of OS X back to Lion (10.7.5). Vulnerabilities fixed by these patches can lead to remote code execution by visiting malicious web sites.For more details, see Apples security update page [1]. Links to the actual update details should become available shortly.[1] http://support.apple.com/kb/HT1222 더보기 2014-04-23 취약점 정리 Apache Struts CVE-2013-2135 OGNL Expression Injection Vulnerability 2014-04-22 http://www.securityfocus.com/bid/60345 Apache Struts 'includeParams' CVE-2013-2115 Incomplete Fix Security Bypass Vulnerability 2014-04-22 http://www.securityfocus.com/bid/60167 Apache Struts 'includeParams' CVE-2013-1966 Security Bypass Vulnerability 2014-04-22 http://www.securityfocus.com/bid/60166 Apache Struts CVE.. 더보기 아래한글 임의코드 실행 취약점 보안 업데이트 권고 개요한글과컴퓨터社에서 개발한 워드프로세서인 아래한글에서 임의 코드실행이 가능한 취약점이 발견됨 [1]공격자는 웹 게시물, 메일, 메신저의 링크 등을 통해 특수하게 조작된 한글문서(HWP)를 열어보도록 유도하여 임의코드를 실행시킬 수 있음영향 받는 버전의 사용자는 악성코드 감염에 취약할 수 있으므로 해결방안에 따라 보안업데이트 권고 해당 시스템영향 받는 소프트웨어([보안#19] 및 이전버전)한글과컴퓨터 오피스 공통 요소 : 9.0.0.1329 및 이전 버전한컴오피스 한/글 2014 : 9.0.0.1258 및 이전 버전한컴오피스 2010 공통요소 8.5.8.1471 및 이전 버전한/글 2010 8.5.8.1409 및 이전 버전한/셀 2010 8.5.8.1323 및 이전 버전한/쇼 2010 8.5.8.1466.. 더보기 이전 1 ··· 44 45 46 47 48 49 50 ··· 62 다음