software vulnerability

TechRepublic Resources

• sort by:
• Relevance
• Date
• Popularity

Will paying researchers for reporting vulnerabilities really pay off?

3Com's TippingPoint recently announced its Zero Day Initiative ZDI, a program that pays researchers for reporting security vulnerabilities. What will this mean for computer security? Jonathan Yarden investigates the new program and weighs in on its potential impact. It never ceases to amaze me how few IT professionals—even those...

Tags: Jonathan Yarden, Tools & Techniques, Manufacturing, Zero-Day Initiative, software, software vulnerability, vulnerability, Internet Security Focus Newsletter, Researcher, 3Com Corp., Security, Management

Technical articles 2005-08-05

Additional Resources

Vulnerability Anti.dote - The End to Enterprises' Security Patch Management Headaches

Every malware attack, by definition, exploits a vulnerability. Finjan's Vulnerability Anti.dote identifies specific vulnerabilities and their variants, and using advanced behavior analysis proactively blocks any active content trying to exploit such a vulnerability. This means that you are protected against malware exploits, such as IFrame, even before software vendors have...

Tags: Vulnerability, Finjan Software Inc., Malware, Spyware, Adware & Malware, Cyberthreats, Security, Viruses And Worms

White papers 2005-02-01

Don't Get Hacked: Automated Remote Vulnerability Scanning

This white paper describes advantages of using Open Source Vulnerability Analysis tools to protect the Internet facing servers. While acknowledging that Vulnerability Analysis is only a part of the solution to securing the server, it is clear that a reliable ongoing vulnerability analysis is a step in the right direction.

Tags: Vulnerability, Internet, Productivity, Servers, Hardware

White papers 2007-08-01

Vulnerability Assessment: The Right Tools to Protect Your Critical Data

Vulnerability Assessment VA has become one of the hottest fields within the computer security market. VA tools are designed to detect and report on security holes within various software applications, allowing organizations to take corrective actions before a devastating attack occurs. Due to the reduction in "time to exploit" once...

Tags: Vulnerability Assessment, Tool, Vulnerability Assessment Tool, Security

White papers 2007-10-18

Vulnerability Management Is Critical to Managing Enterprise Risk

Vulnerability management is an emerging market that has captured the interest of enterprises concerned with mitigating and managing the threats within their networks. As the vulnerability management market space expands, comprehensive vulnerability management will bring together the assessment and scanning of vulnerabilities within and outside the network perimeter, the remediation...

Tags: Computer Associates International Inc., Vulnerability Management, Networking

White papers 2005-05-01

Automated Vulnerability Detection System

Vulnerability assessments have been recently identified, by independent market research, as one of the most sought after managed security outsourcing services. As with the outsourcing of any business function, the final decision is based on whether or not a trusted partner can do the job more efficiently, cheaper, and perhaps...

Tags: Vulnerability Assessment, Outsourcing, Security, It Operations, Business Operations, Outsourcing & Subcontracting

White papers 2006-08-16

Cisco Security Advisory: Denial of Service Vulnerability in Cisco Wide Area Application Services (WAAS) Software

The Cisco Wide Area Application Services WAAS software contains a Denial of Service DoS vulnerability that may cause some devices that run WAAS software (WAE appliance and NM-WAE 502 module) to stop processing all types of traffic, including data traffic and management traffic. This condition may occur if a device...

Tags: Software, Denial Of Service, Vulnerability, Cisco Systems Inc., Security

White papers 2007-07-18

SecureCentral ScanFi (zip)

ScanFi is a Web-based vulnerability assessment scanner for detecting and assessing network vulnerabilities across heterogeneous networks. ScanFi discovers, scans, reports, and supports vulnerability remediation. It features both scheduled and on-demand vulnerability scanning capabilities, based on comprehensive vulnerability database collated from multiple sources and vendors that is constantly kept up-to-date.

Tags: Network, Vulnerability, On-demand, Vulnerability Assessment, AdventNet Inc., ScanFi, Scanners, Security, Hardware, Peripherals

Software downloads 2005-08-04

Critical flaw in RealPlayer and Flash, warns US-CERT

US-CERT has issued a warning concerning an unpatched vulnerability in RealPlayer and a flaw affecting Flash files. An excerpt from Register: A flaw in RealPlayer 11 build 6.0.14.748 might be used to inject hostile code onto Windows boxes running the software, security notification firm Secunia warns....

Tags: Vulnerability, RealNetworks RealPlayer, Flaw, US-CERT, Digital Music, Digital Media, Security, Personal Technology, Consumer Electronics, Arun Radhakrishnan

Blog posts 2008-01-04

IOS Stack Group Bidding Protocol Crafted Packet DoS

The Cisco IOS Stack Group Bidding Protocol SGBP feature in certain versions of Cisco IOS software is vulnerable to a remotely-exploitable denial of service condition. Devices that do not support or have not enabled the SGBP protocol are not affected by this vulnerability. Cisco has made free software available to...

Tags: Cisco IOS, DOS, Vulnerability, Cisco Systems Inc.

White papers 2006-01-18

Cisco Security Advisory: Crafted TCP Packet Can Cause Denial of Service

The Cisco IOS Transmission Control Protocol TCP listener in certain versions of Cisco IOS software is vulnerable to a remotely-exploitable memory leak that may lead to a denial of service condition. This vulnerability only applies to traffic destined to the Cisco IOS device. Traffic transiting the Cisco IOS device will...

Tags: Denial Of Service, Security, Cisco IOS, TCP, Cisco Systems Inc.

White papers 2007-02-02

Why there's no such thing as a zero day vulnerability

Thanks ChadI have seen on this board and other, someone calling every vulnerability "zero-day". What is worse is when the Media begins to report every new vulnerability as zero day further diluting the term. Overall, if the term had some usefulness it has long since passed. Excellent...

Tags: faradhi

Discussion threads 2007-10-06

Cisco Security Advisory: IOS Stack Group Bidding Protocol Crafted Packet DoS

The Cisco IOS Stack Group Bidding Protocol SGBP feature in certain versions of Cisco IOS software is vulnerable to a remotely-exploitable denial of service condition. Devices that do not support or have not enabled the SGBP protocol are not affected by this vulnerability. Cisco has made free software available to...

Tags: Security, Cisco IOS, DOS, Vulnerability, Cisco Systems Inc.

White papers 2006-01-18

Vulnerability counting revisited: a hypothetical example

Vulnerability counting is, in many cases, worse than useless as a means of quantifying the security of the software. I've made this point before, but this article tries a different approach to making it: demonstration by hypothetical example. by Chad Perrin

Tags: Developer, Vulnerability, FooOS, BarOS, Security, Chad Perrin

Blog posts 2008-06-19

Microsoft Data Access Components: Security Hotfix for Q329414 (exe)

One of the components of RDS that was delivered in MDAC 2.1, 2.5 and 2.6 contains an unchecked buffer. This patch eliminates the security vulnerability. MDAC 2.7 does not contain this vulnerability. The vulnerability does not affect Windows XP. This version is the first release on CNET Download.com.

Tags: Security, Microsoft Corp., Microsoft Data Access Components, Databases, Enterprise Software, Software, Data Management

Software downloads 2007-09-07

MSDN Webcast: Testing Methodologies for Automated Web Application Vulnerability Scanners (Level 200)

There is more to conducting an automated Web application vulnerability assessment than "point and shoot". Automated Web application vulnerability scanners are not as automated as their vendors would lead us to believe. This webcast will examine various strategies to get the most out of a vulnerability assessment tool. The topics...

Tags: Microsoft Developer Network, Webcast, Vulnerability, Web Application, Vulnerability Assessment, Scanners, Security, Hardware, Peripherals

Webcasts

TechNet Webcast: Microsoft Security Intelligence Report: Software Vulnerability Disclosure Trends (Level 200)

This webcast provides an in-depth view of the recent trends that Microsoft has seen in software vulnerability disclosures. If computer security is an area of interest, one will not want to miss this session, as it will quickly bring up to speed on the threats facing individuals and organizations that...

Tags: Software, Webcast, Microsoft Corp., Microsoft TechNet, Tools & Techniques, Digital Media, Security, Management, Consumer Electronics, Personal Technology

Webcasts 2007-11-06

TikiWiki vulnerability reported

A "highly critical" vulnerability has been reported in the popular TikiWiki software. It can be exploited by malicious parties to compromise vulnerable systems. Excerpt from Secunia: Input passed via the "f" parameter to tiki-graph_formula.php is not properly verified before being used to execute PHP functions. This can...

Tags: Vulnerability, PHP, Scripting Languages, Security, Software/Web Development, Web Development, Paul Mah

Blog posts 2007-10-12

Serious zero-day vulnerability threatens RealPlayer users

Are you affected by this vulnerability?

Tags: SECURITY, paulmah@..., vulnerability, RealNetworks RealPlayer

Discussion threads 2007-10-20

iDefence offers $8000 - $12000 rewards

VeriSign’s security company iDefence is offering rewards of $8000 - $12000 for the exposure of remotely exploitable vulnerabilities in Microsofts Windows Vista and Internet Explorer 7. This Quarter 1 challenge offers $8000 to any vulnerability submitted which can allow execution of arbitrary code via remote exploitation, $4000...

Tags: Exploit, iDefence, Security, Vulnerability

Blog posts 2007-01-15