vulnerabilities

TechRepublic Resources

• sort by:
• Relevance
• Date
• Popularity

Researcher launches Month of PHP Bugs

Fixing vulnerabilities in the PHP coreAccording to a security news Web site, applications written in PHP accounted for 43 percent of the total vulnerabilities reported in 2006. A new initiative called Month of PHP Bugs focuses on vulnerabilities in the PHP core, not on problems in the PHP language that...

Tags: PHP, Sonja Thompson, PHP Bugs

Discussion threads 2007-03-05

Microsoft patches 20 security flaws

When will Microsoft release Windows Vista SP1?Microsoft recently released fixes for 20 vulnerabilities. The critical flaws are in Windows, IE, Microsoft Office, and in Microsoft security tools, such as Windows Live OneCare and Windows Defender, which ships as part of Windows Vista. These bug fixes are currently available, but Microsoft...

Tags: SP1, Microsoft Windows Vista, Vista SP1, Sonja Thompson, windows, security, software, flaws, vulnerabilities, networking, news, windows vista, Microsoft Corp., Microsoft Windows

Discussion threads 2007-02-14

Another Word zero-day bug used in attacks

How does your organization combat Word vulnerabilities?A fourth yet-to-be-patched security vulnerability in Microsoft Word is actively being exploited in cyberattacks. The newest problem allows an attacker to hijack systems running Word 2000 and causes a crash of Word 2003 and Word XP. Symantec urges businesses to put policies in place...

Tags: antivirus, Microsoft Word, news, security, Sonja Thompson, Symantec Corp., virus, vulnerabilities, windows, zero-day bug

Discussion threads 2007-01-26

Lock it down: Use the OWASP Top Ten to secure your Web applications -- Part 1

Name your vulnerabilityWhat vulnerability on the OWASP Top Ten List, or your own list, do you designate as your organization's priority? Why?

Tags: application development, Mark W. Kaelin, OWASP Top, programming, secu, security, tom olzak, vulnerabilities, Web application, web applications

Discussion threads 2007-01-19

Google plugs Gmail data leak flaw

Gmail hole was a potential treasure trove for spammersGoogle recently fixed a security hole that affected several of its services. The hole could allow an attacker to create a malicious Web site that would copy all the entries in a Gmail user's address book. The only condition is that the...

Tags: Sonja Thompson, Google Inc., Google Gmail

Discussion threads 2007-01-03

Apple Mac OS X patch plugs 31 vulnerabilities

Repairing several vulnerabilities in one security updateApple Computer recently released a security update for Mac OS X to repair 31 vulnerabilities. Apple's Security Update 2006-007 includes fixes for a zero-day Wi-Fi hijack flaw and flaws in third

Tags: news, macintosh, flaws, vulnerabilities, security, Sonja Thompson, Apple Computer Inc., security update, Apple Mac OS, Apple Mac OS X, Apple Macintosh, Microsoft Windows, flaw, operating system

Discussion threads 2006-11-29

Are public vulnerability disclosures ethical?

Are public vulnerability disclosures ethical?article rootVulnerability disclosures are ethically necessary.You seem to have this inability to differentiate between "vulnerability" and "exploit". There is, indeed, a very important difference.Exploit proof-of-concept code should almost never be released immediately. Given a significant lag time, for the vendor to produce patches and...

Tags: apotheon, exploits, george ou, linux, microsoft, Microsoft Corp., off-topic, security, vulnerabilities, vulnerability

Discussion threads 2006-08-17

Flaw finders to software makers: It's payback time

Flaw finders to software makers: It's payback timearticle rootCompanies are urged to communicate about flawsSecurity researchers are putting pressure on software makers to tell them more about what they intend to do about the flaws the researchers report to them. If companies don't communicate better with flaw finders, they could...

Tags: flaw, software company, software, flaws, vulnerabilities, bugs, news, disclosure, Sonja Thompson, security, finder

Discussion threads 2006-08-17

X marks the spot: Hackers turn attention to Apple's OS

Do YOU consider Apple security?Most larger companies have at least a small cadre of Macintosh computers, often in one workgroup for special purposes.If that's the case in your shop, does IT pay attention to Apple security, or have you been lulled into a sense of complacency by the long quiet...

Tags: Apple Computer Inc., Apple Macintosh, Microsoft Windows, operating system, security, macintosh, vulnerabilities, os x, Tech Locksmith, Microsoft Corp., Apple OS

Discussion threads 2006-05-09

'Critical' megapatch sews up 10 holes in IE

Microsoft recently released a "critical" Internet Explorer update that fixes 10 vulnerabilities in the Web browser. One of these vulnerabilities is a high-profile "CreateTextRange" bug, which is already being used in cyberattacks by malicious Web sites that try to drop code, such as spyware, on vulnerable PCs.Have you megaprotected your...

Tags: megapatch, patch, Microsoft Corp., Microsoft Internet Explorer, microsoft, security, vulnerabilities, bugs, ie, patches, news, Sonja Thompson, Microsoft Windows, Microsoft Windows XP, computer

Discussion threads 2006-04-12

Unpatched Firefox flaw may expose users

Unpatched Firefox flaw may expose usersarticle rootUnpatched Firefox flaw may expose usersSecurity researcher Tom Ferris publicly disclosed a buffer overflow flaw that affects all versions of Firefox. According to Ferris, this vulnerability "allows for an attacker to remotely execute arbitrary code" on a vulnerable PC. Mozilla could not immediately comment...

Tags: browsers, firefox, flaw, flaws, Mozilla Firefox, NX, safe browser, security, Sonja Thompson, vulnerabilities, Web browser

Discussion threads 2005-09-09

Threat surfaces in Adobe's Acrobat and Reader

Acrobat threatsWhat do you think? Almost everyone has Acrobat reader and most businesses seem to use Acrobat to format documents - but do people pay enough attention to threats in these documents?Everyone knows about malware attacking Microsoft's various OS but a lot fewer seem to know about the macro threats...

Tags: acrobat, adobe, Adobe Acrobat, Adobe Systems Inc., security, Tech Locksmith, vulnerabilities

Discussion threads 2005-08-30

Zotob worm hits Windows users

If your organization uses Windows, you should have patched the critical vulnerabilities that were outlined in last week's security bulletins. According to Trend Micro, a new worm--called Zotob--exploits one of these vulnerabilities (MS05-039), and it can infect Windows 95, 98, ME, NE, 2000, and XP faster than previous computer worms.If...

Tags: Microsoft Corp., Microsoft Windows, relay, security, Sonja Thompson, virus, vulnerabilities, windows, workstation, worm, zotob, Zotob worm

Discussion threads 2005-08-15

PCs falling victim to Windows flaws

PCs falling victim to Windows flawsarticle rootPCs falling victim to Windows flawsMicrosoft recently released three "critical" security alerts. Hackers are already exploiting two of these serious security vulnerabilities, the JView Profiler and the Color Management flaws, which affect all current Windows and Windows Server operating systems. The third alert deals...

Tags: alerts, flaw, flaws, Microsoft Corp., Microsoft Windows, operating system, PC, security, Sonja Thompson, vulnerabilities, windows

Discussion threads 2005-07-13

'Highly critical' flaw reported for Netscape software

'Highly critical' flaw reported for Netscape softwarearticle root'Highly critical' flaw reported for Netscape softwareSecurity specialist Secunia says an unpatched flaw in some versions of the Netscape browser, including versions 6.2.3 and 7.2, contain a "highly critical" vulnerability. This flaw could allow a hacker to launch a buffer overflow attack, which...

Tags: flaw, flaws, Microsoft Internet Explorer, Mozilla Firefox, netscape, Netscape Communications Corp., Secunia, security, software, Sonja Thompson, vulnerabilities, Web browser

Discussion threads 2005-04-27

Additional Resources

Preemptively defend against threats to your network, throughout the enterprise

The IBM Internet Security Systems X-Force research and development team reports that the number of vulnerabilities susceptible to traditional and next-generation attacks has increased an average of 23 percent per year since the beginning of 2000. Vulnerabilities increased in 2006 by nearly 40 percent over the previous year, and the...

Tags: Network, Vulnerability, IBM Corp., Security

White papers 2007-04-01

Oracle to release mega-patch fixing 51 security holes on Tuesday

Oracle will release updates on Tuesday, October 16 that patch 51 security vulnerabilities across hundreds of products. The list of updates is as follows excerpt from The Register: Oracle Database is affected by 27 vulnerabilities. Five of these vulnerabilities may be remotely exploitable without authentication (may be...

Tags: Oracle Enterprise Manager, Oracle Application Server, Oracle Corp., Vulnerability, Authentication, Security, Paul Mah

Blog posts 2007-10-13

Vulnerabilities in Gmail, Picasa, and Google Search Appliance

Convergence on the Web a melting pot of vulnerabilities?Is the emerging convergence of services on the Web a melting point of vulnerabilities?RE: Vulnerabilities in Gmail, Picasa, and Google Search ApplianceSo what do i do to avoid getting attacked? Will avoiding picasa or not useing g-mail until a patch come...

Tags: E-mail providers, SECURITY, pr.arun@..., vulnerability, Google Search Appliance, search appliance, Google Picasa, Google Search, Google Gmail, Google Inc.

Discussion threads 2007-09-27

Multiple vulnerabilities reported for Solaris X Font Server

Sun has acknowledged some vulnerabilities in Sun Solaris, which can be exploited by malicious people to execute arbitrary code and compromise a vulnerable server. Excerpt from Sun's advisory: There exists multiple security vulnerabilities within the handlers for the QueryXBitmaps and QueryXExtents protocol requests for the X Font...

Tags: Sun Microsystems Inc., Vulnerability, Server, Sun Solaris, UNIX, Operating Systems, Security, Servers, Software, Hardware, Paul Mah

Blog posts 2007-10-11

Adobe Acrobat Standard Update (jsp)

Critical vulnerabilities have been identified in Adobe Acrobat 7.0.8 and earlier versions that could allow an attacker who successfully exploits these vulnerabilities to take control of the affected system. It is recommended that users update to the most current version of Adobe Acrobat available for their platform. Details of the...

Tags: Adobe Systems Inc., Adobe Acrobat, JSP, Security

Software downloads 2007-10-08