NIST Site Search
Google
Web NIST.org
NIST.gov
Product Research

Advertise on this site
Headlines

»Malicious Email Campaign Circulating
»Microsoft Releases Advance Notification for September Security Bulletin
»Cisco Releases Updates for Wireless LAN Controller
»Mozilla Releases Firefox 3.6.9
»Apple Releases Safari 5.0.2 and 4.1.2
»Apple Releases iTunes 10
»Google Releases Chrome 6.0.472.53
»Insecure Loading of Dynamic Link Libraries in Windows Applications
»VMware Releases Updates for ESX Service Console Packages
»Cisco Releases Security Advisory for IOS XR Software Border Gateway Protocol

Date published: not known
Details

»T-434: Security update available for Shockwave Player
Security update available for Shockwave Player
»T-433: Security Advisory for Adobe Reader and Acrobat
Security Advisory for Adobe Reader and Acrobat
»T-432: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code
Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code
»T-431: Linux Kernel Null Pointer Dereference in irda_bind() May Let Local Users Gain Elevated Privileges
Linux Kernel Null Pointer Dereference in irda_bind() May Let Local Users Gain Elevated Privileges
»T-430: Apple QuickTime Flaw in QTPlugin.ocx ActiveX Control Lets Remote Users Execute Arbitrary Code
Apple QuickTime Flaw in QTPlugin.ocx ActiveX Control Lets Remote Users Execute Arbitrary Code
»T-429: WaspTime MS-SQL Database instance with blank password for sa account
WaspTime MS-SQL Database instance with blank password for sa account
»T-428: Vulnerability in Help and Support Center
Vulnerability in Help and Support Center
»T-427: VMWare WebAccess Vulnerability
VMWare WebAccess Vulnerability
»T-426: Microsoft Windows Shortcut 'LNK/PIF' Files Automatic File Execution Vulnerability
Microsoft Windows Shortcut 'LNK/PIF' Files Automatic File Execution Vulnerability
»T-425: Desktop Java running in web browsers
Desktop Java running in web browsers
»T-424: Windows TCP/IP Stack IcmpSendEcho2Ex() Bug Lets Local Users Deny Service
Windows TCP/IP Stack IcmpSendEcho2Ex() Bug Lets Local Users Deny Service
»T-423: Microsoft Security Advisory (2269637) - Insecure Library Loading Could Allow Remote Code Execution
Microsoft Security Advisory (2269637) - Insecure Library Loading Could Allow Remote Code Execution
»T-422: Adobe Flash Player and AIR (CVE-2010-2216) Unspecified Memory Corruption Vulnerability
Adobe Flash Player and AIR (CVE-2010-2216) Unspecified Memory Corruption Vulnerability
»T-421: Multiple CACTI Security Vulnerabilities
Multiple CACTI Security Vulnerabilities
»T-420: Microsoft Windows TCP/IP IPv6 Extension Header Remote Denial of Service Vulnerability
Microsoft Windows TCP/IP IPv6 Extension Header Remote Denial of Service Vulnerability

Date published: not known
Details

»September issue of VB published
The September issue of Virus Bulletin is now available for subscribers to download.
»ARF published as IETF standard
Abuse report format helps auto-handling of email complaints
»Microsoft releases new fix for DLL vulnerability
Earlier workaround believed to be too complex for most users.
»Malicious tweets link to fake TweetDeck update
Twitter resets passwords for accounts that appear to have been hacked.
»94% of Internet users befriend unknown 'good-looking woman'
Sensitiva data shared after two-hour chat.
»Investment boost for Quick Heal
Indian security firm gets hefty cash injection.
»41% of spam sent via Rustock botnet
Botnet spam back after short summer break.
»Avast gets $100m investment boost
Growth equity firm invests in Czech firm
»Computer chip giant buys AV giant
Intel becomes new owner of McAfee for the princely sum of $7.8bn

Date published: not known
Details

»SHould SMBs Invest In Cyber Risk Insurance?
Experts say the right cyber risk insurance policy could save even small enterprises from catastrophi ...
»NSS Labs To Open Marketplace For Buying And Selling Exploits
No zero-days on 'Exploit Hub'
»Fraud At Sprint Offers Lessons For Enterprises, Experts Say
Insider attacks leading to Sprint phone fraud might have been prevented with a few simple practices, ...
»Forensics Out Of Reach For Most Small To Midsize Organizations
Software-as-a-service, managed forensics services needed
»String Of Deals Shows Demand for Cloud-Based Authentication
Acquisitions highlight how authentication-as-a-service is now part of identity and access management ...
»Tech Insight: Retooling Vulnerability Scanning, Penetration Testing For IPv6
Traditional host discovery via network scanning won't work with IPv6, but alternative methods are av ...
»Five Ways To Stop Mass SQL Injection Attacks
The best practices for mitigating this popular form of attack often are not being deployed
»IPv6 Transition Poses New Security Threats
Next-generation IP protocol comes with more security as well as some potential flaws of its own ...
»Networked Scanners Offer A Window Into The Enterprise, Researcher Says
Emerging Web-based features make it possible to capture document contents remotely from networked sc ...

Date published: not known
Details
Newsfeeds
eEye Digital Security - Zero-Day Tracker
  • Excel Invalid Object

    A remote code execution vulnerability exists within Microsoft Excel which may allow for a remote attacker to execute arbitrary code under the context of the logged in user.

    click to view

  • Adobe PDF Buffer Overflow

    A vulnerability exists within Adobe Acrobat that allows an attacker to execute arbitrary code on a victims machine if they view a malicious PDF document.

    click to view

  • Creative Software AutoUpdate Engine ActiveX stack buffer overflow

    The Creative Software AutoUpdate Engine ActiveX control is a component that provides automatic update capabilities to Creative Labs software. This ActiveX control is provided by the file CTSUEng.ocx. The Create Software AutoUpdate Engine ActiveX control is marked Safe For Scripting and Safe For Initialization, which means that a web page in Internet Explorer has the ability to interact with the control. This ActiveX control contains a stack buffer overflow in the CacheFolder property. Exploit code for this vulnerability is publicly available.

    click to view

  • Internet Connection Sharing DoS

    A denial of service vulnerability exists within the Internet Connection Sharing service in Microsoft Windows XP.

    click to view

  • RPC Memory Exhaustion

    The three referenced exploits take advantage of an inherent problem in RPC, in which an attacker gets to supply the size of an output buffer, and RPC allocates the buffer and (more importantly) initializes it to zeroes, which causes the entire memory range to become committed.

    click to view
Copyright 2006 eEye Digital Security | Date published: Fri, 10 Sep 2010 03:21:00 PST
Back to newsfeed list
Translate to: French German Italian Spanish Portuguese GTM_LAN_DUTCH Russian Chinese Arabic Korean English
Latest NIST.org news and comments
Google Ads




NIST Site Menu
·Home

NIST Security Books
NIST IT Security Books

Training / Books

»Security Certifications -
» CISSP, SSCP, Security+, etc.

»Computer Forensics

»Ethical Hacking

»Malware, Spyware, Viruses

»FISMA Compliance, Policies, etc

»PKI, Encryption, Smartcards

»Windows Security Guides

»HIPAA, SOX, CISP, etc.

NIST.org Security Bookstore
Current Security News
 
SANS Internet Storm Center, InfoCON: green

» Infocon: green

» 'Here You Have' Email , (Thu, Sep 9th)
[09 Sep 2010 03:49pm]

» Opera 10.62 - security (the DLL path issue) and stability upate see http://www.opera.com/docs/changelogs/windows/1062/, (Thu, Sep 9th)
[09 Sep 2010 08:44am]

» Adobe Acrobat/Reader 0-day in Wild, Adobe Issues Advisory, (Wed, Sep 8th)
[08 Sep 2010 12:03pm]

» Mozilla Thunderbird updated to version 3.1.3 also, more here: http://www.mozillamessaging.com/en-US/thunderbird/3.1.3/releasenotes/, (Wed, Sep 8th)
[08 Sep 2010 11:46am]

» Patches issued for multiple vulnerabilities in Cisco Wireless LAN Contoller product family, more here: http://cisco.com/warp/public/707/cisco-sa-20100908-wlc.shtml, (Wed, Sep 8th)
[08 Sep 2010 09:59am]

» Mozilla's SeaMonkey version 2.0.7 released for Security Updates: http://www.seamonkey-project.org/releases/seamonkey2.0.7/, (Wed, Sep 8th)
[08 Sep 2010 09:59am]

» Firefox Releases Version 3.6.9 and 3.5.12 to fix Security Vulnerabilities: 3.6.9 is http://www.mozilla.com/en-US/firefox/3.6.9/releasenotes/ and 3.5.12 is http://www.mozilla.com/en-US/firefox/3.5.12/releasenotes/, (Wed, Sep 8th)
[08 Sep 2010 09:56am]

» SSH password authentication insight and analysis by DRG, (Tue, Sep 7th)
[07 Sep 2010 07:59am]

» US Department of Defense and National Policy, (Sun, Sep 5th)
[06 Sep 2010 08:16am]
***
CNET News.com

» Microsoft to fix 13 holes in Windows, IIS, and Office
[09 Sep 2010 02:15pm]

» Cheerleaders Gone Wild clickjacking tempts Facebook users
[09 Sep 2010 11:35am]

» Security firm: Zero-day Adobe exploit in the wild
[09 Sep 2010 09:10am]

» Microsoft legal punch may change botnet battles forever
[09 Sep 2010 05:00am]

» Adobe warns of zero-day hole in Reader, Acrobat
[08 Sep 2010 11:34am]

» Antivirus isn't dead--it's growing up
[08 Sep 2010 05:00am]

» Mozilla fixes Firefox holes, curtails clickjacking
[08 Sep 2010 04:00am]

» Norton's new Power Eraser goes free
[08 Sep 2010 01:09am]

» Study: Two-thirds of Web surfers fall prey to online crime
[08 Sep 2010 01:01am]

» Trend Micro bets on the cloud
[07 Sep 2010 09:00pm]

» Court allows warrantless cell location tracking
[07 Sep 2010 02:44pm]

» Facebook closes hole that let spammers auto-post to walls, friends
[07 Sep 2010 01:37pm]

» Apple's Ping dinged by spam
[03 Sep 2010 08:01am]

» U.N. exec: Cyberwar could be 'worse than tsunami'
[03 Sep 2010 07:28am]

» Facebook adds new remote log-out security feature
[02 Sep 2010 02:30pm]
***
Computerworld Security News

» 'Here you have' e-mail worm spreads quickly
[09 Sep 2010 03:55pm]

» NSF: Time for an Internet do-over
[09 Sep 2010 03:06pm]

» Hotel operator warns of data breach
[09 Sep 2010 02:42pm]

» Microsoft plans double-sized Patch Tuesday next week
[09 Sep 2010 02:01pm]

» Cloudmark DesktopOne Basic Stops Spam
[09 Sep 2010 12:13pm]

» Report: RBS WorldPay hacker gets four years' probation
[08 Sep 2010 04:30pm]

» More Security News
***


***


More IT Security
News Feeds
More Sponsors

Advertise on this site
NIST - Books You Need

NIST Bookstore
RSS Feeds
Our news can be syndicated by using these rss feeds.
rss1.0
rss2.0
rdf
Add to NetVibes
Add to Bloglines
Add to NewsGator
Add to Google
Add to My Yahoo
Add to My MSN
Add to Technorati
Add to Pluckit
Add to My AOL
Subscribe in FeedLounge
Add to ProtoPage
Symantec News
Welcome
Username:

Password:


Remember me

[ ]
[ ]
[ ]
Other News

NIST.org is in no way connected to the U.S. government site NIST.gov

This site is © John Herron, CISSP. All Rights Reserved.

Please visit daily to stay up to date on all your IT Security compliance issues.

http://www.nist.org -
Hosted by BlueHost. We've never had a better hosting company.