Softpedia
 

NEWS CATEGORIES:



NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
MEET THE EDITORS >>
TRENDING TODAY
Home > News > Tags > vulnerability

Stories about: vulnerability


More: next 50 >>

OpenStack Nova Vulnerability Fixed by Canonical

Canonical published in a security notice details about an OpenStack Nova vulnerability for its Ubuntu 13.04, Ubuntu 12.10, and Ubuntu 12.04 LTS operating systems.According to Canonical, Nova could be made to crash the system, if instances used a specially crafted image.It was discovered that Nova did not verify the s...

18 May 2013
16:32 GMT

Linux Kernel Vulnerability Fixed in Ubuntu 13.04

A vulnerability that has been discovered in the Linux kernel affecting the Ubuntu 13.04 (Raring Ringtail) operating system, has been announced by Canonical. According to Canonical, the system could have been made to run programs as an administrator. A flaw has been discovered in the Linux kernel's perf_events ...

16 May 2013
14:01 GMT

Deutsche Telecom Launches Tool for Identifying Security Holes in Apps and Websites

Deutsche Telekom has launched an interesting tool called Developer Garden Code Analyzer. The tool allows developers to quickly and accurately identify vulnerabilities in apps and websites, regardless of the programming language used to create them. “Data security plays an ever increasing role and is now one of...

14 May 2013
09:20 GMT

Cybercriminals Behind DOL Watering Hole Attack Target USAID Employees

Experts continue to investigate the recent US Department of Labor (DOL) watering hole attack that involved at least nine websites. Security researcher Eric Romang has found that the cybercriminals behind the campaign have also targeted employees of the US Agency for International Development (USAID). One of the nine...

14 May 2013
07:06 GMT

Canonical Fixes Telepathy-idle Exploit in Ubuntu 13.04

On May 10, in a security notice Canonical published details about a telepathy-idle vulnerability for its Ubuntu 13.04, Ubuntu 12.10, and Ubuntu 12.04 LTS operating systems.According to Canonical, telepathy-idle could have been made to expose sensitive information over the network.It was discovered that telepathy-idl...

11 May 2013
09:53 GMT

Canonical Fixes GPSd Exploit in Ubuntu 12.04

On May 8, in a security notice Canonical published details about a GPSd vulnerability for its Ubuntu 12.04 (Precise Pangolin) operating system. According to Canonical, GPSd could have been made to crash or possibly run programs if it received specially crafted input. GPSd was discovered to have incorrectly handled ...

10 May 2013
15:11 GMT

BBB, FBI Warn Users of Internet Explorer 8 Vulnerability

The Better Business Bureau (BBB) and the Federal Bureau of Investigation (FBI) are warning users about the recently uncovered Internet Explorer 8 vulnerability. Microsoft has released a “Fix It” to patch the critical security hole. “A vulnerability has been discovered in Microsoft's web browse...

10 May 2013
10:02 GMT

Adobe Warns of Critical Vulnerability in ColdFusion

A security advisory released by Adobe on Wednesday reveals that a critical vulnerability has been identified in ColdFusion. The flaw can be exploited by an unauthorized user to remotely retrieve files stored on a server. ColdFusion 10, 9.0.2, 9.0.1 and 9.0 and earlier versions for Windows, Macintosh and Linux are im...

9 May 2013
07:54 GMT

Canonical Plugs libxml2 Vulnerability in Ubuntu 13.04

On May 7, in a security notice Canonical published details about a libxml2 vulnerability for its Ubuntu 13.04 (Raring Ringtail) operating system. According to Canonical, libxml2 could be made to crash or run programs, if it opened a specially crafted file. It was discovered that the libxml2 library incorrectly hand...

8 May 2013
14:11 GMT

Old Internet Explorer Exploit Integrated into Cool Exploit Kit

Experts from Microsoft’s Malware Protection Center have found that the developers of the Cool exploit kit have integrated a new exploit into their creation.  The exploit kit is known for its abilities to push malware via Java, Adobe Reader, Flash Player, and Windows kernel-mode vulnerabilities. However, r...

8 May 2013
11:31 GMT

Nginx 1.4.1 and 1.5.0 Released to Fix Arbitrary Code Execution Vulnerability

Nginx 1.4.1 and 1.5.0 have been released to address a security hole that could have been exploited by an attacker to execute arbitrary code. Nginx 1.3.9 – 1.4.0 are impacted. “A stack-based buffer overflow might occur in a worker process while handling a specially crafted request, potentially resulting ...

8 May 2013
04:07 GMT

Google Fixes CSRF Vulnerability in Translator and Clickjacking Flaw in Gmail – Video

Security researcher Prakhar Prasad of Security Pulse has identified a couple of vulnerabilities in Google services. Both have been addressed by Google, so the expert published proof-of-concept videos for each of them. The first security hole was a cross-site reference forgery (CSRF) that affected Google Translate. ...

6 May 2013
15:01 GMT

Unpatched Building Management System Exposes Google’s Wharf 7 HQ to Hackers

Cylance security researchers Terry McCorkle and Billy Rios, who specialize in identifying vulnerabilities in industrial control systems (ICS), have discovered that the building management system from Google Australia’s Wharf 7 headquarters could have been compromised by hackers. The building control system is ...

6 May 2013
10:45 GMT

Critical Security Updates Released for IP.Board 3.2.x, 3.3.x and 3.4.x (Updated)

Invision Power Services has released critical security updates for IP.Board 3.2.x, 3.3.x, and 3.4.x after being notified of a vulnerability that could allow an unauthorized party to gain access to administrator accounts.  The details of the issue have not been disclosed to give the community time to apply the ...

6 May 2013
09:51 GMT

Experts Identify 9 Full Sandbox Bypass Exploits Affecting IBM Java

Researchers from Security Explorations have identified a total of nine ways to completely bypass the IBM Java sandbox. Of these nine exploits, five are new ones and four are old issues that haven’t been properly addressed. According to Adam Gowdiak, the founder and CEO of the Polish security firm, the five new...

6 May 2013
08:54 GMT

Adobe to Fix PDF Information Leakage Issue on May 14

A few days ago, researchers from security firm McAfee reported uncovering a PDF usage tracking issue in Adobe Reader. The flaw can be leveraged by an attacker to track when and where PDF documents are opened. Adobe says it’s aware of the issue, which it catalogues as being of “low severity.” &ldq...

3 May 2013
05:51 GMT

OAuth Vulnerabilities Allowed Hackers to Access Private Photos on Instagram – Video

Experts have often demonstrated that OAuth vulnerabilities can be exploited to cause some serious damage. The latest example comes from Nir Goldshlager, security researcher and founder of Break Security. The expert has identified two methods in which Instagram accounts can be hijacked by leveraging OAuth flaws. By e...

3 May 2013
04:15 GMT

CakePHP 1.2.12, 1.3.16, 2.2.8 and 2.3.4 Released to Prevent SQL Injections

The Cake Software Foundation has recently released versions 1.2.12, 1.3.16, 2.2.8 and 2.3.4 of CakePHP. Customers who use the web application framework’s PaginatorComponent without whitelisted sort fields are advised to update as soon as possible because cybercriminals can exploit a vulnerability to launch SQL ...

3 May 2013
03:39 GMT

86% of Websites Contained at Least One Serious Vulnerability in 2012

WhiteHat Security has published its 2013 Website Security Statistics Report. The study is based on vulnerability data collected from tens of thousands of websites belonging to over 650 organizations. It turns out that, last year, the average number of security holes plaguing a website decreased to 56. In the previou...

2 May 2013
10:09 GMT

Experts Identify Arbitrary Code Execution Flaw in IBM Notes

Researchers from n.runs have identified an arbitrary code execution vulnerability in IBM’s Notes (formerly Lotus Notes), the popular desktop client for social business. The 8.0.x, 8.5.x, 9.0 versions of the application are impacted. According to experts, because the Notes mail client accepts Java applet and Ja...

2 May 2013
09:00 GMT

Umbraco Releases Versions 4.11.8 and 6.0.5 to Fix Two Major Security Holes

A few days ago, the developers of the Umbraco content management system (CMS) platform advised users to take immediate action to prevent the exploitation of a serious vulnerability in the integration web services. On Wednesday, Umbraco sent out another alert, notifying users of two additional major vulnerabilities. ...

1 May 2013
05:57 GMT

Authentication Bypass Flaw in PayPal’s BillSafe Allowed Hackers to Hijack User Accounts

At the beginning of 2013, security researchers from Vulnerability Lab identified a critical authentication bypass flaw in BillSafe, the German provider of payment upon invoice owned by eBay. The vulnerability was reported to PayPal, which addressed it earlier this month. The vulnerability could have been leveraged by...

1 May 2013
02:36 GMT

Telephone Adapter Flaws Can Be Leveraged for Telecom Fraud

A new whitepaper published by software development company TransNexus reveals that a vulnerability in a widely utilized Analog Telephone Adapted (ATA) allows hackers to steal Session Initiation Protocol (SIP) credentials. Hundreds of thousands of SIP subscribers are believed to be affected. Experts say that the stol...

30 April 2013
10:48 GMT

Vulnerabilities in D-Link IP Cameras Can Be Used to Capture Video Streams

Experts from Core Security have identified several vulnerabilities in D-Link IP cameras that can be exploited by cybercriminals for various purposes. The list of vulnerabilities includes OS command injection, authentication flaws, information leakage, and the use of hard-coded credentials. These security holes can ...

30 April 2013
07:28 GMT

Australian Supermarket Chain Coles Launches Bug Bounty Program

Coles, the Australian supermarket chain, is the latest company to launch a bug bounty program in an effort to encourage security researchers to responsibly disclose the vulnerabilities they find in Coles websites or in the company’s applications. According to The Sydney Morning Herald, the retailer promises to...

29 April 2013
17:01 GMT

Expert Says Skype Accounts Can Be Easily Hacked via Skype Support (Updated)

A security researcher that uses the online moniker TibitXimer claims that Skype accounts can be easily hacked by social engineering the company’s support team. He came to this conclusion after his own account had been hijacked six times in a single day. TibitXimer says that accounts can be taken over by anyon...

29 April 2013
07:27 GMT

Experts Identify PDF Usage Tracking Issue in Adobe Reader

Researchers from security firm McAfee have identified an interesting issue that affects all versions of Adobe Reader. While the flaw can’t be leveraged to execute code, it can be successfully utilized to track when and where specially-crafted PDF documents are opened. “When a specific PDF JavaScript API ...

29 April 2013
05:20 GMT

Umbraco Developers Warn Users of Severe Vulnerability in Integration Web Services

The developers of Umbraco, the open-source content management system (CMS) platform, are notifying customers about a vulnerability in the integration web services of Umbraco. All Umbraco versions are said to be affected by the security hole. “During one of our regular security audits of the core, a severe secu...

29 April 2013
03:47 GMT

Apple Doesn’t Want to Fix Safari Bug That Can Be Exploited to Steal User Passwords

Security researchers from Rapid7 have identified a vulnerability in the Safari web browser that could be exploited by cybercriminals for a number of malicious tasks. However, Apple doesn’t plan on fixing the issue because the attack requires user interaction.  The flaw in question, a Universal cross-site ...

26 April 2013
10:53 GMT

Cybersecurity Tests Show US Navy’s Lead Vessel Is Vulnerable [Reuters]

Computer security experts of the US Navy have performed some penetration tests on the networks of USS Freedom, the Navy’s first littoral combat ship, to see just how vulnerable the warship’s systems are to cyberattacks. According to an unnamed Navy official cited by Reuters, some vulnerabilities have bee...

24 April 2013
05:55 GMT

Viber Flaw Allows Hackers to Bypass Android Smartphone Lock Screens – Video (Updated)

Experts from security firm Bkav have identified a vulnerability in Viber – the popular application that allows users to make calls, send text messages and photos for free. The security hole could be exploited to bypass the lock screen on Android smartphones and gain full access to the device. According to the ...

23 April 2013
09:26 GMT

Researchers Identify Reflection API Vulnerability in Java 7 Update 21

Less than a week has passed since Oracle released its April 2013 Critical Patch Update for Java and researchers have already identified a vulnerability affecting the latest version of the software. Polish firm Security Explorations has discovered a Reflection API issue – dubbed “Issue 61” – t...

22 April 2013
03:45 GMT

Secunia Country Report for Q1 2013: 15% of US Users Had an Unpatched OS

IT security solutions provider Secunia has released Country Reports for Germany, the UK, the US, Denmark, Finland, Norway and Sweden. The studies contain some interesting data on how much vulnerable software is installed on PCs in each country. For instance, in the US, 15.3% of users had an unpatched operating syste...

18 April 2013
16:11 GMT

Critical Vulnerabilities Found in 13 SOHO Routers, Many Can Be Exploited Remotely

Security researchers from Independent Security Evaluators (ISE) have analyzed 13 small office / home office (SOHO) routers and wireless access points to see just how vulnerable they are to cyberattacks. They’ve found that all of the 13 devices can be compromised by a local attacker. Even more worrying is the f...

18 April 2013
09:18 GMT

“Prepare Now” for the Death of Windows XP [Gartner]

Microsoft confirmed earlier this month that it would stick to the April 8, 2014 retirement date for Windows XP, but it appears that only a few users got the message. What’s worse, approximately 15 percent of midsize and large enterprises will still run Windows XP beyond this date, research firm Gartner warns, ...

18 April 2013
03:54 GMT

Reported and Fixed: Stored XSS Flaws in Facebook’s Chat, Check In and Messenger

Security researcher Nir Goldshlager, the CEO and founder of penetration testing company Break Security, has identified several persistent cross-site scripting (XSS) vulnerabilities in Facebook. The vulnerabilities have been confirmed and fixed by the social media company. The security issues plagued services such as...

18 April 2013
03:49 GMT

X.Org X Server Vulnerability Closed by Canonical

On April 17, Canonical published details, in a security notice, about an X.Org X server vulnerability for its Ubuntu 12.10, Ubuntu 12.04 LTS, Ubuntu 11.10, and Ubuntu 10.04 LTS operating systems. According to Canonical, the X server could be made to reveal keystrokes of other users. It was discovered that the X.Org...

17 April 2013
19:41 GMT

Expert Reports Several Web Vulnerabilities to Oracle, Some Patched with April CPU

Independent security researcher Abdelmorite Eljoaydi, aka Jigsaw, has reported several web vulnerabilities to Oracle over the past weeks. The company has addressed some of them with the recently released April 2013 Critical Patch Update, but some of them still remain unfixed. The expert has told Softpedia that he ha...

17 April 2013
10:11 GMT

Canonical Fixes Curl Vulnerability in All Supported Ubuntu OSes

On May 15, in a security notice Canonical published details about a curl vulnerability for its Ubuntu 12.10, Ubuntu 12.04 LTS, Ubuntu 11.10, Ubuntu 10.04 LTS, and Ubuntu 8.04 LTS operating systems. According to Canonical, applications using libcurl could be made to expose sensitive information over the network. It ...

16 April 2013
15:31 GMT

Oracle to Patch 42 Vulnerabilities with April Java SE CPU

Oracle is set to release its April 2013 Critical Patch Update for Java SE. According to the company, the new CPU will address a total of 42 security holes. Of the 42 issues, 39 can be remotely exploitable without the need for a username and a password. The CPU affects Java 7 Update 17 and earlier, Java 6 Update 43 ...

16 April 2013
05:25 GMT

Four Vulnerabilities Fixed by Google in Chrome OS 26

The stable channel of Google’s Chrome OS has been updated to 26.0.1410.57 for all devices. The latest variant addresses a total of four security issues, three of which have been catalogued as high-severity flaws. Two of the high-severity vulnerabilities – a use-after free in the O3D plugin, and an origin...

16 April 2013
03:56 GMT

HITB2013AMS: Flaws in Aircraft Systems Allow Hackers to Hijack Airplanes

Many of the presentations held here at this edition of the Hack in the Box conference in Amsterdam show that we live in a world where almost anything can be hacked. Spanish security researcher Hugo Teso, of n.runs AG in Germany, has shown that aircraft are no exception. The expert highlighted that when the software ...

11 April 2013
07:43 GMT

Ubuntu Users Beware, NVIDIA Driver Exploit Found

On April 10, Canonical published in a security notice details about an NVIDIA graphics drivers vulnerability for its Ubuntu 12.10 and Ubuntu 12.04 LTS operating systems. According to Canonical, NVIDIA graphics drivers could be made to run programs as an administrator. It was discovered that the NVIDIA graphics driv...

10 April 2013
10:25 GMT

Microsoft Fixes DOM XSS Vulnerability on Skype.com

Security expert Mirza Burhan Baig, of BlackBitz.net, has identified a DOM-based cross-site scripting (XSS) vulnerability on the official Skype website.  According to the expert, he reported the security hole to Microsoft in late December 2012. The company informed the researcher that the flaw had been fixed som...

6 April 2013
14:11 GMT

GitHub Moves “Pages” Sites to github.io to Prevent Phishing and CSRF Attacks

GitHub has announced that it’s moving GitHub Pages to a new domain, github.io, in an effort to prevent phishing and cross-site reference forgery (CSRF) attacks. “This is a security measure aimed at removing potential vectors for cross domain attacks targeting the main github.com session as well as vector...

6 April 2013
04:18 GMT

Windows 8 to Receive Updates on Patch Tuesday

Microsoft has announced the release of nine different bulletins on Patch Tuesday, two of which are designed to fix two critical vulnerabilities found in its software. The fixes supposed to be deployed by Windows 8 users concern Internet Explorer, as Microsoft’s in-house browser is affected by a security flaw t...

5 April 2013
19:41 GMT

Sophos Fixes Several Vulnerabilities in Its Web Appliance

Security solutions provider Sophos has addressed several vulnerabilities identified by SEC Consult Vulnerability Lab experts in Sophos Web Appliance. The updated version, 3.7.8.2, was made available to all customers on April 1. According to the advisory published by SEC Consult, the company has identified three vuln...

5 April 2013
14:21 GMT

Security Updates Released for cPanel & WHM 11.32, 11.34, and 11.36

cPanel has released security updates for all supported versions of cPanel & WHM to address a vulnerability that impacts the Roundcube webmail application.  The security hole could have been exploited by a local unauthenticated user to gain access to sensitive information from other accounts on the system. The...

5 April 2013
09:03 GMT

Linux Kernel (Oneiric Backport) Vulnerabilities Fixed in Ubuntu 10.04 LTS

Security vulnerabilities that have been discovered in the Linux kernel packages, this time affecting the Ubuntu 10.04 LTS (Lucid Lynx) operating system, have been announced by Canonical. According to Canonical, several security issues have been fixed in the kernel. For example, it has been discovered that in the Li...

4 April 2013
15:21 GMT

PostgreSQL 9.2.4, 9.1.9, 9.0.13 and 8.4.17 Released to Address Security Holes

The PostgreSQL Global Development Group has released PostgreSQL 9.2.4, 9.1.9, 9.0.13 and 8.4.17 to address a total of 5 security vulnerabilities. In addition, the latest updates contain fixes for several minor issues discovered over the past couple of months. The most important security hole, CVE-2013-1899, can be e...

4 April 2013
10:41 GMT


More: next 50 >>

WindowsGamesDriversMacLinuxScriptsMobileHandheldNews

SUBMIT PROGRAM   |   ADVERTISE   |   GET HELP   |   SEND US FEEDBACK   |   RSS FEEDS   |   UPDATE YOUR SOFTWARE   |   ROMANIAN FORUM