MCAFEE FOUNDSTONE FSL UPDATE
|
|
- Chrystal Hawkins
- 8 years ago
- Views:
Transcription
1 2015-SEP-03 FSL version MCAFEE FOUNDSTONE FSL UPDATE To better protect your environment McAfee has created this FSL check update for the Foundstone Product Suite. The following is a detailed summary of the new and updated checks included with this release. NEW CHECKS Oracle Enterprise Linux ELSA Update Is Not Installed Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and Hotfixes CVE: CVE , CVE ELSA OEL6 firefox el6_7 i386 firefox el6_7 OEL5 firefox el5_11 i386 firefox el5_11 OEL7 firefox el7_ Debian Linux 7.0, 8.0 DSA Update Is Not Installed Category: SSH Module -> NonIntrusive -> Debian Patches and Hotfixes CVE: CVE , CVE
2 DSA Debian 8.0 all iceweasel_38.2.1esr-1~deb8u1 Debian 7.0 all iceweasel_38.2.1esr-1~deb7u Red Hat Enterprise Linux RHSA Update Is Not Installed Category: SSH Module -> NonIntrusive -> Red Hat Enterprise Linux Patches and Hotfixes CVE: CVE , CVE RHSA RHEL5S firefox-debuginfo el5_11 firefox el5_11 i386 firefox-debuginfo el5_11 firefox el5_11 RHEL5D firefox-debuginfo el5_11 firefox el5_11 i386 firefox-debuginfo el5_11 firefox el5_11 RHEL6S firefox-debuginfo el6_7 firefox el6_7 i386 firefox-debuginfo el6_7
3 firefox el6_7 RHEL7D firefox el7_1 firefox-debuginfo el7_1 RHEL6D firefox-debuginfo el6_7 firefox el6_7 i386 firefox-debuginfo el6_7 firefox el6_7 RHEL7S firefox el7_1 firefox-debuginfo el7_1 RHEL6WS firefox-debuginfo el6_7 firefox el6_7 i386 firefox-debuginfo el6_7 firefox el6_7 RHEL7WS firefox el7_1 firefox-debuginfo el7_ SuSE Linux 13.1 opensuse-su-2015: Update Is Not Installed Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes CVE: CVE , CVE , CVE , CVE , CVE , CVE , CVE , CVE , CVE , CVE , CVE , CVE , CVE , CVE , CVE , CVE opensuse-su-2015: SuSE Linux 13.1 MozillaThunderbird-debugsource MozillaThunderbird-translations-other MozillaThunderbird-devel
4 MozillaThunderbird-buildsymbols MozillaThunderbird MozillaThunderbird-translations-common MozillaThunderbird-debuginfo i586 MozillaThunderbird-debugsource MozillaThunderbird-translations-other MozillaThunderbird-devel MozillaThunderbird-buildsymbols MozillaThunderbird MozillaThunderbird-translations-common MozillaThunderbird-debuginfo SuSE Linux 13.2 opensuse-su-2015: Update Is Not Installed Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes CVE: CVE , CVE , CVE , CVE , CVE , CVE , CVE , CVE , CVE , CVE , CVE , CVE , CVE , CVE , CVE , CVE opensuse-su-2015: SuSE Linux 13.2 MozillaThunderbird-devel MozillaThunderbird-buildsymbols MozillaThunderbird-debugsource MozillaThunderbird-translations-common MozillaThunderbird MozillaThunderbird-translations-other MozillaThunderbird-debuginfo i586 MozillaThunderbird-devel MozillaThunderbird-buildsymbols MozillaThunderbird-debugsource MozillaThunderbird-translations-common MozillaThunderbird MozillaThunderbird-translations-other MozillaThunderbird-debuginfo FreeBSD mozilla Multiple Vulnerabilities (237a201c-888b-487f-84d3-7d d6) Category: SSH Module -> NonIntrusive -> FreeBSD Patches and Hotfixes CVE: CVE , CVE
5 mozilla -- multiple vulnerabilities (237a201c-888b-487f-84d3-7d d6) Affected packages: firefox < ,1 linux-firefox < ,1 firefox-esr < , Ubuntu Linux 12.04, 14.04, USN Update Is Not Installed Category: SSH Module -> NonIntrusive -> Ubuntu Patches and Hotfixes CVE: CVE , CVE USN Ubuntu firefox_ build1-0ubuntu Ubuntu firefox_ build1-0ubuntu Ubuntu firefox_ build1-0ubuntu Fedora Linux 21 FEDORA Update Is Not Installed CVE: CVE , CVE , CVE FEDORA
6 Fedora Core 21 openssh-6.6.1p1-16.fc (HT205046) Apple QuickTime Multiple Vulnerabilities Prior To Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS) CVE: CVE , CVE , CVE , CVE , CVE , CVE , CVE , CVE , CVE Multiple vulnerabilities are present in some versions of Apple QuickTime. Apple QuickTime is a media player. Multiple vulnerabilities are present in some versions of Apple QuickTime. The flaws occur due to multiple memory corruption issues. Successful exploitation could allow an attacker to cause application crash or execute arbitrary code (SA-CORE ) Drupal Core Multiple Vulnerabilities Category: General Vulnerability Assessment -> NonIntrusive -> Web Server CVE: CVE , CVE , CVE , CVE , CVE Multiple vulnerabilities are present in some versions of Drupal. Drupal is a popular open source content management system. Multiple vulnerabilities are present in some versions of Drupal. The flaws lie in multiple components. Successful exploitation by a remote attacker may bypass security measure or execute remote code VideoLAN VLC Media Player 3GP File Arbitrary Pointer Dereference Vulnerability Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS) CVE: CVE An arbitrary pointer dereference vulnerability is present in some versions of VideoLAN VLC Media Player. VideoLAN VLC Media Player is a popular open source media player.
7 An arbitrary pointer dereference vulnerability is present in some versions of VideoLAN VLC Media Player. The flaw lies in libmp4.c. Successful exploitation could allow an attacker to cause denial of service or execute arbitrary code Oracle Enterprise Linux ELSA Update Is Not Installed Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and Hotfixes CVE: CVE ELSA OEL6 jakarta-taglibs-standard el6_7 jakarta-taglibs-standard-javadoc el6_7 i386 jakarta-taglibs-standard el6_7 jakarta-taglibs-standard-javadoc el6_7 OEL7 jakarta-taglibs-standard-javadoc el7_1 jakarta-taglibs-standard el7_ Debian Linux 7.0, 8.0 DSA Update Is Not Installed Category: SSH Module -> NonIntrusive -> Debian Patches and Hotfixes CVE: CVE , CVE , CVE , CVE , CVE DSA Debian 8.0 all drupal7_ deb8u5 Debian 7.0 all
8 drupal7_ deb7u Red Hat Enterprise Linux RHSA Update Is Not Installed Category: SSH Module -> NonIntrusive -> Red Hat Enterprise Linux Patches and Hotfixes CVE: CVE RHSA RHEL7WS noarch jakarta-taglibs-standard-javadoc el7_1 jakarta-taglibs-standard el7_1 RHEL7D noarch jakarta-taglibs-standard-javadoc el7_1 jakarta-taglibs-standard el7_1 RHEL6D noarch jakarta-taglibs-standard el6_7 jakarta-taglibs-standard-javadoc el6_7 RHEL6S noarch jakarta-taglibs-standard el6_7 jakarta-taglibs-standard-javadoc el6_7 RHEL7S noarch jakarta-taglibs-standard-javadoc el7_1 jakarta-taglibs-standard el7_ SuSE SLES 12, SLED 12 SUSE-SU-2015: Update Is Not Installed Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes CVE: CVE SUSE-SU-2015:1445-1
9 SuSE SLED 12 busybox SuSE SLES 12 busybox Ubuntu Linux USN Update Is Not Installed Category: SSH Module -> NonIntrusive -> Ubuntu Patches and Hotfixes CVE: CVE USN Ubuntu cups-filters-ippusbxd_ ubuntu Ubuntu Linux 12.04, 14.04, USN Update Is Not Installed Category: SSH Module -> NonIntrusive -> Ubuntu Patches and Hotfixes CVE: CVE , CVE , CVE , CVE , CVE USN Ubuntu qemu-system-misc_2.0.0+dfsg-2ubuntu1.17 qemu-system-aarch64_2.0.0+dfsg-2ubuntu1.17 qemu-system-sparc_2.0.0+dfsg-2ubuntu1.17 qemu-system-arm_2.0.0+dfsg-2ubuntu1.17 qemu-system_2.0.0+dfsg-2ubuntu1.17 qemu-system-mips_2.0.0+dfsg-2ubuntu1.17 qemu-system-x86_2.0.0+dfsg-2ubuntu1.17
10 qemu-system-ppc_2.0.0+dfsg-2ubuntu1.17 Ubuntu qemu-system-mips_2.2+dfsg-5expubuntu9.4 qemu-system-arm_2.2+dfsg-5expubuntu9.4 qemu-system-x86_2.2+dfsg-5expubuntu9.4 qemu-system-misc_2.2+dfsg-5expubuntu9.4 qemu-system_2.2+dfsg-5expubuntu9.4 qemu-system-aarch64_2.2+dfsg-5expubuntu9.4 qemu-system-ppc_2.2+dfsg-5expubuntu9.4 qemu-system-sparc_2.2+dfsg-5expubuntu9.4 Ubuntu qemu-kvm_1.0+noroms-0ubuntu Fedora Linux 23 FEDORA Update Is Not Installed CVE: CVE , CVE , CVE , CVE , CVE , CVE , CVE , CVE , CVE , CVE , CVE , CVE FEDORA Fedora Core 23 mediawiki fc Fedora Linux 23 FEDORA Update Is Not Installed CVE: CVE , CVE FEDORA Fedora Core 23
11 xen fc Fedora Linux 21 FEDORA Update Is Not Installed CVE: CVE , CVE , CVE , CVE , CVE FEDORA Fedora Core 21 qemu fc Fedora Linux 23 FEDORA Update Is Not Installed CVE: CVE , CVE , CVE , CVE , CVE FEDORA Fedora Core 23 drupal fc Slackware Linux 13.37, 14.0, 14.1 SSA: Update Is Not Installed Category: SSH Module -> NonIntrusive -> Slackware Patches and Hotfixes CVE: CVE SSA:
12 Slackware 14.1 gdk-pixbuf Slackware gdk-pixbuf Slackware 14.0 gdk-pixbuf Oracle Enterprise Linux ELSA Update Is Not Installed Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and Hotfixes CVE: CVE ELSA OEL6 gdk-pixbuf el6_7 gdk-pixbuf2-devel el6_7 i386 gdk-pixbuf el6_7 gdk-pixbuf2-devel el6_7 OEL7 gdk-pixbuf el7_1 gdk-pixbuf2-devel el7_ Red Hat Enterprise Linux RHSA Update Is Not Installed Category: SSH Module -> NonIntrusive -> Red Hat Enterprise Linux Patches and Hotfixes CVE: CVE
13 RHSA RHEL7WS gdk-pixbuf2-debuginfo el7_1 gdk-pixbuf el7_1 gdk-pixbuf2-devel el7_1 RHEL7D gdk-pixbuf2-debuginfo el7_1 gdk-pixbuf el7_1 gdk-pixbuf2-devel el7_1 RHEL6D gdk-pixbuf2-debuginfo el6_7 gdk-pixbuf el6_7 gdk-pixbuf2-devel el6_7 i386 gdk-pixbuf2-debuginfo el6_7 gdk-pixbuf el6_7 gdk-pixbuf2-devel el6_7 RHEL6S gdk-pixbuf2-debuginfo el6_7 gdk-pixbuf el6_7 gdk-pixbuf2-devel el6_7 i386 gdk-pixbuf2-debuginfo el6_7 gdk-pixbuf el6_7 gdk-pixbuf2-devel el6_7 RHEL7S gdk-pixbuf2-debuginfo el7_1 gdk-pixbuf el7_1 gdk-pixbuf2-devel el7_1 RHEL6WS gdk-pixbuf2-debuginfo el6_7 gdk-pixbuf el6_7 gdk-pixbuf2-devel el6_7 i386 gdk-pixbuf2-debuginfo el6_7 gdk-pixbuf el6_7 gdk-pixbuf2-devel el6_7
14 FreeBSD ffmpeg Use After Free (da434a78-e342-4d9a-87e2-7497e5f117ba) Category: SSH Module -> NonIntrusive -> FreeBSD Patches and Hotfixes CVE: CVE ffmpeg -- use after free (da434a78-e342-4d9a-87e2-7497e5f117ba) Affected packages: 11.0 <= libav < 11.4 libav < 10.7 gstreamer1-libav < ,1 <= ffmpeg < , ,1 <= ffmpeg < 2.1.7,1 ffmpeg < 2.0.7,1 ffmpeg25 < ffmpeg24 < ffmpeg23 < ffmpeg1 < FreeBSD ffmpeg Out-of-bounds Array Access (80c66af0-d1c5-449e-bd31-63b12525ff88) Category: SSH Module -> NonIntrusive -> FreeBSD Patches and Hotfixes CVE: CVE ffmpeg -- out-of-bounds array access (80c66af0-d1c5-449e-bd31-63b12525ff88) Affected packages: 11.0 <= libav < 11.4 libav < 10.7 gstreamer1-libav < ,1 <= ffmpeg < ,1 ffmpeg < 2.0.7,1 ffmpeg26 < ffmpeg25 < ffmpeg24 < kodi < 15.1 mplayer < 1.1.r mencoder < 1.1.r
15 FreeBSD ghostscript Denial Of Service (crash) via crafted Postscript files (fc1f6658-4f53-11e5-934b bf5) Category: SSH Module -> NonIntrusive -> FreeBSD Patches and Hotfixes CVE: CVE ghostscript -- denial of service (crash) via crafted Postscript files (fc1f6658-4f53-11e5-934b bf5) Affected packages: ghostscript7 < 7.07_32 ghostscript7-nox11 < 7.07_32 ghostscript7-base < 7.07_32 ghostscript7-x11 < 7.07_32 ghostscript8 < 8.71_19 ghostscript8-nox11 < 8.71_19 ghostscript8-base < 8.71_19 ghostscript8-x11 < 8.71_19 ghostscript9 < 9.06_11 ghostscript9-nox11 < 9.06_11 ghostscript9-base < 9.06_11 ghostscript9-x11 < 9.06_11 ghostscript9-agpl < 9.15_2 ghostscript9-agpl-nox11 < 9.15_2 ghostscript9-agpl-base < 9.16_2 ghostscript9-agpl-x11 < 9.16_ Ubuntu Linux 12.04, 14.04, USN Update Is Not Installed Category: SSH Module -> NonIntrusive -> Ubuntu Patches and Hotfixes CVE: CVE USN Ubuntu libexpat1_ ubuntu1.1 lib64expat1_ ubuntu1.1
16 Ubuntu lib64expat1_ ubuntu1.1 libexpat1_ ubuntu1.1 Ubuntu libexpat1_ ubuntu1.2 lib64expat1_ ubuntu Ubuntu Linux 12.04, 14.04, USN Update Is Not Installed Category: SSH Module -> NonIntrusive -> Ubuntu Patches and Hotfixes CVE: CVE USN Ubuntu libgdk-pixbuf2.0-0_ ubuntu1.1 Ubuntu libgdk-pixbuf2.0-0_ ubuntu0.1 Ubuntu libgdk-pixbuf2.0-0_ ubuntu Fedora Linux 21 FEDORA Update Is Not Installed CVE: CVE FEDORA Fedora Core 21
17 php-guzzle-guzzle fc21 php-zendframework fc Fedora Linux 22 FEDORA Update Is Not Installed CVE: CVE FEDORA Fedora Core 22 php-zendframework fc22 php-guzzle-guzzle fc (APSB15-21) Vulnerability In ColdFusion Category: Windows Host Assessment -> Adobe Patches Only (CATEGORY REQUIRES CREDENTIALS) CVE: CVE A vulnerability is present in some versions of Adobe ColdFusion. Adobe ColdFusion is a web application development platform. A vulnerability is present in some versions of Adobe ColdFusion. The flaw lies in BlazeDS. Successful exploitation could allow an attacker to access sensitive information. The update provided by Adobe bulletin APSB15-21 resolves this issue. The target system appears to be missing this update IBM WebSphere Application Server Java Portlet Specification JSR 286 Information Disclosure Vulnerability Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS) CVE: CVE An information disclosure vulnerability is present in some versions of IBM WebSphere Application Server.
18 IBM WebSphere Application Server is a Java application server. An information disclosure vulnerability is present in some versions of IBM WebSphere Application Server. The flaw lies in Java Portlet Specification JSR 286 API. Successful exploitation could allow an attacker to obtain obtain configuration data and other sensitive information Oracle Solaris Update Is Not Installed Category: SSH Module -> NonIntrusive -> Solaris Patches and Hotfixes CVE: CVE , CVE , CVE , CVE , CVE SunOS 5.10: Oracle Snap Management Utility for Oracle Databases patch SOLARIS_10 ORCLsmu:1.2.0,REV= Oracle Solaris Update Is Not Installed Category: SSH Module -> NonIntrusive -> Solaris Patches and Hotfixes CVE: CVE , CVE , CVE , CVE , CVE SunOS 5.10(x86): Oracle Snap Management Utility for Oracle Databases patch SOLARIS_10_x86 ORCLsmu:1.2.0,REV= SuSE SLES 12, SLED 12 SUSE-SU-2015: Update Is Not Installed Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes
19 CVE: CVE SUSE-SU-2015: SuSE SLED 12 perl-xml-libxml-debuginfo perl-xml-libxml perl-xml-libxml-debugsource SuSE SLES 12 perl-xml-libxml-debuginfo perl-xml-libxml perl-xml-libxml-debugsource Ubuntu Linux USN Update Is Not Installed Category: SSH Module -> NonIntrusive -> Ubuntu Patches and Hotfixes CVE: CVE , CVE USN Ubuntu libgnutls-deb0-28_ ubuntu Fedora Linux 23 FEDORA Update Is Not Installed CVE: CVE FEDORA
20 Fedora Core 23 gnutls fc Fedora Linux 21 FEDORA Update Is Not Installed CVE: CVE FEDORA Fedora Core 21 rubygem-rack fc SolarWinds N-Able N-Central Administrator Account Password Disclosure Vulnerability Category: General Vulnerability Assessment -> NonIntrusive -> Web Server CVE: CVE An information disclosure vulnerability is present in some versions of SolarWinds N-Able N-Central. SolarWinds N-Able N-Central is a popular enterprise and management support solution. An information disclosure vulnerability is present in some versions of SolarWinds N-Able N-Central. The flaw is due to the encrypted password is accessible by any authenticated local or remote user from within from the RSM web page source. Successful exploitation could allow an attacker to decrypt and obtain the domain administrator password used by the software Oracle Enterprise Linux ELSA Update Is Not Installed Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and Hotfixes CVE: CVE
21 ELSA OEL6 nss-softokn-freebl-devel el6_7 nss-softokn-freebl el6_7 nss-softokn-devel el6_7 nss-softokn el6_7 i386 nss-softokn-freebl-devel el6_7 nss-softokn-freebl el6_7 nss-softokn-devel el6_7 nss-softokn el6_7 OEL7 nss-softokn-freebl el7_1 nss-softokn-freebl-devel el7_1 nss-softokn el7_1 nss-softokn-devel el7_ Oracle VM OVMSA Update Is Not Installed Category: SSH Module -> NonIntrusive -> Oracle VM Patches and Hotfixes CVE: CVE OVMSA OVM3.3 nss-softokn-freebl el6_7 nss-softokn el6_ Red Hat Enterprise Linux RHSA Update Is Not Installed Category: SSH Module -> NonIntrusive -> Red Hat Enterprise Linux Patches and Hotfixes CVE: CVE
22 RHSA RHEL7WS nss-softokn-freebl-devel el7_1 nss-softokn-freebl el7_1 nss-softokn-debuginfo el7_1 nss-softokn el7_1 nss-softokn-devel el7_1 RHEL7D nss-softokn-freebl-devel el7_1 nss-softokn-freebl el7_1 nss-softokn-debuginfo el7_1 nss-softokn el7_1 nss-softokn-devel el7_1 RHEL6D nss-softokn-devel el6_7 nss-softokn-freebl-devel el6_7 nss-softokn-freebl el6_7 nss-softokn-debuginfo el6_7 nss-softokn el6_7 i386 nss-softokn-devel el6_7 nss-softokn-freebl-devel el6_7 nss-softokn-freebl el6_7 nss-softokn-debuginfo el6_7 nss-softokn el6_7 RHEL6S nss-softokn-devel el6_7 nss-softokn-freebl-devel el6_7 nss-softokn-freebl el6_7 nss-softokn-debuginfo el6_7 nss-softokn el6_7 i386 nss-softokn-devel el6_7 nss-softokn-freebl-devel el6_7 nss-softokn-freebl el6_7 nss-softokn-debuginfo el6_7 nss-softokn el6_7 RHEL7S nss-softokn-freebl-devel el7_1
23 nss-softokn-freebl el7_1 nss-softokn-debuginfo el7_1 nss-softokn el7_1 nss-softokn-devel el7_1 RHEL6WS nss-softokn-devel el6_7 nss-softokn-freebl-devel el6_7 nss-softokn-freebl el6_7 nss-softokn-debuginfo el6_7 nss-softokn el6_7 i386 nss-softokn-devel el6_7 nss-softokn-freebl-devel el6_7 nss-softokn-freebl el6_7 nss-softokn-debuginfo el6_7 nss-softokn el6_ SuSE Linux 13.2 opensuse-su-2015: Update Is Not Installed Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes CVE: CVE opensuse-su-2015: SuSE Linux 13.2 noarch ansible Fedora Linux 22 FEDORA Update Is Not Installed CVE: CVE , CVE FEDORA
24 Fedora Core 22 rt fc Fedora Linux 21 FEDORA Update Is Not Installed CVE: CVE , CVE FEDORA Fedora Core 21 rt fc Slackware Linux 14.1 SSA: Update Is Not Installed Category: SSH Module -> NonIntrusive -> Slackware Patches and Hotfixes Risk Level: Low SSA: Slackware 14.1 mozilla-firefox esr Debian Linux 8.0 DSA Update Is Not Installed Category: SSH Module -> NonIntrusive -> Debian Patches and Hotfixes Risk Level: Low DSA
25 Debian 8.0 all php-twig-doc_ deb8u1 php-twig_ deb8u1 php5-twig_ deb8u Debian Linux 7.0, 8.0 DSA Update Is Not Installed Category: SSH Module -> NonIntrusive -> Debian Patches and Hotfixes Risk Level: Low CVE: CVE , CVE , CVE , CVE , CVE DSA Debian 8.0 all php5_ dfsg-0+deb8u1 Debian 7.0 all php5_ deb7u FreeBSD graphviz Format String Vulnerability ( b-4e61-11e5-9ad8-14dae9d210b8) Category: SSH Module -> NonIntrusive -> FreeBSD Patches and Hotfixes Risk Level: Low graphviz -- format string vulnerability ( b-4e61-11e5-9ad8-14dae9d210b8) Affected packages: graphviz < _7
26 Fedora Linux 23 FEDORA Update Is Not Installed Risk Level: Low FEDORA Fedora Core 23 pcre fc Fedora Linux 22 FEDORA Update Is Not Installed Risk Level: Low FEDORA Fedora Core 22 php-twig fc Fedora Linux 21 FEDORA Update Is Not Installed Risk Level: Low FEDORA
27 Fedora Core 21 mariadb fc Fedora Linux 21 FEDORA Update Is Not Installed Risk Level: Low FEDORA Fedora Core 21 maradns fc Fedora Linux 22 FEDORA Update Is Not Installed Risk Level: Low FEDORA Fedora Core 22 maradns fc Fedora Linux 23 FEDORA Update Is Not Installed Risk Level: Low
28 FEDORA Fedora Core 23 maradns fc Fedora Linux 23 FEDORA Update Is Not Installed Risk Level: Low FEDORA Fedora Core 23 php-twig fc Fedora Linux 23 FEDORA Update Is Not Installed Risk Level: Low FEDORA Fedora Core 23 drupal6-views_bulk_operations fc Endress+Hauser HART Device DTM Vulnerability Category: Windows Host Assessment -> SCADA
29 (CATEGORY REQUIRES CREDENTIALS) Risk Level: Low CVE: CVE A denial of service vulnerability is present in some versions of Endress+Hauser HART DTM Library. Endress+Hauser HART DTM Library is used in Endress+Hauser HART Device DTM. A denial of service vulnerability is present in some versions of Endress+Hauser HART DTM Library. The flaw occurs due to a buffer overflow issue. Successful exploitation could allow an attacker to crash the Field Device Tool (FDT) Frame Application (SOL17189) F5 BIG-IP Apache HTTP Server Vulnerability Category: SSH Module -> NonIntrusive -> F5 Risk Level: Low CVE: CVE A vulnerability is present in some versions of F5 BIG-IP products. F5's BIG-IP product is a network appliance that runs F5's Traffic Management Operating System. A vulnerability is present in some versions of F5 BIG-IP products. The flaw lies in the mod_negotiation module in the Apache HTTP Server. Successful exploitation could allow an attacker to affect integrity of other users. ENHANCED CHECKS The following checks have been updated. Enhancements may include optimizations, changes that reflect new information on a vulnerability and anything else that improves upon an existing FSL check GIGABYTE Dldrv2 ActiveX Control Multiple Vulnerabilities Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS) CVE: CVE , CVE FreeBSD mozilla Multiple Vulnerabilities (d9b43004-f5fd-4807-b1d7-dbf66455b244) Category: SSH Module -> NonIntrusive -> FreeBSD Patches and Hotfixes CVE: CVE , CVE , CVE , CVE , CVE , CVE , CVE , CVE , CVE , CVE , CVE , CVE , CVE , CVE , CVE , CVE CVE is updated
30 662 - Finger Backdoor Category: General Vulnerability Assessment -> NonIntrusive -> UNIX CVE: CVE Documentation is updated Finger Command Execution Category: General Vulnerability Assessment -> NonIntrusive -> UNIX CVE: CVE Documentation is updated Creative Software AutoUpdate Engine ActiveX Control Stack Overflow Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS) CVE: CVE FutureSoft TFTP Server 2000 Remote Denial Of Service Vulnerability Category: General Vulnerability Assessment -> Instrusive -> Miscellaneous EATON VURemote Denial of Service Category: Windows Host Assessment -> SCADA (CATEGORY REQUIRES CREDENTIALS) FirebirdSQL Firebird Null Pointer Denial of Service I Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS)
31 Eaton Network Shutdown Module Pi3Web WebServer Denial of Service Category: General Vulnerability Assessment -> NonIntrusive -> SCADA Delta Electronics WPLSoft DVPSimulator.exe Buffer Overflow Remote Code Execution Category: General Vulnerability Assessment -> Instrusive -> SCADA FrameFlow Server Monitor Unspecified Defect Denial Of Service Category: Windows Host Assessment -> SCADA (CATEGORY REQUIRES CREDENTIALS) Emerson ROCLINK 800 arpro2.dll ActiveX Control Remote Code Execution Category: Windows Host Assessment -> SCADA (CATEGORY REQUIRES CREDENTIALS) Cogent DataHub Web Server Gamma Injection Remote Code Execution Category: General Vulnerability Assessment -> Instrusive -> SCADA
32 Cogent DataHub Web Server Gamma Injection Remote Code Execution Category: Windows Host Assessment -> SCADA (CATEGORY REQUIRES CREDENTIALS) Oracle Database Server Critical Patch Update April 2015 Category: SSH Module -> NonIntrusive -> SSH Miscellaneous CVE: CVE , CVE , CVE , CVE FASLScript is updated Oracle Database Server Critical Patch Update July 2015 Category: SSH Module -> NonIntrusive -> SSH Miscellaneous CVE: CVE , CVE , CVE , CVE , CVE , CVE , CVE FASLScript is updated (MS15-093) Microsoft Internet Explorer Memory Corruption Remote Code Execution ( ) Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) CVE: CVE Name is updated csmailto.cgi Command Execution Category: General Vulnerability Assessment -> NonIntrusive -> Web Server CVE: CVE RSYNC heap overflow and remote code execution Category: General Vulnerability Assessment -> NonIntrusive -> Miscellaneous
33 CVE: CVE is updated FASLScript is updated GAMSoft TelSrv Long Username Denial of Service Category: General Vulnerability Assessment -> Instrusive -> UNIX CVE: CVE , CVE , CVE , CVE , CVE Sendmail SSLV2 Disable Option Not Allowed Category: General Vulnerability Assessment -> NonIntrusive -> UNIX CVE: CVE FASLScript is updated EMC AutoStart Remote Code Execution Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS) EMC AlphaStor Remote Code Execution Category: General Vulnerability Assessment -> NonIntrusive -> Miscellaneous CYME Power Engineering ChartFX Client Server ActiveX Control Array Indexing Remote Code Execution Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS)
34 Oracle Database Server Critical Patch Update January 2015 Category: SSH Module -> NonIntrusive -> SSH Miscellaneous CVE: CVE , CVE , CVE , CVE , CVE , CVE , CVE , CVE , CVE FASLScript is updated Compaq Web-Based Management default page Category: General Vulnerability Assessment -> NonIntrusive -> Web Server CVE: CVE FactoSystem Weblog Multiple SQL Injection Vulnerabilities Category: General Vulnerability Assessment -> NonIntrusive -> Web Server CVE: CVE glftpd Default Credentials Unauthorized Access Vulnerability Category: General Vulnerability Assessment -> Instrusive -> UNIX CVE: CVE CoCSoft Stream Down Response Buffer Overflow Remote Code Execution Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS) CVE: CVE DotNetNuke DNNArticle Module "categoryid" SQL Injection Vulnerability Category: General Vulnerability Assessment -> Instrusive -> Web Server
35 CVE: CVE Oracle Enterprise Linux ELSA Update Is Not Installed Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and Hotfixes CVE: CVE , CVE , CVE , CVE , CVE , CVE , CVE FreeBSD chicken Buffer Overrun In Substring-index[-ci] (e7b7f2b5-177a-11e5-ad33-f8d111029e6a) Category: SSH Module -> NonIntrusive -> FreeBSD Patches and Hotfixes CVE: CVE Ubuntu Linux USN Update Is Not Installed Category: SSH Module -> NonIntrusive -> Ubuntu Patches and Hotfixes CVE: CVE , CVE , CVE , CVE Ubuntu Linux USN Update Is Not Installed Category: SSH Module -> NonIntrusive -> Ubuntu Patches and Hotfixes CVE: CVE , CVE , CVE , CVE Ubuntu Linux USN Update Is Not Installed Category: SSH Module -> NonIntrusive -> Ubuntu Patches and Hotfixes CVE: CVE , CVE , CVE , CVE
36 Ubuntu Linux USN Update Is Not Installed Category: SSH Module -> NonIntrusive -> Ubuntu Patches and Hotfixes CVE: CVE , CVE , CVE , CVE Ubuntu Linux USN Update Is Not Installed Category: SSH Module -> NonIntrusive -> Ubuntu Patches and Hotfixes CVE: CVE , CVE , CVE , CVE Ubuntu Linux USN Update Is Not Installed Category: SSH Module -> NonIntrusive -> Ubuntu Patches and Hotfixes CVE: CVE , CVE , CVE Ubuntu Linux USN Update Is Not Installed Category: SSH Module -> NonIntrusive -> Ubuntu Patches and Hotfixes CVE: CVE , CVE , CVE Ubuntu Linux USN Update Is Not Installed Category: SSH Module -> NonIntrusive -> Ubuntu Patches and Hotfixes CVE: CVE , CVE , CVE Ubuntu Linux USN Update Is Not Installed Category: SSH Module -> NonIntrusive -> Ubuntu Patches and Hotfixes CVE: CVE , CVE , CVE
37 Fedora Linux 22 FEDORA Update Is Not Installed CVE: CVE Compaq Survey Utility Anonymous Login Category: General Vulnerability Assessment -> NonIntrusive -> Web Server CVE: CVE FormMail.pl Detected Category: General Vulnerability Assessment -> NonIntrusive -> Web Server CVE: CVE FTP Brute Force Category: General Vulnerability Assessment -> Instrusive -> BruteForce CVE: CVE Documentation is updated Efficient Networks 5861 Router NMap Denial-of-Service Category: General Vulnerability Assessment -> NonIntrusive -> Network CVE: CVE Cisco TFTP Server Denial of Service Vulnerability Category: Windows Host Assessment -> Miscellaneous
38 (CATEGORY REQUIRES CREDENTIALS) glftpd ZIP Plugins Multiple Directory Traversal Vulnerabilities Category: General Vulnerability Assessment -> NonIntrusive -> UNIX CVE: CVE Citrix MetaFrame Client Specified Published Applications Enumeration Information Disclosure Vulnerability Category: General Vulnerability Assessment -> NonIntrusive -> Miscellaneous D-Link DIR-635 "data" Cross-Site Scripting and Cross-Site Request Forgery Vulnerabilities Category: Wireless Assessment -> NonIntrusive -> Wireless Cisco Video Surveillance Operations Manager Help Page Redirection Vulnerability Category: General Vulnerability Assessment -> NonIntrusive -> Web Server CVE: CVE DotNetNuke Multiple Modules Arbitrary File Disclosure Vulnerability Category: General Vulnerability Assessment -> NonIntrusive -> Web Server
39 FESTO Robotino View Unspecified Defect Remote Denial of Service Category: Windows Host Assessment -> SCADA (CATEGORY REQUIRES CREDENTIALS) Google Android Bluetooth Forced Pairing Vulnerability Category: Wireless Assessment -> NonIntrusive -> Android CVE: CVE Documentation is updated Ubuntu Linux USN Update Is Not Installed Category: SSH Module -> NonIntrusive -> Ubuntu Patches and Hotfixes CVE: CVE Ubuntu Linux USN Update Is Not Installed Category: SSH Module -> NonIntrusive -> Ubuntu Patches and Hotfixes CVE: CVE Ubuntu Linux USN Update Is Not Installed Category: SSH Module -> NonIntrusive -> Ubuntu Patches and Hotfixes CVE: CVE Ubuntu Linux USN Update Is Not Installed Category: SSH Module -> NonIntrusive -> Ubuntu Patches and Hotfixes
40 CVE: CVE Ubuntu Linux USN Update Is Not Installed Category: SSH Module -> NonIntrusive -> Ubuntu Patches and Hotfixes CVE: CVE FTP Anonymous User Account ftp Accessible Category: General Vulnerability Assessment -> NonIntrusive -> Miscellaneous Risk Level: Low CVE: CVE Documentation is updated FreeBSD libpgf Use After Free (9a71953a-474a-11e5-adde-14dae9d210b8) Category: SSH Module -> NonIntrusive -> FreeBSD Patches and Hotfixes Risk Level: Low CVE: CVE CVE is updated Oracle Enterprise Linux ELSA Update Is Not Installed Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and Hotfixes Risk Level: Low CVE: CVE Oracle VM OVMSA Update Is Not Installed Category: SSH Module -> NonIntrusive -> Oracle VM Patches and Hotfixes Risk Level: Low CVE: CVE Fedora Linux 22 FEDORA Update Is Not Installed
41 Risk Level: Low CVE: CVE Fedora Linux 21 FEDORA Update Is Not Installed Risk Level: Low CVE: CVE HOW TO UPDATE FS1000 APPLIANCE customers should follow the instructions for Enterprise/Professional customers, below. In addition, we strongly urge all appliance customers to authorize and install any Windows Update critical patches. The appliance will auto-download any critical updates but will wait for your explicit authorization before installing. FOUNDSTONE ENTERPRISE and PROFESSIONAL customers may obtain these new scripts using the FSUpdate Utility by selecting "FoundScan Update" on the help menu. Make sure that you have a valid FSUpdate username and password. The new vulnerability scripts will be automatically included in your scans if you have selected that option by right-clicking the selected vulnerability category and checking the "Run New Checks" checkbox. MANAGED SERVICE CUSTOMERS already have the newest update applied to their environment. The new vulnerability scripts will be automatically included when your scans are next scheduled, provided the Run New Scripts option has been turned on. MCAFEE TECHNICAL SUPPORT ServicePortal: Multi-National Phone Support available here: Non-US customers - Select your country from the list of Worldwide Offices. This may contain confidential and privileged material for the sole use of the intended recipient. Any review or distribution by others is strictly prohibited. If you are not the intended recipient please contact the sender and delete all copies. Copyright 2015 McAfee, Inc. McAfee is a registered trademark of McAfee, Inc. and/or its affiliates
MCAFEE FOUNDSTONE FSL UPDATE
MCAFEE FOUNDSTONE FSL UPDATE 2013-FEB-25 To better protect your environment McAfee has created this FSL check update for the Foundstone Product Suite. The following is a detailed summary of the new and
More informationMCAFEE FOUNDSTONE FSL UPDATE
MCAFEE FOUNDSTONE FSL UPDATE 2014-JUL-16 To better protect your environment McAfee has created this FSL check update for the Foundstone Product Suite. The following is a detailed summary of the new and
More informationMCAFEE FOUNDSTONE FSL UPDATE
MCAFEE FOUNDSTONE FSL UPDATE 2012-JUN-13 To better protect your environment McAfee has created this FSL check update for the Foundstone Product Suite. The following is a detailed summary of the new and
More informationSecurityTracker Monday Morning Vulnerability Summary Dec 17, 2012
SecurityTracker Monday Morning Vulnerability Summary Dec 17, 2012 In This Week's SecurityTracker Vulnerability Summary SecurityTracker Alerts: 26 Vendors: Adobe Systems Incorporated - Blue Coat Systems
More informationWeb Application Report
Web Application Report This report includes important security information about your Web Application. Security Report This report was created by IBM Rational AppScan 8.5.0.1 11/14/2012 8:52:13 AM 11/14/2012
More information============================================================= =============================================================
Stephan Lantos Subject: FW: @RISK: The Consensus Security Vulnerability Alert: Vol. 13, Num. 23 In partnership with SANS and Sourcefire, Qualys is pleased to provide you with the @RISK Newsletter. This
More informationRunning a Default Vulnerability Scan SAINTcorporation.com
SAINT Running a Default Vulnerability Scan A Step-by-Step Guide www.saintcorporation.com Examine. Expose. Exploit. Install SAINT Welcome to SAINT! Congratulations on a smart choice by selecting SAINT s
More informationMcAfee Vulnerability Manager 7.0.2
McAfee Vulnerability Manager 7.0.2 The McAfee Vulnerability Manager 7.0.2 quarterly release adds features to the product without having to wait for the next major release. This technical note contains
More informationMeasurably reducing risk through collaboration, consensus & practical security management. 2015 CIS Security Benchmarks 1
Measurably reducing risk through collaboration, consensus & practical security management 2015 CIS Security Benchmarks 1 Background State of Idaho s Rights and Benefits as a CIS Security Benchmarks Member
More informationExternal Vulnerability Assessment. -Technical Summary- ABC ORGANIZATION
External Vulnerability Assessment -Technical Summary- Prepared for: ABC ORGANIZATI On March 9, 2008 Prepared by: AOS Security Solutions 1 of 13 Table of Contents Executive Summary... 3 Discovered Security
More informationVERSION 9.02 INSTALLATION GUIDE. www.pacifictimesheet.com
VERSION 9.02 INSTALLATION GUIDE www.pacifictimesheet.com PACIFIC TIMESHEET INSTALLATION GUIDE INTRODUCTION... 4 BUNDLED SOFTWARE... 4 LICENSE KEY... 4 SYSTEM REQUIREMENTS... 5 INSTALLING PACIFIC TIMESHEET
More informationSample Report. Security Test Plan. Prepared by Security Innovation
Sample Report Security Test Plan Prepared by Security Innovation Table of Contents 1.0 Executive Summary... 3 2.0 Introduction... 3 3.0 Strategy... 4 4.0 Deliverables... 4 5.0 Test Cases... 5 Automation...
More informationPatch Assessment Content Update Release Notes for CCS 11.0. Version: 2012-2 Update
Patch Assessment Content Update Release Notes for CCS 11.0 Version: 2012-2 Update Patch Assessment Content Update 2012-2 Release Notes for CCS 11.0 Legal Notice Copyright 2012 Symantec Corporation. All
More informationSecurityTracker Monday Morning Vulnerability Summary Oct 28, 2013
In This Week's SecurityTracker Vulnerability Summary SecurityTracker Alerts: 27 Vendors: Alstom - Apple Computer - CA - Cisco - EMC - F5 Networks - GNU [multiple authors] - Gnupg.org - Google - Joyent,
More informationOnCommand Performance Manager 1.1
OnCommand Performance Manager 1.1 Installation and Setup Guide For Red Hat Enterprise Linux NetApp, Inc. 495 East Java Drive Sunnyvale, CA 94089 U.S. Telephone: +1 (408) 822-6000 Fax: +1 (408) 822-4501
More informationClassification of Security Issues
Classification of Security Issues By Mark J Cox Abstract Red Hat has implemented a scheme from Red Hat Enterprise Linux 4 to publicly classify the impact of security issues found in our products and services..customers
More informationOut of the Fire - Adding Layers of Protection When Deploying Oracle EBS to the Internet
Out of the Fire - Adding Layers of Protection When Deploying Oracle EBS to the Internet March 8, 2012 Stephen Kost Chief Technology Officer Integrigy Corporation Phil Reimann Director of Business Development
More informationPayment Card Industry (PCI) Data Security Standard
Payment Card Industry (PCI) Data Security Standard Technical and Operational Requirements for Approved Scanning Vendors (ASVs) Version 1.1 Release: September 2006 Table of Contents Introduction...1-1 Naming
More informationDenyAll Detect. Technical documentation 07/27/2015
DenyAll Detect Technical documentation 07/27/2015 Summary 1. About this document... 3 1.1 Purpose... 3 1.2 History... 3 1.3 Context... 3 2. Tests list... 4 2.1 Network port scanning... 4 2.2 Domain discovery
More informationFINAL DoIT 11.03.2015 - v.4 PAYMENT CARD INDUSTRY DATA SECURITY STANDARDS APPLICATION DEVELOPMENT AND MAINTENANCE PROCEDURES
Purpose: The Department of Information Technology (DoIT) is committed to developing secure applications. DoIT s System Development Methodology (SDM) and Application Development requirements ensure that
More informationIntegrigy Corporate Overview
mission critical applications mission critical security Application and Database Security Auditing, Vulnerability Assessment, and Compliance Integrigy Corporate Overview Integrigy Overview Integrigy Corporation
More informationComplete Patch Management
Complete Patch Management Complete - Flexible Unique In- Depth Secunia CSI 7 Corporate Software Inspector Take control of the vulnerability threat and optimize your IT security investments. The Secunia
More informationSeptember 2, 2010. (Revision 3)
Web Application Scanning with Nessus Detecting Web Application Vulnerabilities and Environmental Weaknesses September 2, 2010 (Revision 3) Brian Martin Nessus SME Carole Fennelly Director, Content & Documentation
More informationMeasurably reducing risk through collaboration, consensus & practical security management. 2013 CIS Security Benchmarks 1
Measurably reducing risk through collaboration, consensus & practical security management 2013 CIS Security Benchmarks 1 Background City University of New York s Rights and Benefits as a CIS Security Benchmarks
More informationCreating Stronger, Safer, Web Facing Code. JPL IT Security Mary Rivera June 17, 2011
Creating Stronger, Safer, Web Facing Code JPL IT Security Mary Rivera June 17, 2011 Agenda Evolving Threats Operating System Application User Generated Content JPL s Application Security Program Securing
More informationSecurity Vulnerabilities in Open Source Java Libraries. Patrycja Wegrzynowicz CTO, Yonita, Inc.
Security Vulnerabilities in Open Source Java Libraries Patrycja Wegrzynowicz CTO, Yonita, Inc. About Me Programmer at heart Researcher in mind Speaker with passion Entrepreneur by need @yonlabs Agenda
More informationANNEXURE-1 TO THE TENDER ENQUIRY NO.: DPS/AMPU/MIC/1896. Network Security Software Nessus- Technical Details
Sub: Supply, Installation, setup and testing of Tenable Network Security Nessus vulnerability scanner professional version 6 or latest for scanning the LAN, VLAN, VPN and IPs with 3 years License/Subscription
More informationWeb Application Vulnerability Testing with Nessus
The OWASP Foundation http://www.owasp.org Web Application Vulnerability Testing with Nessus Rïk A. Jones, CISSP rikjones@computer.org Rïk A. Jones Web developer since 1995 (16+ years) Involved with information
More informationHow To Test A Control System With A Network Security Tool Like Nesus
Using the Nessus Vulnerability Scanner on Control Systems By Dale Peterson All too often we hear stories about the IT Department or some consultant running a vulnerability scan that takes down a key control
More informationIntegrated Network Vulnerability Scanning & Penetration Testing SAINTcorporation.com
SAINT Integrated Network Vulnerability Scanning and Penetration Testing www.saintcorporation.com Introduction While network vulnerability scanning is an important tool in proactive network security, penetration
More informationRSA ACCESS MANAGER. Web Access Management Solution ESSENTIALS SECURE ACCESS TO WEB APPLICATIONS WEB SINGLE SIGN-ON CONTEXTUAL AUTHORIZATION
RSA ACCESS MANAGER Web Access Management Solution ESSENTIALS Secure Access Enforces access to Web applications based on risk and context Centralizes security and enforces business policy Web Single Sign-on
More informationFINAL DoIT 04.01.2013- v.8 APPLICATION SECURITY PROCEDURE
Purpose: This procedure identifies what is required to ensure the development of a secure application. Procedure: The five basic areas covered by this document include: Standards for Privacy and Security
More informationThick Client Application Security
Thick Client Application Security Arindam Mandal (arindam.mandal@paladion.net) (http://www.paladion.net) January 2005 This paper discusses the critical vulnerabilities and corresponding risks in a two
More informationFREQUENTLY ASKED QUESTIONS
FREQUENTLY ASKED QUESTIONS Secure Bytes, October 2011 This document is confidential and for the use of a Secure Bytes client only. The information contained herein is the property of Secure Bytes and may
More informationRunning a Default Vulnerability Scan
Running a Default Vulnerability Scan A Step-by-Step Guide www.saintcorporation.com Examine. Expose. Exploit. Welcome to SAINT! Congratulations on a smart choice by selecting SAINT s integrated vulnerability
More informationComodo Hacker Guardian
TM Creating Trust Online Comodo Hacker Guardian Definition of Plug-in Categories Contents Debian Local Security Checks Windows CGI Abuses Windows : Microsoft Bulletins Windows : User Management FTP (File
More informationOverview Commitment to Energy and Utilities Robert Held Sr. Systems Engineer Strategic Energy August 2015
Overview Commitment to Energy and Utilities Robert Held Sr. Systems Engineer Strategic Energy August 2015 Tripwire Evolution 18+ Years of Innovation 1997 Tripwire File System Monitoring from open source
More informationIBM Protocol Analysis Module
IBM Protocol Analysis Module The protection engine inside the IBM Security Intrusion Prevention System technologies. Highlights Stops threats before they impact your network and the assets on your network
More informationApril 11, 2011. (Revision 2)
Passive Vulnerability Scanning Overview April 11, 2011 (Revision 2) Copyright 2011. Tenable Network Security, Inc. All rights reserved. Tenable Network Security and Nessus are registered trademarks of
More informationEAS-SEC Project: Securing Enterprise Business Applications
EAS-SEC Project: Securing Enterprise Business Applications SESSION ID: SEC-W06 Alexander Polyakov CTO ERPScan @Twitter sh2kerr Alexander Polyakov CTO of the ERPScan inc EAS-SEC.org President Business application
More informationAccess the GV-IP Camera through a broadband modem
Access the GV-IP Camera through a broadband modem Applied to All GV-IP Cameras Article ID: GV15-12-03-26 Release Date: 03/26/2012 Introduction The document introduces how to connect your GV-IP Camera to
More informationKASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES. www.kaspersky.com
KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES www.kaspersky.com EXPERT SERVICES Expert Services from Kaspersky Lab are exactly that the services of our in-house experts, many of them global
More informationHP Application Lifecycle Management
HP Application Lifecycle Management Software Version: 11.00 Installation Guide Document Release Date: October 2010 Software Release Date: October 2010 Legal Notices Warranty The only warranties for HP
More informationHost Hardening. OS Vulnerability test. CERT Report on systems vulnerabilities. (March 21, 2011)
Host Hardening (March 21, 2011) Abdou Illia Spring 2011 CERT Report on systems vulnerabilities Source: CERT Report @ http://www.kb.cert.org/vuls/bymetric 2 OS Vulnerability test Source: http://www.omninerd.com/articles/2006_operating_system_vulnerabilit
More informationWeb Application Threats and Vulnerabilities Web Server Hacking and Web Application Vulnerability
Web Application Threats and Vulnerabilities Web Server Hacking and Web Application Vulnerability WWW Based upon HTTP and HTML Runs in TCP s application layer Runs on top of the Internet Used to exchange
More informationSecrets of Vulnerability Scanning: Nessus, Nmap and More. Ron Bowes - Researcher, Tenable Network Security
Secrets of Vulnerability Scanning: Nessus, Nmap and More Ron Bowes - Researcher, Tenable Network Security 1 About me Ron Bowes (@iagox86) My affiliations (note: I m here to educate, not sell) 2 SkullSpace
More informationReducing the Cost and Complexity of Web Vulnerability Management
WHITE PAPER: REDUCING THE COST AND COMPLEXITY OF WEB..... VULNERABILITY.............. MANAGEMENT..................... Reducing the Cost and Complexity of Web Vulnerability Management Who should read this
More informationUnderstanding Security Testing
Understanding Security Testing Choosing between vulnerability assessments and penetration testing need not be confusing or onerous. Arian Eigen Heald, M.A., Ms.IA., CNE, CISA, CISSP I. Introduction Many
More information1. Introduction. 2. Web Application. 3. Components. 4. Common Vulnerabilities. 5. Improving security in Web applications
1. Introduction 2. Web Application 3. Components 4. Common Vulnerabilities 5. Improving security in Web applications 2 What does World Wide Web security mean? Webmasters=> confidence that their site won
More informationThe purpose of this report is to educate our prospective clients about capabilities of Hackers Locked.
This sample report is published with prior consent of our client in view of the fact that the current release of this web application is three major releases ahead in its life cycle. Issues pointed out
More informationConnection Broker Managing User Connections to Workstations and Blades, OpenStack Clouds, VDI, and More
Connection Broker Managing User Connections to Workstations and Blades, OpenStack Clouds, VDI, and More Leostream Connect Administrator s Guide and End User s Manual Version 3.5 / 3.1 January 14, 2016
More informationVMware Player 2.5.2 Release Notes
Page 1 of 5 VMware Player 2.5.2 Release Notes VMware Player Version 2.5.2 31 March 2009 Build 156735 Document last updated: April 13, 2009 These release notes cover the following topics: What's New (#whatsnew)
More informationSECURITY TRENDS & VULNERABILITIES REVIEW 2015
SECURITY TRENDS & VULNERABILITIES REVIEW 2015 Contents 1. Introduction...3 2. Executive summary...4 3. Inputs...6 4. Statistics as of 2014. Comparative study of results obtained in 2013...7 4.1. Overall
More informationIs Drupal secure? A high-level perspective on web vulnerabilities, Drupal s solutions, and how to maintain site security
Is Drupal secure? A high-level perspective on web vulnerabilities, Drupal s solutions, and how to maintain site security Presented 2009-05-29 by David Strauss Thinking Securely Security is a process, not
More informationPenetration Testing with Kali Linux
Penetration Testing with Kali Linux PWK Copyright 2014 Offensive Security Ltd. All rights reserved. Page 1 of 11 All rights reserved to Offensive Security, 2014 No part of this publication, in whole or
More informationAdobe Systems Incorporated
Adobe Connect 9.2 Page 1 of 8 Adobe Systems Incorporated Adobe Connect 9.2 Hosted Solution June 20 th 2014 Adobe Connect 9.2 Page 2 of 8 Table of Contents Engagement Overview... 3 About Connect 9.2...
More informationVerax Service Desk Installation Guide for UNIX and Windows
Verax Service Desk Installation Guide for UNIX and Windows March 2015 Version 1.8.7 and higher Verax Service Desk Installation Guide 2 Contact Information: E-mail: sales@veraxsystems.com Internet: http://www.veraxsystems.com/
More informationHow to break in. Tecniche avanzate di pen testing in ambito Web Application, Internal Network and Social Engineering
How to break in Tecniche avanzate di pen testing in ambito Web Application, Internal Network and Social Engineering Time Agenda Agenda Item 9:30 10:00 Introduction 10:00 10:45 Web Application Penetration
More information24x7 Scheduler Multi-platform Edition 5.2
24x7 Scheduler Multi-platform Edition 5.2 Installing and Using 24x7 Web-Based Management Console with Apache Tomcat web server Copyright SoftTree Technologies, Inc. 2004-2014 All rights reserved Table
More informationNessus scanning on Windows Domain
Nessus scanning on Windows Domain A little inside information and Nessus can go a long way By Sunil Vakharia sunilv@phreaker.net Version 1.0 4 November 2003 About this paper This paper is not a tutorial
More informationSecure Web Application Coding Team Introductory Meeting December 1, 2005 1:00 2:00PM Bits & Pieces Room, Sansom West Room 306 Agenda
Secure Web Application Coding Team Introductory Meeting December 1, 2005 1:00 2:00PM Bits & Pieces Room, Sansom West Room 306 Agenda 1. Introductions for new members (5 minutes) 2. Name of group 3. Current
More informationAchieving PCI Compliance: How Red Hat Can Help. Akash Chandrashekar, RHCE. Red Hat Daniel Kinon, RHCE. Choice Hotels Intl.
Achieving PCI Compliance: How Red Hat Can Help Akash Chandrashekar, RHCE. Red Hat Daniel Kinon, RHCE. Choice Hotels Intl. Agenda Understanding Compliance Security Features within Red Hat Backporting Choice
More informationLotus Domino Security
An X-Force White Paper Lotus Domino Security December 2002 6303 Barfield Road Atlanta, GA 30328 Tel: 404.236.2600 Fax: 404.236.2626 Introduction Lotus Domino is an Application server that provides groupware
More informationMCAFEE FOUNDSTONE FSL UPDATE
MCAFEE FOUNDSTONE FSL UPDATE 2014-JUN-03 To better protect your environment McAfee has created this FSL check update for the Foundstone Product Suite. The following is a detailed summary of the new and
More informationMcAfee Cloud Identity Manager
NetSuite Cloud Connector Guide McAfee Cloud Identity Manager version 2.0 or later COPYRIGHT Copyright 2013 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted,
More informationRelease Notes for McAfee(R) VirusScan(R) Enterprise for Linux Version 1.9.0 Copyright (C) 2014 McAfee, Inc. All Rights Reserved.
Release Notes for McAfee(R) VirusScan(R) Enterprise for Linux Version 1.9.0 Copyright (C) 2014 McAfee, Inc. All Rights Reserved. Release date: August 28, 2014 This build was developed and tested on: -
More informationProduct Documentation. Preliminary Evaluation of the OpenSSL Security Advisory (0.9.8 and 1.0.1)
Product Documentation Preliminary Evaluation of the OpenSSL Security Advisory (0.9.8 and 1.0.1) Contents Contents Copyright... 3 Preliminary Evaluation of the OpenSSL Security Advisory (0.9.8 and 1.0.1)...
More information3. Broken Account and Session Management. 4. Cross-Site Scripting (XSS) Flaws. Web browsers execute code sent from websites. Account Management
What is an? s Ten Most Critical Web Application Security Vulnerabilities Anthony LAI, CISSP, CISA Chapter Leader (Hong Kong) anthonylai@owasp.org Open Web Application Security Project http://www.owasp.org
More informationVirtualization System Security
Virtualization System Security Bryan Williams, IBM X-Force Advanced Research Tom Cross, Manager, IBM X-Force Security Strategy 2009 IBM Corporation Overview Vulnerability disclosure analysis Vulnerability
More informationEXTENSIVE FEATURE DESCRIPTION SECUNIA CORPORATE SOFTWARE INSPECTOR. Non-intrusive, authenticated scanning for OT & IT environments. secunia.
Non-intrusive, authenticated scanning for OT & IT environments The situation: convenience vs. security Interconnectivity between organizations and corporate networks, the internet and the cloud and thus
More informationWindows Remote Access
Windows Remote Access A newsletter for IT Professionals Education Sector Updates Issue 1 I. Background of Remote Desktop for Windows Remote Desktop Protocol (RDP) is a proprietary protocol developed by
More informationAttack and Penetration Testing 101
Attack and Penetration Testing 101 Presented by Paul Petefish PaulPetefish@Solutionary.com July 15, 2009 Copyright 2000-2009, Solutionary, Inc. All rights reserved. Version 2.2 Agenda Penetration Testing
More informationLast update: February 23, 2004
Last update: February 23, 2004 Web Security Glossary The Web Security Glossary is an alphabetical index of terms and terminology relating to web application security. The purpose of the Glossary is to
More informationINNOV-04 The SANS Top 20 Internet Security Vulnerabilities
INNOV-04 The SANS Top 20 Internet Security Vulnerabilities (and what it means to OpenEdge Applications) Michael Solomon, CISSP PMP CISM Solomon Consulting Inc. www.solomonconsulting.com (Thanks to John
More informationWhat s New in Centrify Server Suite 2013 Update 2
CENTRIFY SERVER SUITE 2013.2 DATA SHEET What s New in Centrify Server Suite 2013 Update 2 The new Centrify Server Suite 2013 Update 2 (2013.2) builds on the core enhancements Centrify introduced in Server
More informationNessus Agents. October 2015
Nessus Agents October 2015 Table of Contents Introduction... 3 What Are Nessus Agents?... 3 Scanning... 4 Results... 6 Conclusion... 6 About Tenable Network Security... 6 2 Introduction Today s changing
More informationCertified Ethical Hacker Exam 312-50 Version Comparison. Version Comparison
CEHv8 vs CEHv7 CEHv7 CEHv8 19 Modules 20 Modules 90 Labs 110 Labs 1700 Slides 1770 Slides Updated information as per the latest developments with a proper flow Classroom friendly with diagrammatic representation
More informationMcAfee Vulnerability Manager 7.5.1
McAfee Vulnerability Manager 7.5.1 The McAfee Vulnerability Manager 7.5.1 quarterly release adds features to the product without having to wait for the next major release. This release notes file contains
More informationInstallation Guide. Help Desk Manager. Version v12.1.0
Installation Guide Help Desk Manager Version v12.1.0 Documentation published: March 12, 2014 Contents Introduction to Help Desk Manager 3 Help Desk Manager Key Features 3 Do-It-Yourself Installation and
More informationConnection Broker Managing User Connections to Workstations and Blades, OpenStack Clouds, VDI, and more. Security Review
Connection Broker Managing User Connections to Workstations and Blades, OpenStack Clouds, VDI, and more Security Review Version 8.1 March 31, 2016 Contacting Leostream Leostream Corporation http://www.leostream.com
More informationCyber Threats, Trends, and Security Configurations. June 2, 2015. Shevaun Culmer-Reid, Program Manager
Cyber Threats, Trends, and Security Configurations June 2, 2015 Shevaun Culmer-Reid, Program Manager The Center for Internet Security is an international nonprofit organization focused on enhancing cyber
More informationConnection Broker Managing User Connections to Workstations, Blades, VDI, and more. Security Review
Connection Broker Managing User Connections to Workstations, Blades, VDI, and more Security Review Version 8.1 October 21, 2015 Contacting Leostream Leostream Corporation http://www.leostream.com 465 Waverley
More informationVulnerability Assessment and Penetration Testing
Vulnerability Assessment and Penetration Testing Module 1: Vulnerability Assessment & Penetration Testing: Introduction 1.1 Brief Introduction of Linux 1.2 About Vulnerability Assessment and Penetration
More informationWhen a student leaves this intensive 5 day class they will have hands on understanding and experience in Ethical Hacking.
Ethical Hacking and Countermeasures Course Description: This class will immerse the student into an interactive environment where they will be shown how to scan, test, hack and secure their own systems.
More informationDOCUMENTATION MICROSOFT SQL BACKUP & RESTORE OPERATIONS
DOCUMENTATION MICROSOFT SQL BACKUP & RESTORE OPERATIONS Copyright Notice The use and copying of this product is subject to a license agreement. Any other use is prohibited. No part of this publication
More informationMcAfee Public Cloud Server Security Suite
Installation Guide McAfee Public Cloud Server Security Suite For use with McAfee epolicy Orchestrator COPYRIGHT Copyright 2015 McAfee, Inc., 2821 Mission College Boulevard, Santa Clara, CA 95054, 1.888.847.8766,
More informationChapter 1 Web Application (In)security 1
Introduction xxiii Chapter 1 Web Application (In)security 1 The Evolution of Web Applications 2 Common Web Application Functions 4 Benefits of Web Applications 5 Web Application Security 6 "This Site Is
More informationSnapServer NAS GuardianOS 5.2 Compatibility Guide October 2009
SnapServer NAS GuardianOS 5.2 Compatibility Guide October 2009 1 Table of Contents 1 Introduction... 3 2 ed SnapServer NAS Systems... 3 3 Client Compatibility... 3 3.1 Microsoft Windows... 3 3.2 Apple
More informationWeb Application Security Assessment and Vulnerability Mitigation Tests
White paper BMC Remedy Action Request System 7.6.04 Web Application Security Assessment and Vulnerability Mitigation Tests January 2011 www.bmc.com Contacting BMC Software You can access the BMC Software
More informationParallels Plesk Panel 9.2
Getting Started Guide Parallels Plesk Panel 9.2 for your Windows Server Getting Started Guide Page 1 Getting Started Guide: Parallels Plesk Panel 9.2, Windows Server Version 2.2 (1.6.2012) Copyright 2012.
More informationVMware vcenter Support Assistant 5.1.1
VMware vcenter.ga September 25, 2013 GA Last updated: September 24, 2013 Check for additions and updates to these release notes. RELEASE NOTES What s in the Release Notes The release notes cover the following
More informationQuickStart Guide for Managing Computers. Version 9.2
QuickStart Guide for Managing Computers Version 9.2 JAMF Software, LLC 2013 JAMF Software, LLC. All rights reserved. JAMF Software has made all efforts to ensure that this guide is accurate. JAMF Software
More informationUsing Nessus In Web Application Vulnerability Assessments
Using Nessus In Web Application Vulnerability Assessments Paul Asadoorian Product Evangelist Tenable Network Security pasadoorian@tenablesecurity.com About Tenable Nessus vulnerability scanner, ProfessionalFeed
More informationiviz Security Inc (In) Security in Security Products 2013
iviz Security Inc (In) Security in Security Products 2013 iviz Security Inc 2013 Introduction We use security products to secure our systems and our businesses. However, the very security products we use,
More informationEvaluation of Penetration Testing Software. Research
Evaluation of Penetration Testing Software Research Penetration testing is an evaluation of system security by simulating a malicious attack, which, at the most fundamental level, consists of an intellectual
More informationCloudPassage Halo Technical Overview
TECHNICAL BRIEF CloudPassage Halo Technical Overview The Halo cloud security platform was purpose-built to provide your organization with the critical protection, visibility and control needed to assure
More informationITEC441- IS Security. Chapter 15 Performing a Penetration Test
1 ITEC441- IS Security Chapter 15 Performing a Penetration Test The PenTest A penetration test (pentest) simulates methods that intruders use to gain unauthorized access to an organization s network and
More informationPrerequisites and Configuration Guide
Prerequisites and Configuration Guide Informatica Support Console (Version 2.0) Table of Contents Chapter 1: Overview.................................................... 2 Chapter 2: Minimum System Requirements.................................
More information