Author Archive
N-Stealth 3.7 Detects the Top Ten Web Application Vulnerabilities
January 13, 2003
The Open Web Application Security Project has released a report outlining the top ten vulnerabilities in web applications. All of the classic flaws are covered, such as buffer overflows, cross-site-scripting, command injection, unvalidated parameters, various misconfigurations, and other issues. You also might want to check out OWASP’s much acclaimed Guide to Building Secure Web Applications […]
Code Execution and XSS Holes in PHP-Nuke
December 18, 2002
Code execution and cross-site scripting vulnerabilities have been found in PHP-Nuke 6.0, a popular but notoriously insecure web portal system which is used to run hundreds of thousands of sites. The first flaw is in the web mail module: if a user receives and reads a message with an attached file, the file is stored […]
Multiple New Security Vulnerabilities in SSH
December 17, 2002
Multiple vendors’ implementations of the SSH protocol contain buffer overflows and several other vulnerabilities, according to a new advisory issued by CERT. The security holes could be exploited remotely, leading to denial of service or the execution of arbitrary code under the SSH process’ privileges. A suite of test apps developed by Rapid7 can test […]
« Older Entries Newer Entries »
