Microsoft has released an out-of-band patch to fix an extremely critical worm hole that exposes Windows users to remote code execution attacks. The emergency update comes just one week after the regularly scheduled Patch Tuesday and follows the discovery of a targeted zero-day attack, Microsoft said in an advisory.   The ...

This security update resolves two privately reported vulnerabilities in Outlook Web Access (OWA) for Microsoft Exchange Server. An attacker who successfully exploited these vulnerabilities could gain access to an individual OWA client’s session data, allowing elevation of privilege. The attacker could then perform any action the user could perform from ...

A major security vulnerability has been discovered in the popular WordPress blogging software. The vulnerability may allow an attacker to bypass security restrictions. Being able to bypass security restrictions would allow someone the ability to post malicious code that could attack visitors to that site. When the “backend” server application ...

Three vulnerabilities pose a risk to users of version 6.0.0 to 6.0.2 of Adobe’s products. First, there's a vulnerability in the handling of Flash files embedded in PDF documents that can be exploited to read files on user's systems. Adobe has also acknowledged multiple flaws in a software library called ...

SQL Injection is one of the many web attack mechanisms used by hackers to steal data from organizations. It is perhaps one of the most common application layer attack techniques used today. It is the type of attack that takes advantage of improper coding of your web applications that allows ...

A zero-day exploit is one that takes advantage of a security vulnerability on the same day that the vulnerability becomes generally known. Ordinarily, after someone detects that a software program contains a potential exposure to exploitation by a hacker, that person or company can notify the software company and sometimes ...

An Italian security researcher has posted a proof-of-concept exploit for a zero-day vulnerability in the most current version of Apple's QuickTime media software (7.3.1).Luigi Auriemma, noted among other things for discovering a vulnerability in the Unreal Engine in 2004, on Thursday posted details about producing a buffer overflow ...

If a program has a bug in it that manifests under extreme circumstances, then normally, it's a minor annoyance. Usually, you can just avoid the extreme circumstances, and the bug isn't a problem. You could duplicate the effect of tickling the bug by writing your own program, if ...

Microsoft is warning customers about a zero-day flaw in the process of how Windows looks up other computers on the Internet. The vulnerability is a variation of one patched in 1999, and attackers could exploit it to access sensitive data and redirect users to Web sites rigged with malware. It is ...

Although a most powerful set of technologies, developers must be aware of the potential security holes and breeches to which AJAX applications have (and will) become vulnerable. According to Pete Lindstrom, Director of Security Strategies with the Hurwitz Group, Web applications are the most vulnerable elements of an organization’s IT infrastructure ...

Add-ons add security threat By Robert Lemos, SecurityFocus Published Friday 1st June 2007 10:06 GMT A security weakness in the update mechanism for third-party add-ons to the Firefox browser could give an attacker the ability to exploit unsecured downloads and install malicious code on the victim’s computer, a security researcher warned on Wednesday. The ...