The goal of this project is to make virtual world a safer and better place without child pornography, major computer crime and RIAA.
Login As
You can log in if you are registered at one of these services:
Security Bulletins
Latest Malware Updates

Infostealer.Posteal

02/26/2015

Downloader.Busadom

02/26/2015

Trojan.Ladocosm

02/26/2015

SONAR.SuspDocRun

02/25/2015

SONAR.SuspHelpRun

02/25/2015

Researchers have doubted the relevance of the Common Vulnerability Scoring System

Researchers have doubted the relevance of the Common Vulnerability Scoring System

Italian security researchers from the University of Trento - Luca Allodi and Fabio Massacci stated that the the Common Vulnerability Scoring System (CVSS) does not give an answer to the main concern of all companies - whether the vulnerabilities are used in real-time for attacks on computer systems.

"The CVSS could be high, but you may have a low risk of being exploited, while you can get a low CVSS score and still be attacked," Massacci says. "There is not much correlation between the CVSS only and the chance of being attacked." The researchers compared the CVSS scores from the National Vulnerability Database (NVD) with information from the Exploits database, as well as data from Symantec about the vulnerabilities that have been used in actual attacks.

Experts note that the vulnerability exploits that are sold on forums should be addressed in the first place, since the degree of risk for their usage is very high. However, there was less correlation between the existence of a proof-of-concept attack in the Exploit Database and the risk of attack.

In addition, the complexity of the attack, which is one of the metrics in CVSS, has a strong correlation with the probability of exploitation of a vulnerability than the overall assessment of vulnerability.

"If your vulnerability is in an exploit kit, then patch," Allodi says. "And if it is easy to exploit, then patch. But if it is difficult--more complex--to exploit, then it depends on the importance of the software with a vulnerability."

The full report of the researchers will be presented on the Black Hat Security Briefings.

(c) Naked Security


Security Advisories Database

Remote Code Execution Vulnerability in Microsoft OpenType Font Driver

A remote attacker can execute arbitrary code on the target system.

07/21/2015

SQL Injection Vulnerability in Piwigo

SQL inection vulnerability has been discovered in Piwigo.

02/05/2015

Cross-site Scripting Vulnerability in DotNetNuke

A cross-site scripting (XSS) vulnerability has been discovered in DotNetNuke.

02/05/2015

Cross-site Scripting Vulnerability in Hitachi Command Suite

A cross-site scripting vulnerability was found in Hitachi Command Suite.

02/02/2015

Denial of service vulnerability in FreeBSD SCTP RE_CONFIG Chunk Handling

An attacker can perform a denial of service attack.

01/30/2015

Denial of service vulnerability in Apache Traffic Server HTTP TRACE Max-Forwards

An attacker can perform a denial of service attack.

01/30/2015

Denial of service vulnerability in MalwareBytes Anti-Exploit "mbae.sys"

An attacker can perform a denial of service attack.

01/30/2015

Denial of service vulnerability in Linux Kernel splice

An attacker can perform a denial of service attack.

01/29/2015

Denial of service vulnerability in Python Pillow Module PNG Text Chunks Decompression

An attacker can perform a denial of service attack.

01/20/2015