jetlib.sec

44 items tagged "defense"

Related tags: safer use [+], arbitrary code [+], procedure sql [+], security event [+], digital [+], zdi [+], vrt [+], usa [+], upload [+], sql server 2005 express [+], sourcefire [+], soap request [+], request parameters [+], nsa [+], ms sql server [+], l. gavas [+], insufficient protection [+], gavas [+], defense management [+], database access [+], credentials [+], code execution [+], center [+], black hat [+], attackers [+], asymmetric [+], arbitrary files [+], alcatel lucent [+], www authors [+], web event [+], web [+], sql injection [+], security web [+], management web [+], layering [+], hackers [+], erik berls [+], defense contractor [+], day [+], contractor [+], total [+], video [+], united states department of defense [+], united states department [+], united [+], u.s. department [+], u.s. [+], tries [+], tower defense game [+], tower [+], slides [+], service database [+], service [+], self [+], security 2001 [+], security [+], rsa securid [+], realm [+], read [+], project arthur [+], play [+], oil [+], norweigian [+], multitouch [+], ministry of defense [+], milliseconds [+], legal [+], lawsuit [+], laurent oudot [+], last news [+], kit [+], k. ministry [+], japan [+], intrusion detection [+], hacks [+], hacked [+], gateway security [+], eric schultze [+], dominique brezinski [+], dominique [+], depth [+], department of defense [+], department [+], defense pact [+], defense industries [+], david leblanc [+], darknet [+], cyber realm [+], cyber attack [+], cyber [+], control scheme [+], control management [+], computer associates [+], computer [+], bugtraq [+], bruce potter [+], breach [+], bluetooth [+], australia [+], audio [+], arthur [+], acting [+], Issues [+], suite [+]

May 03, 2012
21:31
U.K. Ministry Of Defense Tries To Play Catch Up With Hackers
» ‎ Packet Storm Security Headlines

U.K. Ministry Of Defense Tries To Play Catch Up With Hackers
Tags: tries defense play k.-ministry ministry-of-defense hackers

April 04, 2012
17:52
Sourcefire Defense Center File Download / Cross Site Scripting
» ‎ Packet Storm Security Exploits

The Sourcefire Defense Center(R) versions prior 4.10.2.3 were found to be vulnerable to arbitrary file download, deletion of files in a specific directory, persistent cross site scripting, and database access using default credentials in some circumstances.
Tags: sourcefire center defense database-access credentials

17:52
Sourcefire Defense Center File Download / Cross Site Scripting
» ‎ Packet Storm Security Recent Files

The Sourcefire Defense Center(R) versions prior 4.10.2.3 were found to be vulnerable to arbitrary file download, deletion of files in a specific directory, persistent cross site scripting, and database access using default credentials in some circumstances.
Tags: sourcefire center defense database-access credentials

17:52
Sourcefire Defense Center File Download / Cross Site Scripting
» ‎ Packet Storm Security Misc. Files

The Sourcefire Defense Center(R) versions prior 4.10.2.3 were found to be vulnerable to arbitrary file download, deletion of files in a specific directory, persistent cross site scripting, and database access using default credentials in some circumstances.
Tags: sourcefire center defense database-access credentials

February 08, 2012
11:00
Bugtraq: ZDI-12-024 : Total Defense Suite UNC Management Web Service uncsp_ViewReportsHomepage SQL Injection Vulnerability
» ‎ SecurityFocus Vulnerabilities

ZDI-12-024 : Total Defense Suite UNC Management Web Service uncsp_ViewReportsHomepage SQL Injection Vulnerability
Tags: total suite defense sql-injection zdi management-web
10:00
Bugtraq: ZDI-12-023 : Total Defense Suite UNC Management Web Service Database Credentials Disclosure Vulnerability
» ‎ SecurityFocus Vulnerabilities

ZDI-12-023 : Total Defense Suite UNC Management Web Service Database Credentials Disclosure Vulnerability
Tags: total suite defense service-database zdi management-web

January 09, 2012
21:35
[Slides] Bluetooth Defense Kit
» ‎ SecDocs

Authors: Bruce Potter
Tags: bluetooth
Event: Black Hat USA 2006

Tags: defense bluetooth kit bruce-potter usa black-hat slides

December 19, 2011
15:39
CA Total Defense Suite Gateway Security Malformed HTTP Packet Code Execution Vulnerability
» ‎ SecuriTeam

This vulnerability allows attackers to execute arbitrary code on vulnerable installations of CA Total Defense Suite r12.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!

Tags: total suite defense code-execution safer-use gateway-security

December 05, 2011
21:49
[Slides] Acting in Milliseconds-Why Defense Processes Need to Change
» ‎ SecDocs

Authors: Dominique Brezinski
Tags: security intrusion detection
Event: Black Hat USA 2004

Tags: milliseconds defense acting usa dominique dominique-brezinski intrusion-detection black-hat
December 04, 2011
21:41
[Slides] Digital Active Self Defense
» ‎ SecDocs

Authors: Laurent Oudot
Tags: security
Event: Black Hat USA 2004

Tags: digital self defense laurent-oudot usa security-event black-hat

November 18, 2011
8:43
Norweigian Oil And Defense Industries Are Hit By A Major Cyber Attack
» ‎ Packet Storm Security Headlines

Norweigian Oil And Defense Industries Are Hit By A Major Cyber Attack
Tags: defense norweigian oil cyber-attack defense-industries

November 11, 2011
21:43
[Slides] Defense in Depth: Winning in Spite of Yourself (aka "Foiling JD")
» ‎ SecDocs

Authors: David LeBlanc Eric Schultze
Tags: security
Event: Black Hat Windows Security 2001

Tags: depth security defense eric-schultze david-leblanc security-2001

October 17, 2011
11:44
The U.S. Department of Defense Hit With $4.9B Lawsuit Over Data Breach
» ‎ Darknet

We haven’t published anything about the Defense Department for a while, the last news really was the whole RSA SecurID thing which affected some of the US DoD sub-contractors. The latest news is they’ve been hit with a colossal lawsuit of almost $5 Billion! The lawsuit is regarding a recent breach involving a healthcare system [...]

Read the full post at darknet.org.uk

Tags: lawsuit defense breach read u.s.-department rsa-securid darknet last-news legal Issues

October 04, 2011
13:01
CA Total Defense Suite reGenerateReports Stored Procedure SQL Injection
» ‎ Packet Storm Security Exploits

This Metasploit module exploits an sql injection flaw in CA Total Defense Suite R12. When supplying a specially crafted soap request to '/UNCWS/Management.asmx', an attacker can abuse the reGenerateReports stored procedure by injecting arbitrary sql statements into the ReportIDs element. NOTE: This Metasploit module was tested against the MS SQL Server 2005 Express that's bundled with CA Total Defense Suite R12. CA's Total Defense Suite real-time protection will quarantine the default framework executable payload. Choosing an alternate exe template will bypass the quarantine.
Tags: total suite defense ms-sql-server soap-request sql-server-2005-express

13:01
CA Total Defense Suite reGenerateReports Stored Procedure SQL Injection
» ‎ Packet Storm Security Recent Files

This Metasploit module exploits an sql injection flaw in CA Total Defense Suite R12. When supplying a specially crafted soap request to '/UNCWS/Management.asmx', an attacker can abuse the reGenerateReports stored procedure by injecting arbitrary sql statements into the ReportIDs element. NOTE: This Metasploit module was tested against the MS SQL Server 2005 Express that's bundled with CA Total Defense Suite R12. CA's Total Defense Suite real-time protection will quarantine the default framework executable payload. Choosing an alternate exe template will bypass the quarantine.
Tags: total suite defense ms-sql-server soap-request sql-server-2005-express

13:01
CA Total Defense Suite reGenerateReports Stored Procedure SQL Injection
» ‎ Packet Storm Security Misc. Files

This Metasploit module exploits an sql injection flaw in CA Total Defense Suite R12. When supplying a specially crafted soap request to '/UNCWS/Management.asmx', an attacker can abuse the reGenerateReports stored procedure by injecting arbitrary sql statements into the ReportIDs element. NOTE: This Metasploit module was tested against the MS SQL Server 2005 Express that's bundled with CA Total Defense Suite R12. CA's Total Defense Suite real-time protection will quarantine the default framework executable payload. Choosing an alternate exe template will bypass the quarantine.
Tags: total suite defense ms-sql-server soap-request sql-server-2005-express

October 03, 2011
0:00
Vuln: Computer Associates Total Defense Multiple SQL Injection Vulnerabilities
» ‎ SecurityFocus Vulnerabilities

Computer Associates Total Defense Multiple SQL Injection Vulnerabilities
Tags: total computer defense sql-injection computer-associates

October 02, 2011
21:00
[webapps / 0day] - CA Total Defense Suite reGenerateReports Stored Procedure SQL Injection
» ‎ 1337day (was: Inj3ct0r, 1337db)

[webapps / 0day] - CA Total Defense Suite reGenerateReports Stored Procedure SQL Injection
Tags: total day defense procedure-sql
October 01, 2011
14:00
[webapps / 0day] - CA Total Defense Suite reGenerateReports Stored Procedure SQL Injection
» ‎ 1337day (was: Inj3ct0r, 1337db)

[webapps / 0day] - CA Total Defense Suite reGenerateReports Stored Procedure SQL Injection
Tags: total day defense procedure-sql

September 19, 2011
17:19
Japan's Biggest Defense Contractor Hit By Hackers
» ‎ Packet Storm Security Headlines

Japan's Biggest Defense Contractor Hit By Hackers
Tags: hackers contractor defense japan defense-contractor
September 15, 2011
17:08
U.S., Australia To Add Cyber Realm To Defense Pact
» ‎ Packet Storm Security Headlines

U.S., Australia To Add Cyber Realm To Defense Pact
Tags: realm defense cyber australia u.s. defense-pact cyber-realm

August 31, 2011
13:01
Multitouch tower defense uses physical towers
» ‎ Hack a Day

If you’re tired of playing flash games with a mouse, perhaps you’ll draw inspiration from this project. Arthur built a multitouch interface that uses objects as part of the control scheme. In the image above you can see that the game board for a tower defense game is shown on the display. There is a [...]
Tags: multitouch tower defense arthur tower-defense-game project-arthur control-scheme hacks

June 26, 2011
14:49
CA Total Defense Suite UnassignFunctionalUsers Stored Procedure SQL Injection Vulnerability
» ‎ SecuriTeam

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of CA Total Defense Suite.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!

Tags: total suite defense procedure-sql safer-use arbitrary-code
14:49
CA Total Defense Suite Heartbeat Web Service Code Execution Vulnerability
» ‎ SecuriTeam

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of CA Total Defense Endpoint.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!

Tags: total defense service code-execution safer-use arbitrary-code
June 21, 2011
20:54
CA Total Defense Suite UnassignAdminRoles Stored Procedure SQL Injection Vulnerability
» ‎ SecuriTeam

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of CA Total Defense Suite.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!

Tags: total suite defense procedure-sql safer-use arbitrary-code
20:39
CA Total Defense Suite UNC Management Console DeleteFilter SQL Injection Vulnerability
» ‎ SecuriTeam

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of CA Total Defense Suite Unified Network Control Management Console.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!

Tags: total suite defense safer-use control-management arbitrary-code
June 20, 2011
14:04
CA Total Defense Suite UNC Management Console DeleteReportLayout SQL Injection Vulnerability
» ‎ SecuriTeam

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of CA Total Defense Suite.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!

Tags: total suite defense safer-use arbitrary-code attackers
14:04
CA Total Defense Suite NonAssignedUserList Stored Procedure SQL Injection Vulnerability
» ‎ SecuriTeam

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of CA Total Defense Suite.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!

Tags: total suite defense procedure-sql safer-use arbitrary-code
June 16, 2011
17:29
CA Total Defense Suite UNC Management Console RegenerateReport SQL Injection Vulnerability
» ‎ SecuriTeam

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of CA Total Defense Suite r12.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!

Tags: total suite defense safer-use arbitrary-code attackers
17:24
CA Total Defense Suite UNC Management Console DeleteReports SQL Injection Vulnerability
» ‎ SecuriTeam

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of CA Total Defense Suite.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!

Tags: total suite defense safer-use arbitrary-code attackers

June 01, 2011
12:04
Defense Contractor L-3 Is Being Hacked RSA Style
» ‎ Packet Storm Security Headlines

Defense Contractor L-3 Is Being Hacked RSA Style
Tags: contractor defense hacked defense-contractor

April 14, 2011
10:08
CA Total Defense SQL Injection / Shell Upload
» ‎ Packet Storm Security Advisories

CA Technologies support is alerting customers to security risks with CA Total Defense. Multiple vulnerabilities exist that can allow a remote attacker to possibly execute arbitrary code. CA issued an automatic update to address the vulnerabilities. The first set of vulnerabilities are due to insufficient handling of certain request parameters. A remote attacker can use various SQL injection attacks to potentially compromise the Unified Network Control (UNC) Server. The second vulnerability occurs due to insufficient handling of file upload parameters. A remote attacker can upload a file and use it to execute arbitrary code on the Total Defense Management Server. The third vulnerability is due to insufficient protection of sensitive information. A remote attack can acquire account credentials and take privileged action on the Unified Network Control (UNC) Server.
Tags: upload total defense request-parameters insufficient-protection defense-management

10:08
CA Total Defense SQL Injection / Shell Upload
» ‎ Packet Storm Security Recent Files

CA Technologies support is alerting customers to security risks with CA Total Defense. Multiple vulnerabilities exist that can allow a remote attacker to possibly execute arbitrary code. CA issued an automatic update to address the vulnerabilities. The first set of vulnerabilities are due to insufficient handling of certain request parameters. A remote attacker can use various SQL injection attacks to potentially compromise the Unified Network Control (UNC) Server. The second vulnerability occurs due to insufficient handling of file upload parameters. A remote attacker can upload a file and use it to execute arbitrary code on the Total Defense Management Server. The third vulnerability is due to insufficient protection of sensitive information. A remote attack can acquire account credentials and take privileged action on the Unified Network Control (UNC) Server.
Tags: upload total defense request-parameters insufficient-protection defense-management

10:08
CA Total Defense SQL Injection / Shell Upload
» ‎ Packet Storm Security Misc. Files

CA Technologies support is alerting customers to security risks with CA Total Defense. Multiple vulnerabilities exist that can allow a remote attacker to possibly execute arbitrary code. CA issued an automatic update to address the vulnerabilities. The first set of vulnerabilities are due to insufficient handling of certain request parameters. A remote attacker can use various SQL injection attacks to potentially compromise the Unified Network Control (UNC) Server. The second vulnerability occurs due to insufficient handling of file upload parameters. A remote attacker can upload a file and use it to execute arbitrary code on the Total Defense Management Server. The third vulnerability is due to insufficient protection of sensitive information. A remote attack can acquire account credentials and take privileged action on the Unified Network Control (UNC) Server.
Tags: upload total defense request-parameters insufficient-protection defense-management

8:00
Bugtraq: ZDI-11-126: CA Total Defense Suite Heartbeat Web Service Remote Code Execution Vulnerability
» ‎ SecurityFocus Vulnerabilities

ZDI-11-126: CA Total Defense Suite Heartbeat Web Service Remote Code Execution Vulnerability
Tags: total suite defense code-execution zdi bugtraq

March 01, 2011
14:20
Digital Defense VRT Advisory 2010.30
» ‎ Packet Storm Security Advisories

The Alcatel-Lucent OmniVista 4760 NMS is vulnerable to a directory traversal. This flaw allows remote unauthenticated attackers to retrieve arbitrary files from a vulnerable system.
Tags: digital defense vrt alcatel-lucent arbitrary-files

14:20
Digital Defense VRT Advisory 2010.30
» ‎ Packet Storm Security Recent Files

The Alcatel-Lucent OmniVista 4760 NMS is vulnerable to a directory traversal. This flaw allows remote unauthenticated attackers to retrieve arbitrary files from a vulnerable system.
Tags: digital defense vrt alcatel-lucent arbitrary-files

14:20
Digital Defense VRT Advisory 2010.30
» ‎ Packet Storm Security Misc. Files

The Alcatel-Lucent OmniVista 4760 NMS is vulnerable to a directory traversal. This flaw allows remote unauthenticated attackers to retrieve arbitrary files from a vulnerable system.
Tags: digital defense vrt alcatel-lucent arbitrary-files

November 05, 2010
3:55
[Slides] Layering in defense: Front ending WWW
» ‎ SecDocs

Authors: Erik Berls
Tags: security web server web
Event: LayerOne 2005

Tags: web layering defense erik-berls www-authors web-event security-web
3:55
[Slides] Layering in defense: Front ending WWW
» ‎ SecDocs

Authors: Erik Berls
Tags: security web server web
Event: LayerOne 2005

Tags: web layering defense erik-berls www-authors web-event security-web
March 15, 2010
22:01
[Video] Asymmetric Defense: How to Fight Off the NSA Red Team with Five People or Less
» ‎ SecDocs

Authors: Efstratios L. Gavas
Tags: security
Event: DEFCON 17

Tags: video defense asymmetric l.-gavas gavas security-event nsa
22:01
[Slides] Asymmetric Defense: How to Fight Off the NSA Red Team with Five People or Less
» ‎ SecDocs

Authors: Efstratios L. Gavas
Tags: security
Event: DEFCON 17

Tags: defense asymmetric nsa l.-gavas gavas security-event
22:01
[Audio] Asymmetric Defense: How to Fight Off the NSA Red Team with Five People or Less
» ‎ SecDocs

Authors: Efstratios L. Gavas
Tags: security
Event: DEFCON 17

Tags: audio defense asymmetric l.-gavas gavas security-event nsa

March 01, 2010
0:00
United States Department Of Defense Embraces Hacker Certification To Protect US Interests
» ‎ Packet Storm Security Headlines

United States Department Of Defense Embraces Hacker Certification To Protect US Interests
Tags: united department defense united-states-department department-of-defense united-states-department-of-defense

jetlib.sec » Tags » defense

Feeds

44 items tagged "defense"

Tags: tries defense play k.-ministry ministry-of-defense hackers

Tags: sourcefire center defense database-access credentials

Tags: sourcefire center defense database-access credentials

Tags: sourcefire center defense database-access credentials

Tags: total suite defense sql-injection zdi management-web

Tags: total suite defense service-database zdi management-web

Tags: defense bluetooth kit bruce-potter usa black-hat slides

Tags: total suite defense code-execution safer-use gateway-security

Tags: milliseconds defense acting usa dominique dominique-brezinski intrusion-detection black-hat

Tags: digital self defense laurent-oudot usa security-event black-hat

Tags: defense norweigian oil cyber-attack defense-industries

Tags: depth security defense eric-schultze david-leblanc security-2001

Tags: lawsuit defense breach read u.s.-department rsa-securid darknet last-news legal Issues

Tags: total suite defense ms-sql-server soap-request sql-server-2005-express

Tags: total suite defense ms-sql-server soap-request sql-server-2005-express

Tags: total suite defense ms-sql-server soap-request sql-server-2005-express

Tags: total computer defense sql-injection computer-associates

Tags: total day defense procedure-sql

Tags: total day defense procedure-sql

Tags: hackers contractor defense japan defense-contractor

Tags: realm defense cyber australia u.s. defense-pact cyber-realm

Tags: multitouch tower defense arthur tower-defense-game project-arthur control-scheme hacks

Tags: total suite defense procedure-sql safer-use arbitrary-code

Tags: total defense service code-execution safer-use arbitrary-code

Tags: total suite defense procedure-sql safer-use arbitrary-code

Tags: total suite defense safer-use control-management arbitrary-code

Tags: total suite defense safer-use arbitrary-code attackers

Tags: total suite defense procedure-sql safer-use arbitrary-code

Tags: total suite defense safer-use arbitrary-code attackers

Tags: total suite defense safer-use arbitrary-code attackers

Tags: contractor defense hacked defense-contractor

Tags: upload total defense request-parameters insufficient-protection defense-management

Tags: upload total defense request-parameters insufficient-protection defense-management

Tags: upload total defense request-parameters insufficient-protection defense-management

Tags: total suite defense code-execution zdi bugtraq

Tags: digital defense vrt alcatel-lucent arbitrary-files

Tags: digital defense vrt alcatel-lucent arbitrary-files

Tags: digital defense vrt alcatel-lucent arbitrary-files

Tags: web layering defense erik-berls www-authors web-event security-web

Tags: web layering defense erik-berls www-authors web-event security-web

Tags: video defense asymmetric l.-gavas gavas security-event nsa

Tags: defense asymmetric nsa l.-gavas gavas security-event

Tags: audio defense asymmetric l.-gavas gavas security-event nsa

Tags: united department defense united-states-department department-of-defense united-states-department-of-defense