Previous
Critical PHP Flaw Patched
News Two software updates have been released to fix critical flaws that could allow an attacker to compromise servers using PHP, a programming language for Web pages. By exploiting the flaw, an attacker could take control of the Web server that runs a...
[December 20, 2004, 7:40]
IE7 Linked To Possible Phishing Scam
News The message will offer a link to retry loading the page; hitting it brings up the attacker's page, but showing an arbitrary web address, he wrote. An attacker can use an error message displayed by the latest Microsoft browser to send web surfers to...
[March 15, 2007, 8:33]
Google Toolbar Exposes PCs To Attack
News According to GreyMagic Software, a flaw in the Google Toolbar version 1.1.58 and earlier allows an attacker to embed code in any Web page that fools the toolbar into executing the attacker's commands.
[August 9, 2002, 11:26]
Windows Cursor Flaw Poses 'drive By' Risk
News An attacker could exploit the vulnerability through a web page or email message with rigged computer code, Microsoft said. Upon viewing a web page, previewing or reading a specially crafted message, or opening a specially crafted email attachment...
[March 30, 2007, 9:41]
Weakness Found In MS Server Shield
News An attacker can take advantage of the vulnerability by sending the server a request to view a Web page with an unusually large address -- for example, one with the letter A repeated 3,000 times, SecureXpert Labs said.
[April 18, 2001, 10:01]
Firefox Spoofing Flaw Reported
News Alternatively, an attacker could embed an image in an email or web page which, when clicked on, would return a specially crafted dialogue login from the attacker's web server, again allowing authentication details to be compromised.
[January 4, 2008, 12:51]
Windows XP, Office And SQL Server Open To New Attacks
News However, the attacker would have to know the exact location of the file he or she wished to delete, and would have to entice the victim to view a specially-formed Web page or HTML email. The attacker would also be unable to create new Web tasks.
[October 17, 2002, 13:47]
Cross-application Attack Exploits IE Flaw
News To exploit the flaw, an attacker has to lure a victim to a malicious Web page. This issue could potentially allow an attacker to access content in a separate Web site, if that Web site is in a specific configuration," Microsoft said in the statement.
[December 5, 2005, 10:55]
Google Raises Bar With New Browser Tool
News According to GreyMagic Software, a flaw in the Google Toolbar versions 1.1.58 and earlier allowed an attacker to embed code in any Web page that fools the toolbar into executing the attacker's commands.
[August 14, 2003, 16:15]
Microsoft Patch Tuesday Brings Six Critical Updates
News The vulnerabilities allow an attacker to remotely execute arbitrary code on a system if a user visits a specially crafted web page with affected versions of IE. The vulnerabilities in indexing validation and array, record parsing, and credential...
[August 13, 2008, 12:31]
Microsoft Finds Several 'critical' Web Glitches
News An attacker could create a Web page or HTML email that would let him either read files from the user's local drive, or read information from pages subsequently visited by the user. An attacker could fashion a Web page to secretly read files from...
[February 25, 2002, 17:31]
Java Flaw Opens Windows, Linux To Attack
News It allows execution of attacker-supplied code without user interaction [apart from viewing a Web page] which usually means a 'critical' classification," Pynonnen stated in an email interview with ZDNet UK sister site CNET News.com.
[November 24, 2004, 8:40]
Microsoft Plugs Qhosts Hole
News An attacker could seek to exploit this vulnerability by hosting a specially constructed Web page," Microsoft stated in the advisory. That's exactly what happened at FortuneCity.com, when an unknown attacker was able to replace a banner ad on the...
[October 7, 2003, 9:05]
Businesses Warned Over Web 2.0 Security
News An attacker can gain access privileges to sensitive page content and session cookies by exploiting XSS vulnerabilities. For a determined and skilled attacker, there are many ways to inject malicious code into a network.
[March 26, 2007, 16:37]
Microsoft Warns On Windows And Server Security
News The flaw could allow a buffer overrun, "which could be exploited by a Web page hosted on an attacker's site or sent to a user as an HTML mail", according to the security alert. A specially malformed file name contained in a zipped file could...
[October 4, 2002, 8:33]
Feds Try To Take Logs From Nmap Creator
News They don't give me reasons, but they generally seem to be investigating a specific attacker whom they think may have visited the Nmap page at a certain time. They don't give me reasons, but they generally seem to be investigating a specific...
[November 26, 2004, 16:10]
IE Flaws Open Back Door To Adware
News The flaws could let any attacker with a Web site send an email message or an instant message with a link that, when clicked on by an Internet Explorer user, would cause a program to run on that victim's computer.
[June 10, 2004, 8:45]
Drive-by Pharming Poses Security Risk
News Security firm Symantec warned earlier this week that drive-by pharming could allow a malicious attacker to steal a user's bank details. If a user typed in www.my-bank.co.uk, for example, they would get a false version — allowing the attacker to...
[February 20, 2007, 16:12]
IE Holes Open Up Web Booby Traps
News Seven of the flaws can grant an attacker full access to the victim's PC, while another makes the currently loaded document readable and the last lets an attacker read and write to the clipboard. The attacker would need to know the name and exact...
[October 23, 2002, 8:09]
Firefox Vulnerable To Password Manager Flaw
News The data is then automatically sent to an attacker's computer without the user's knowledge, according to the Chapin Information Services (CIS) site. These attacks could be highly effective against firewalled local network servers and HTTPS...
[November 22, 2006, 13:26]
