A vulnerability which is known to the designers, implementers, or operators of the system, but has not been corrected.
Questions tagged [known-vulnerabilities]
373 questions
23
votes
6 answers
Is there a guide of general/common IT vulnerabilities?
I'm looking for an updated and comprehensive guide of general/common IT vulnerabilities (general information).
I do not want you to do the job for me, I just want to point me in the right direction: a book or website recommendation would be…
Edgar
- 675
- 1
- 6
- 8
14
votes
4 answers
Are there any customizable vulnerability notification services?
Are there any services (free or otherwise) that provide information on new vulnerabilities for a given piece of technology?
For example, say I want to be updated of all new Wordpress vulnerabilities via RSS or email? What would be my best option?
nopcorn
- 403
- 1
- 4
- 9
13
votes
2 answers
How to make a website patch their poor security?
I am following an online class from a local institution. Recently, I've noticed they don't hash passwords because they sent me my password by e-mail in clear text.
The website has a lot of personal information so I've decided to test how secure it…
Simon
- 3,202
- 4
- 27
- 38
10
votes
1 answer
Is MediaWiki viable for sensitive information?
I was under the impression that MediaWiki, due to its nature as "open for all Wiki platform", is not tailored towards managing sensitive information.
I found some warnings about this on the MediaWiki FAQ and some user account extensions as:
If you…
Amenti
- 203
- 2
- 6
10
votes
4 answers
Exploit-db like websites, where people can search for security bugs
If someone has to decide between 2 very similar server programs, or operating systems, then it searches on sites like:
http://www.exploit-db.com/search/
so that there he could get enough information about the given program/os's historical…
LanceBaynes
- 6,279
- 12
- 63
- 92
8
votes
2 answers
Where can I find a list of un-patched CVEs for a specific piece of software?
Is there a database of vulnerabilities somewhere, that can be queried in such a way as to return results for all non-patched vulnerabilities for a specific piece of software?
For example, I would like to see a list of the current non-patched…
Iszi
- 27,127
- 18
- 101
- 163
6
votes
5 answers
Naming convention based exploits
The book Web Hacking Exposed has a number of instances where the attacker would essentially use patterns in naming conventions to design attacks.
Can any one point me to any study on security/privacy exploits based on "naming conventions" ... such…
Tathagata
- 213
- 1
- 5
4
votes
2 answers
How do I know that I'm vulnerable to the: " Coordinated Website Compromise Campaigns Continue to Plague Internet "
http://blogs.cisco.com/security/mass-compromise-of-the-obsolete/
and:
All Redhat/CentOS versions plus nearly 100% of linux-based routers run
2.6
Since the article is extremely uninformative..
Q: How do I know that I'm vulnerable or not? ex.:…
evachristine
- 633
- 5
- 9
3
votes
4 answers
Vulnerablity counts by platform
I've been asked to compile a list of the number of published web vulnerabilities or exploits grouped by platform.
With the understanding and caveat that numbers are just statistics, shouldn't be used to predict the future, are totally unfair, worse…
tylerl
- 83,435
- 26
- 152
- 232
2
votes
1 answer
If I find a Microsoft Vulnerability do I get credit for reporting it directly to Microsoft?
I know that if you discover a vulnerability in a open source product you have the option of fixing it yourself, creating a bug report or other methods to prove that you have contributed to the internet (read society if you like) as a whole in some…
DarkSheep
- 333
- 2
- 13
1
vote
1 answer
How does the ruby vulnerability affect me?
Visiting this site: http://ruby-doc.org/
I get this message:
There were 3 Ruby vulnerability reports in the last 14 days. 2 high, 1 medium. Most recent: CVE-2013-4562. See details.
I only installed ruby for fun and to play with it. Does this…
user46757
- 13
- 2
1
vote
0 answers
How would you find a complete list of a software's vulnerabilities?
I'm interested in the number of vulnerabilities over time, not in specific information about the vulnerabilities. I also don't expect any list to be completely authoritative. But what list could I consult to get an idea of the number of…
lsm
- 11
- 1
1
vote
0 answers
How GitHub Advisory assigns vulnerabilities to same components coming from different package managers?
I am trying to understand how GitHub Advisory filters vulnerabilities, particularly in the context of Bootstrap 3.3.7. In the National Vulnerability Database (NVD), the following vulnerabilities are reported for Bootstrap 3.3.7:
CVE-2019-8331…
Sandeep
- 11
- 1
0
votes
5 answers
Where can I find a description list for major vulnerabilities?
I'm looking for a description list for major vulnerabilities such as SQLi, XSS etc.
The format should be like this:
Short Description:
Description:
Impact:
Solution/How to prevent:
References:
user3220381
- 1
- 1
0
votes
1 answer
What is the "Australian Failure"?
In the notes for my Computer Security course, the lecturer refers to the "Australian Failure" on slide 19. I'm assuming he's referring to a well known security system failure, but I can't find what it is, does anyone know what he's talking about?
fredley
- 1,455
- 1
- 16
- 25