Xavier Santolaria's Library tagged vulnerability →  View Popular, Search in Google

"To date, a major gap exists in vulnerability standardization: there is no standard framework for the creation of vulnerability report documentation."

infosec security vulnerability framework

"OMG, today is The Breach Day, an official security holiday. Verizon Business has just released their super-famous “2011 Data Breach Investigations Report”"

infosec security verizon report vulnerability dbir

"The Internet Systems Consortium (ISC), a non-profit company which develops BIND and dhcpd/dhclient, has announced a new remote code execution vulnerability present in its dhclient software."

security dhcp isc bugs vulnerability

A massive SQL Injection campaign, similar to ones seen in the past, has hit nearly 50,000 domains across the Web, including a handful of iTunes URLs. The attacking domain, lizamoon.com, is currently offline but the server hosting it remains active. Before it disappeared, the injected domain was pointing users to Rogue anti-Virus applications.

infosec security vulnerability sql injection

Today, as every ordinary Monday, I went to my e-mail box and checked messages from the security community in Full-Disclosure. As usual I came across an advisory pointing out some web security vulnerabilities that differently from usual certainly had my attention.

mcafee infosec security xss vulnerability

This post documents an XSS vulnerability that I discovered in the default Gmail app (v1.3) provided by Google in Android 2.1 and prior.

android mobile google security xss vulnerability gmail

Some people asked me for a simple way to check shell extensions for their ASLR support. You can do this with Process Explorer.

infosec windows vulnerability hacking

"By some accounts, Microsoft and Google are at each other's throats over the disclosure of vulnerabilities.

Summarising what seems to have happened in fewer than 100 words is a challenging exercise, but here goes:"

google microsoft vulnerability full disclosure bugs