Debian Security Advisory DSA 3140-1 (xen - security update)

Multiple security issues have been discovered in the Xen virtualisation solution which may result in denial of service, information disclosure or privilege escalation. CVE-2014-8594 Roger Pau Monne and Jan Beulich discovered that incomplete restrictions on MMU update hypercalls may result in...

DSA-3140-1 xen - security update

Bulletin has no description...

java-1.6.0-openjdk security update

1:1.6.0.33-1.13.6.1.0.1.el511 - Add oracle-enterprise.patch 1:1.6.0.34-1.13.6.1 - Update to latest 1.13.6 release candidate tarball - Fixes a number of issues found with b34: - OJ51, PR2187: Sync patch for 4873188 with 7 version - OJ52, PR2185: Application of 6786276 introduces compatibility issu...

Drop SSlv3 retry and copied CustomSSLProtocolSocketFactory.java from SAL

panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Cloud. Using Confluence Server? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFSERVER-36250. panel The fix for CONF-24035 introduced a retry with SSLv3 if a connection fails. However, like workaround implemented i...

Password Sniffer Console - Command-line Tool to Sniff and Capture HTTP/FTP/POP3/SMTP/IMAP Passwords

Password Sniffer Console is the all-in-one command-line based Password Sniffing Tool to capture Email, Web and FTP login passwords passing through the network. It automatically detects the login packets on network for various protocols and instantly decodes the passwords. Here is the list of...

Microsoft Windows Application Compatibility Cache Privilege Escalation (3023266)

This host is missing an important security update according to Microsoft Bulletin MS15-001. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Privilege escalation

The AhcVerifyAdminContext function in ahcache.sys in the Application Compatibility component in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not verify that an impersonation token is associated with ...

CVE-2015-0002

CVE-2015-0002 (AppCompat Cache Elevation of Privilege) affects Windows via AhcVerifyAdminContext in ahcache.sys, introduced with Windows 8/8.1 era. The root cause is improper validation of the caller’s impersonation token: the code retrieves the token and checks for LocalSystem or Administrators,...

CVE-2015-0002

The AhcVerifyAdminContext function in ahcache.sys in the Application Compatibility component in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not verify that an impersonation token is associated with ...

Microsoft Application Compatibility Infrastructure Elevation of Privilege (MS15-001; CVE-2015-0002)

A privilege escalation vulnerability exists in Microsoft Windows Application Compatibility Cache. The vulnerability is due to a lack of validation of administrator privileges while running a specially crafted application. An authenticated attacker can exploit this issue by sending a specially...

Fedora 20 : ca-certificates-2014.2.2-1.0.fc20 (2014-17272)

This is an update to the set of CA certificates released with NSS version 3.17.3 However, the package modifies the CA list to keep several legacy CAs still trusted for compatibility reasons. Please refer to the project URL for details. If you prefer to use the unchanged list provided by Mozilla,...

Instant PDF Password Protector - Password Protect PDF file

Instant PDF Password Protector is the Free tool to quickly Password Protect PDF file on your system. With a click of button, you can lock or protect any of your sensitive/private PDF documents. You can also use any of the standard Encryption methods - RC4/AES 40-bit, 128-bit, 256-bit based upon t...

NtApphelpCacheControl vulnerability detailed in-depth analysis-vulnerability warning-the black bar safety net

Causes: a Google Project Zero team of budding member James Forshaw in 9 month 3 day 0 to Microsoft submitted the name“Windows: Elevation of Privilege in ahcache. sys/NtApphelpCacheControl”security issues, and in Google's vulnerability disclosure period 9 0 days after, that is, 2 0 1 4 years 1 2...

In-depth understanding of Google and Microsoft's controversial vulnerability: NtApphelpCacheControl vulnerability analysis-vulnerability warning-the black bar safety net

Causes:the The Google Project Zero team of budding member James Forshaw in 9 month 3 day 0 to Microsoft submitted the name“Windows: Elevation of Privilege inahcache. sys/NtApphelpCacheControl”security issues, and in Google's vulnerability disclosure period 9 0 days after, that is, 2 0 1 4 years 1...

Vimeo: APIs for channels allow HTML entities that may cause XSS issue

Hello, I found Vimeo's bug bounty program on 1. Please find below details of a security issue I found. First, APIs for channels 2 allow you to put HTML and javascript to name or description of a channel. For example, an attacker can use a Python script like the following to put javascript to an...

SkinCrafter3 vs2005 3.8.1.0 - Multiple ActiveX Buffer Overflows

SkinCrafter3 vs2005 3.8.1.0 - Multiple ActiveX Buffer Overflows ActiveX Buffer Overflow in SkinCrafter3vs2005 Affected version=3.8.1.0 Vendor Homepage:http://skincrafter.com/ Software Link:skincrafter.com/downloads/SkinCrafterDemo20052008x86.zip The vulnerability lies in the COM component used by...

Windows-8.1-ahcache.sys

On Windows 8.1 update the system call NtApphelpCacheControl the code is actually in ahcache.sys allows application compatibility data to be cached for quick reuse when new processes are created. A normal user can query the cache but cannot add new cached entries as the operation is restricted to...

2 5 2 9 net Union the use of the latest ie vulnerability mandatory installation of light micro-end-bug warning-the black bar safety net

I'm using Baidu browser ie compatible mode to browse http://www.dy2018.com this movie site, and found that somehow run the one called“Shine micro-end”of the game client, then I used smartsniff packet capture analysis, in the view source when the found a 2 5 2 9 net Union js advertising code, whic...

Adobe Shockwave Player <= 11.5.9.615 (APSB11-01) (Mac OS X)

The remote Mac OS X host contains a version of Adobe Shockwave Player that is 11.5.9.615 or earlier. It is, therefore, affected by multiple vulnerabilities : - Several unspecified errors exist in the 'dirapi.dll' module that allow arbitrary code execution. CVE-2010-2587, CVE-2010-2588,...

Fedora 20 : xen-4.3.3-6.fc20 (2014-15995)

Excessive checking in compatibility mode hypercall argument translation, Insufficient bounding of 'REP MOVS' to MMIO emulated inside the hypervisor, fix segfaults and failures in xl migrate --debug Note that Tenable Network Security has extracted the preceding description block directly from the...