[SECURITY] [DSA 2895-1] prosody security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2895-1 [email protected] http://www.debian.org/security/ Luciano Bello April 06, 2014 http://www.debian.org/security/faq -...

Internet Bug Bounty: Uncontrolled Resource Consumption with XMPP-Layer Compression

The bug information described below is based on a publicly available security notice here http://xmpp.org/resources/security-notices/uncontrolled-resource-consumption-with-highly-compressed-xmpp-stanzas/ These discoveries are part of the results of my research activities. OVERVIEW...

Debian: Security Advisory (DSA-2895-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Autodesk SketchBook Pro PSD通道RLE解压缓冲区溢出漏洞

Bugtraq ID:66563 CVE ID:CVE-2013-5365 Autodesk SketchBook Pro是速写簿软件。 Autodesk SketchBook Pro解压PSD文件内的RLE压缩通道数据时存在边界错误，这可使远程攻击者通过特制的PSD文件，利用此漏洞造成堆缓冲区溢出。 0 Autodesk SketchBook Pro 6.2.4 build 425798 for Windo 目前厂商已经发布了升级补丁以修复漏洞，请下载使用：...

Fedora Update for lighttpd FEDORA-2014-3887

Check for the Version of lighttpd OpenVAS Vulnerability Test Fedora Update for lighttpd FEDORA-2014-3887 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

CVE-2013-5365

Autodesk SketchBook vulnerability CVE-2013-5365 is a heap-based buffer overflow in affected SketchBook variants (Enterprise 2014, Pro, Express before 6.25; Copic Edition before 2.0.2). The flaw occurs while decompressing RLE-compressed channel data in PSD files, enabling remote code execution. Re...

Adobe Photoshop Tiff File RLE Compression Buffer Overflow - Ver2 (CVE-2012-2027)

A buffer overflow vulnerability has been reported in Adobe Photoshop. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

Updated plexus-archiver package fixes security vulnerability

Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream BZip2CompressorOutputStream in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service CPU consumption via a file with many repeating inputs CVE-2012-2098. plexus-archiver...

Fedora Update for openjpeg FEDORA-2014-0719

Check for the Version of openjpeg OpenVAS Vulnerability Test Fedora Update for openjpeg FEDORA-2014-0719 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

Advanced File Binder: Rakabulle

Advanced File Binder from DarkComet RAT Developer Rakabulle in one word is a file binder from DarkComet RAT Developer with few novel features which could transform a simple binder program to something very complex. What is a file binder? In few words a file binder is a tiny tool which allows...

[PeStudio v7.98] The Static Investigation tool for Windows executable binary

PeStudio is a free tool performing the static investigation of any Windows executable binary. A file being analyzed with PeStudio is never launched. Therefore you can evaluate unknown executable and even malware with no risk. PeStudio runs on any Windows Platform and is fully portable , no...

Rakabulle, Advance File Binder from DarkComet RAT Developer

I hope you all still remember the famous and powerful Remote Administration Tool RAT called 'Dark Comet', developed by a French computer geek 'Jean-Pierre Lesueur', also known as 'DarkCoderSc'. However, He had closed the Dark Comet project, when the Syrian government found to be using it to track...

[SECURITY] Fedora 20 Update: openjpeg-1.5.1-8.fc20

OpenJPEG is an open-source JPEG 2000 codec written in C. It has been developed in order to promote the use of JPEG 2000, the new still-image compression standard from the Joint Photographic Experts Group JPEG...

[Binwalk] Firmware Analysis Tool

Binwalk is a firmware analysis tool designed to assist in the analysis, extraction, and reverse engineering of firmware images and other binary blobs. It is simple to use, fully scriptable, and can be easily extended via custom signatures, extraction rules, and plugin modules. Binwalk supports...

WebP: User-assisted execution of arbitrary code

Background WebP is a lossy image compression format. Description An integer overflow flaw has been found in WebP. Impact A remote attacker could entice a user to open a specially crafted image in an application linked against WebP, possibly resulting in execution of arbitrary code with the...

Winrar compression Manager DLL-hijacking-vulnerability warning-the black bar safety net

Brief description: Pass to kill all the individual language version of the Winrar compression package Manager Detailed description: On the network there are many separate language version of the Winrar compression package Manager, it is our common use of a software For example: Chinese version,...

IBM WebSphere Application Server 8.5 < Fix Pack 8.5.5.1 Multiple Vulnerabilities

IBM WebSphere Application Server 8.5 before Fix Pack 8.5.5.1 appears to be running on the remote host and is, therefore, potentially affected by the following vulnerabilities : - A flaw exists related to Apache Ant and file compression that could lead to denial of service conditions. CVE-2012-209...

HackerOne: PNG compression DoS

ztxt: http://www.libpng.org/pub/png/spec/1.1/PNG-Chunks.htmlC.zTXt "zTXT Documentation" tech: http://www.zlib.net/zlibtech.html "zlib technical details" zlibvuln1: http://www.kb.cert.org/vuls/id/680620 zlibvuln2: http://www.kb.cert.org/vuls/id/238678 PNG compression DoS ---------------------...

[Tundeep v0.2a] Layer 2 VPN/Injection tool

Tundeep is a layer 2 VPN/injection tool that resides almost entirely in user space on the victim aside from the pcap requirement. This can be handled via a silent install however. The tool will build on Linux and Windows victims. Windows compilation is achieved using Cygwin. The attacker must be ...

CVE-2013-4421

The bufdecompress function in packet.c in Dropbear SSH Server before 2013.59 allows remote attackers to cause a denial of service memory consumption via a compressed packet that has a large size when it is decompressed...