Important: Red Hat Security Advisory: openstack-packstack security and bug fix update

Updated openstack-packstack packages that fix one security issue and multiple bugs are now available for Red Hat Enterprise Linux OpenStack Platform 4.0. The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base...

On the use of Adobe 0day – CVE-2 0 1 4-0 5 0 2 attack behavior analysis-vulnerability warning-the black bar safety net

The other day FireEye released a use AdobeFlash new 0day attack report, and Adobe has been based on vulnerabilities released a security update. According to FireEye report, many sites will redirect visitors to the following contain a Trojan the malicious Server: Peterson Institute for...

HackerOne: CSS leaks SCSS debug info

Download CSS style sheet referenced from the HTML and do: grep -oP "file.:.?scss" application-facbdb64a504bb08ec272860320e1941.css | sort | uniq As you can see it exposes information about the file system, source CSS files and software used. See enclosed file for a dump of the output of the comma...

[FGscanner] Find hidden contents using dictionary-like attack

FGscanner is a completely rewritten version of littlescanner script. FGscanner is an opensource advanced web directory scanner to find hidden contents on a web server using dictionary-like attack with proxy and tor support. Quick reference for switches Usage: ./fgscan.pl --host=hostname...

Android SDK平台工具符号错误栈缓冲区溢出漏洞

Bugtraq ID:65403 CVE ID:CVE-2014-1909 Android SDK提供API库和开发工具,建立,测试,调试应用程序和Android。 Android Debug Bridge不正确使用整数值，允许攻击者利用漏洞触发一个基于栈的缓冲区溢出，可使应用程序崩溃或可执行任意代码。 0 Android SDK Tools 目前没有详细解决方案提供： http://developer.android.com/tools/sdk/tools-notes.html?...

Fedora 19 : imapsync-1.584-1.fc19 (2014-2468)

1.584 - Enhancement: Added --minmaxlinelength to select messages with long lines only. It helps to diagnostic Echange error on messages with lines longer than 9000 characters - Enhancement: Added --debugmaxlinelength - Bug fix: --ssl1 --tls2 was buggy because of default SSLVERIFYPEER. 'Can not go...

Fedora 20 : imapsync-1.584-1.fc20 (2014-2505)

1.584 - Enhancement: Added --minmaxlinelength to select messages with long lines only. It helps to diagnostic Echange error on messages with lines longer than 9000 characters - Enhancement: Added --debugmaxlinelength - Bug fix: --ssl1 --tls2 was buggy because of default SSLVERIFYPEER. 'Can not go...

Linksys WAP54Gv3 /Debug_command_page.asp 后门漏洞

No description provided by source...

Scientific Linux Security Update : sudo on SL6.x i386/x86_64 (20131121)

A flaw was found in the way sudo handled time stamp files. An attacker able to run code as a local user and with the ability to control the system clock could possibly gain additional privileges by running commands that the victim user was allowed to run via sudo, without knowing the victim's...

phpThumb 1.7.12 Server Side Request Forgery

phpThumb 'phpThumbDebug' Server Side Request Forgery Google Dork: inurl:phpThumb.php Author: Rafay Baloch And Deepanker Arora Company: RHA InfoSEC Impact: High Vendor: http://phpthumb.sourceforge.net/download Version: 1.7.12 Status: Reported And Fixed =========== Description =========== A server...

sudo security update

CentOS Errata and Security Advisory CESA-2013:1701 An updated sudo package that fixes two security issues, several bugs, and adds two enhancements is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. Common...

SuSE 11.3 Security Update : Linux kernel (SAT Patch Numbers 8524 / 8525 / 8528)

The SUSE Linux Enterprise 11 Service Pack 3 kernel was updated to version 3.0.101 and also includes various other bug and security fixes. The following features have been added : - Drivers: hv: Support handling multiple VMBUS versions FATE314665. - Drivers: hv: Save and export negotiated vmbus...

RedHat Update for sudo RHSA-2013:1701-02

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Low: Red Hat Security Advisory: sudo security, bug fix and enhancement update

An updated sudo package that fixes two security issues, several bugs, and adds two enhancements is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System CVSS base scores, which give...

Default credentials

EMC Unisphere for VMAX before 1.6.1.6, when using an unspecified level of debug logging in LDAP configurations, allows local users to discover the cleartext LDAP bind password by reading the console...

Cisco Unified Computing System Fabric Interconnect Denial of Service Vulnerability

A vulnerability in the fabric interconnect FI of the Cisco Unified Computing System could allow an authenticated, local attacker to create a denial of service DoS condition. The vulnerability is due to improper filtering of user-supplied parameters. An attacker could exploit this vulnerability by...

Apple Motion Integer Overflow Vulnerability

Apple Motion Integer Overflow Vulnerability =========================================== Vendor: Apple http://www.apple.com Software: Motion 5.0.7 Testcase verified on: OS X 10.8 Credit: Jean Pascal Pereira [email protected] DESCRIPTION =========== An integer overflow vulnerability has been...

Apple Motion 5.0.7 Integer Overflow Vulnerability

No description provided by source. Apple Motion Integer Overflow Vulnerability =========================================== Vendor: Apple http://www.apple.com Software: Motion 5.0.7 Testcase verified on: OS X 10.8 Credit: Jean Pascal Pereira [email protected] DESCRIPTION =========== An integer...

Apple Motion 5.0.7 - Integer Overflow

Apple Motion Integer Overflow Vulnerability =========================================== Vendor: Apple http://www.apple.com Software: Motion 5.0.7 Testcase verified on: OS X 10.8 Credit: Jean Pascal Pereira DESCRIPTION =========== An integer overflow vulnerability has been identified in Apple...

Apple Motion 5.0.7 Integer Overflow

Apple Motion Integer Overflow Vulnerability =========================================== Vendor: Apple http://www.apple.com Software: Motion 5.0.7 Testcase verified on: OS X 10.8 Credit: Jean Pascal Pereira DESCRIPTION =========== An integer overflow vulnerability has been identified in Apple...