RHEL 6 : eclipse (RHSA-2011:0568)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2011:0568 advisory. The Eclipse software development environment provides a set of tools for C/C++ and Java development. A cross-site scripting XSS flaw was found in the...

Pixel Army Solutions Blind SQL Injection

========================================================================= Pixel Army Solutions BLIND SQL-i Vulnerability ========================================================================== +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+= +=+=+= +=+=+= +=+=+= /...

Pixel Army Solutions BLIND SQL-i Vulnerability

Exploit for php platform in category web applications ========================================================================= Pixel Army Solutions BLIND SQL-i Vulnerability ==========================================================================...

Memory corruption in Postfix SMTP server Cyrus SASL support (CVE-2011-1720)

On-line version will be at http://www.postfix.org/CVE-2011-1720.html Summary ======= The Postfix SMTP server has a memory corruption error when the Cyrus SASL library is used with authentication mechanisms other than PLAIN and LOGIN the ANONYMOUS mechanism is unaffected but should not be enabled...

[SECURITY] Fedora 14 Update: widelands-0-0.24.build16.fc14

Widelands is an open source GPLed, realtime-strategy game, using SDL and other free libraries, which is still under development. Widelands is inspir ed by Settlers II Bluebyte and is partly similar to it, so if you know it, y ou perhaps will have a thought, what Widelands is all about...

openSUSE Security Update : seamonkey (seamonkey-4462)

Mozilla SeaMonkey was updated to the 2.0.14 security release. MFSA 2011-12: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstance...

SuSE 10 Security Update : Mozilla XULrunner (ZYPP Patch Number 7493)

Mozilla XULRunner 1.9.1 was updated to the 1.9.1.19 security release. - Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, a...

Making an Application Security Program Succeed, Part Two

“Failure is only the opportunity to begin again, only this time more wisely,” is a quote attributed to legendary automaker Henry Ford. While it seemingly has nothing to do with secure application development, all you need to do is talk to a handful of enterprises who have tried to implement a...

PT-2011-1125 · Red Hat · Libvirt-Devel +5

Name of the Vulnerable Software and Affected Versions: libvirt versions prior to 0.9.0 libvirt-debuginfo versions 0.8.1 libvirt-devel versions 0.8.1 libvirt-python versions 0.8.1 libvirt-client versions 0.8.1 Description: The issue affects the libvirt package in Red Hat Enterprise Linux,...

[SECURITY] Fedora 13 Update: mingw32-openssl-1.0.0-0.7.beta4.fc13

The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. This package contains Windows MinGW libraries and development tools...

Chrome Stable Update

The Google Chrome team is happy to announce the arrival of Chrome 11.0.696.57 to the Stable Channel for Windows, Mac, Linux, and Chrome Frame. Chrome 11 contains some really great improvements including speech input through HTML. Security fixes and rewards: Please see the Chromium security page f...

[SECURITY] Fedora 14 Update: perl-Mojolicious-0.999929-2.fc14

Back in the early days of the web there was this wonderful Perl library called CGI, many people only learned Perl because of it. It was simple enough to get started without knowing much about the language and powerful enough to keep you going, learning by doing was much fun. While most of the...

Fedora Update for geeqie FEDORA-2011-5200

Check for the Version of geeqie OpenVAS Vulnerability Test Fedora Update for geeqie FEDORA-2011-5200 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the term...

PT-2011-1148 · Kde +1 · Kdenetwork +5

Name of the Vulnerable Software and Affected Versions: KDE SC versions 4.6.2 and earlier kdenetwork versions 4.3.4 kdenetwork-devel versions 4.3.4 kdenetwork-debuginfo versions 4.3.4 kdenetwork-libs versions 4.3.4 Description: The issue is related to a directory traversal vulnerability in the...

Report: Application Security Still Mostly Sucks

The third State of Software Security SOSS report finds that software developers are still doing a poor job of making applications secure. Application testing firm Veracode, which compiled the report, found that 58% of almost 5,000 applications failing a security audit on the first pass – about th...

CentOS 5 : java-1.6.0-openjdk (CESA-2011:0214)

Updated java-1.6.0-openjdk packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

Wireshark 1.5.1 Development Release !

Wireshark 1.5.1 Development Release ! Wireshark 1.5.1 has been released. Installers for Windows, OS X, and source code are now available. New and Updated Features The following features are new or have been significantly updated since version 1.4: 1. Wireshark can import text dumps, similar to...

CVE-2011-1671

Cross-site scripting XSS vulnerability in app/controllers/todoscontroller.rb in Tracks 1.7.2, 2.0RC2, and 2.0devel allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to todos/tag/. NOTE: some of these details are obtained from third party information...

Making An Application Security Program Succeed

After winning the attention, and hopefully the backing of executives, as we covered in The Challenge of Starting an Application Security Program, it becomes much more straightforward to win the funding needed for the right tools, services, and training needed for secure application development. N...

[SECURITY] Fedora 13 Update: php-5.3.6-1.fc13

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...