PT-2011-1087 · Gnu +1 · Glibc-Devel +7

Name of the Vulnerable Software and Affected Versions: glibc versions 2.3.4 glibc-utils versions 2.3.4 glibc-common versions 2.3.4 glibc-devel versions 2.3.4 glibc-profile versions 2.3.4 glibc-headers versions 2.3.4 nptl-devel version 2.3.4 glibc versions prior to 2.15-r3 Description: The issue...

Microsoft Cites Progress in SDL Report, Advocates More Adoption of ASLR, DEP

In the more than nine years since Bill Gates’s Trustworthy Computing email kicked off Microsoft’s comprehensive, company-wide security initiative, the company has not only committed a tremendous amount of money and resources to the project but also has been quite open and public about the process...

PT-2011-1091 · Gnu +1 · Nptl-Devel +7

Name of the Vulnerable Software and Affected Versions: glibc versions 2.3.4 and earlier glibc-utils versions 2.3.4 and earlier glibc-common versions 2.3.4 and earlier glibc-devel versions 2.3.4 and earlier glibc-profile versions 2.3.4 and earlier glibc-headers versions 2.3.4 and earlier nptl-deve...

[SECURITY] Fedora 15 Update: php-5.3.6-1.fc15

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

The Challenge of Starting an Application Security Program

Since organizations started opening their internal applications to the Web, a little more than a decade ago, it became clear that the security of those connected applications would be more complex – and critical to get right – than before. Unfortunately, through complacency, perhaps a feeling tha...

HP OpenView Network Node Manager ovwebsnmpsrv.exe Unrecognized Option Buffer Overflow

$Id: hpnnmovwebsnmpsrvuro.rb 12095 2011-03-23 15:43:25Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

HP OpenView Network Node Manager (OV NNM) - 'ovwebsnmpsrv.exe' Unrecognized Option Buffer Overflow (Metasploit)

$Id: hpnnmovwebsnmpsrvuro.rb 12095 2011-03-23 15:43:25Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

Mc.Graw Hill – Hacking Exposed 3rd Edition 2011

The latest Web app attacks and countermeasures from world-renowned practitioners. Protect your Web applications from malicious attacks by mastering the weapons and thought processes of today's hacker. Written by recognized security practitioners and thought leaders, Hacking Exposed Web...

PHP "substr_replace()"释放后重用远程内存破坏漏洞

BUGTRAQ ID: 46843 CVE ID: CVE-2011-1148 PHP是广泛使用的通用目的脚本语言，特别适合于Web开发，可嵌入到HTML中。 PHP的"substrreplace"函数在实现上存在释放后重用远程内存破坏漏洞，远程攻击者可利用此漏洞在网络服务器中执行任意代码，造成拒绝服务。 此漏洞源于在将同一个变量多次发送到"substrreplace"函数时，PHP会使该函数中的三个变量使用同一个指针，所以当函数中的类型转换更改了该指针，该指针也会使其他变量无效。 PHP PHP 5.3.x PHP PHP 5.2.x 厂商补丁： PHP ---...

Critical: Red Hat Security Advisory: java-1.5.0-ibm security update

Updated java-1.5.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring...

Critical: Red Hat Security Advisory: java-1.6.0-ibm security update

Updated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring...

Fedora 15 : php-ZendFramework-1.11.4-1.fc15 (2011-2680)

Fixes ZF2011-01: Potential XSS in Development Environment Error View Script A minor security issue when running in development mode and using the view script generated for error pages by ZendTool has been corrected; please see the security announcement 1 for details on the vulnerability and how y...

Fedora 13 : php-ZendFramework-1.11.4-1.fc13 (2011-2678)

Fixes ZF2011-01: Potential XSS in Development Environment Error View Script A minor security issue when running in development mode and using the view script generated for error pages by ZendTool has been corrected; please see the security announcement 1 for details on the vulnerability and how y...

[SECURITY] Fedora 13 Update: php-ZendFramework-1.11.4-1.fc13

Extending the art & spirit of PHP, Zend Framework is based on simplicity, object-oriented best practices, corporate friendly licensing, and a rigorou sly tested agile codebase. Zend Framework is focused on building more secure, reliable, and modern Web 2.0 applications & web services, and consumi...

Marco Monaco SQL Injection

Title : Web Development by Marco Monaco SQL Injection Author: eXeSoul Home : www.indishell.in or www.andhrahackers.com Email : [email protected] date : 7/3/2011 D0rk : i Web Development by Marco Monaco ii Powered by Marco Monaco category : Web Apps SQli .-" "-. / \ | eXeSoul | |, .-. .-. ,| | o/ ...

Zeus Malware Not Dead Yet, New Features Being Added

It’s been known for some time now that the creator/maintainer of the Zeus malware had turned over responsibility for his code to the author of the SpyEye Trojan and it was assumed that the two code bases had merged, rendering Zeus extinct. However, some new samples of the Zeus bot have surfaced...

Ethical hacker (CEH) training now in syllabus of Riphah International University,Pakistan !

Islamabad: The first-ever 'Ethical Hacking and Countermeasures CEH' training course organised by the Riphah International University, in collaboration with internationally renowned information security certification body, EC-Council, concluded here on Wednesday. Riphah International University is...

Mobius Forensic Toolkit v0.5.7 released !

Mobius Forensic Toolkit is a forensic framework written in Python/GTK that manages cases and case items, providing an abstract interface for developing extensions. Cases and item categories are defined using XML files for easy integration with other tool. Changelog Six news registry reports were...

SOL12650 - PHP vulnerability CVE-2010-4645

The strtod.c function may allow context-dependent attackers to cause a denial-of-service via a certain floating-point value in scientific notation, which is not properly handled in x87 FPU registers. Information about this advisory is available at the following location: Note: The previous link...

BackTrack 5 ( BT5 ) Coming Soon !

BackTrack 5 BT5 Coming Soon ! We're behind schedule with BackTrack 5, but are working hard to make up for lost time. We thought we'd post a few pictures for your enjoyment of the development BT5 ISO we're working on. The screenshots were taken on a 2.6.38-rc5 kernel. The screenshot above is of th...