[SECURITY] Fedora 12 Update: qt-4.6.2-17.fc12

Qt is a software toolkit for developing applications. This package contains base tools, like string, xml, and network handling...

OpenJDK MessageDigest.isEqual introduces timing attack vulnerabilities (6863503)

The MessageDigest.isEqual function in Java Runtime Environment JRE in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.127, and SDK and JRE 1.4.x before 1.4.224 allows remote attackers to spoof HMAC-based digital signatures, and possibl...

Software Insecurity is Our Biggest Weakness

ST. PAUL, MINN.–If the United States wants to remain competitive in the global economy and prevent widespread penetrations of its strategic, corporate and commercial networks, enterprises and government agencies should stop relying on commercial software and go back to writing more of their own...

RHEL 3 / 4 / 5 : java-1.4.2-ibm (RHSA-2010:0155)

Updated java-1.4.2-ibm packages that fix one security issue and a bug are now available for Red Hat Enterprise Linux 3 Extras, Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 Supplementary. The Red Hat Security Response Team has rated this update as having moderate security...

New Study Shows Nearly No Difference in Security of Web Frameworks

A new study by a Web security firm has found that despite the myriad differences in the common programming languages and frameworks deployed on the Web today, there is virtually no difference in their practical security and resistance to attack. The study, done by WhiteHat Security and based on...

Ramaas Software CMS SQL Injection Vulnerability

Exploit for php platform in category web applications =============================================== Ramaas Software CMS SQL Injection Vulnerability =============================================== Exploit Title: Ramaas Software CMS SQL Injection Vulnerability Version: Web Application Tested on:...

Microsoft Windows 72008 R2 - SMB Client Trans2 Stack Overflow (MS10-020) (PoC)

Microsoft Windows 72008 R2 - SMB Client Trans2 Stack Overflow MS10-020 PoC import sys,SocketServer Windows 7/2008R2 SMB Client Trans2 stack overflow MS10-020 Date: 17/04/10 Author: Laurent Gaffié Tested on: Windows 7/2008R2 CVE: CVE-2010-0270 Full advisory:...

PHP 6.0 Dev - str_transliterate() Local Buffer Overflow (NX + ASLR Bypass)

PHP 6.0 Dev - strtransliterate Local Buffer Overflow NX + ASLR Bypass whoami whoami nt authority\system / errorreporting0; $bases = $GET'poss'; $basee = $GET'pose'; $offs = $GET'offs'; $offe = $GET'offe'; ifinigetbool'unicode.semantics' $buff = strrepeat"\u4141", 32; $tbp = "\u2650\u6EE5"; //...

PHP 6.0 Dev str_transliterate() Buffer overflow - NX + ASLR Bypass

Exploit for windows platform in category local exploits ================================================================== PHP 6.0 Dev strtransliterate Buffer overflow - NX + ASLR Bypass ================================================================== whoami whoami nt authority\system /...

Mandriva Update for dbus MDVA-2010:110 (dbus)

Check for the Version of dbus OpenVAS Vulnerability Test Mandriva Update for dbus MDVA-2010:110 dbus Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the term...

CentOS Update for nspr CESA-2010:0165 centos4 i386

Check for the Version of nspr OpenVAS Vulnerability Test CentOS Update for nspr CESA-2010:0165 centos4 i386 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under t...

Mandriva Update for dbus MDVA-2010:110 (dbus)

Check for the Version of dbus OpenVAS Vulnerability Test Mandriva Update for dbus MDVA-2010:110 dbus Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the term...

[SECURITY] Fedora 12 Update: trac-0.11.7-1.fc12

Trac is an integrated system for managing software projects, an enhanced wiki, a flexible web-based issue tracker, and an interface to the Subversion revision control system. At the core of Trac lies an integrated wiki and issue/bug database. Using wiki markup, all objects managed by Trac can...

[SECURITY] Fedora 13 Update: qt-4.6.2-8.fc13

Qt is a software toolkit for developing applications. This package contains base tools, like string, xml, and network handling...

[SECURITY] Fedora 12 Update: qt-4.6.2-8.fc12

Qt is a software toolkit for developing applications. This package contains base tools, like string, xml, and network handling...

Using Live Data In Development Is Risky

Those charged with the care and feeding of database information stores, beware: A new statistic tucked into a comprehensive study of financial services firms’ data protection policies shows that even at the most security-aware organizations, application developers still use live data in their...

Zeus Trojan Now Has Hardware Licensing Scheme

The authors of the Zeus bot client, perhaps the most popular and pervasive piece of malware of its kind right now, have taken an extraordinary step to protect their creation: inserting a hardware-based licensing scheme into the Trojan. This represents a significant leap in the sophistication and...

RHEL 4 / 5 : java-1.5.0-ibm (RHSA-2010:0130)

Updated java-1.5.0-ibm packages that fix a security issue are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The IBM 1.5.0 Java release includes the IBM Java 2 Runtime...

PHP tempnam()函数safe_mode验证绕过安全限制漏洞

BUGTRAQ ID: 38431 PHP是广泛使用的通用目的脚本语言，特别适合于Web开发，可嵌入到HTML中。 当目录路径没有以“/”结束时PHP的tempnam函数中没有正确的执行safemode验证，攻击者可以绕过安全限制获得对目录的读写访问。 PHP PHP 5.3.x PHP PHP 5.2.x 厂商补丁： PHP --- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://svn.php.net/viewvc/php/php-src/branches/PHP53/ext/session/session.c?view=log...

[SECURITY] Fedora 11 Update: openldap-2.4.15-7.fc11

OpenLDAP is an open source suite of LDAP Lightweight Directory Access Protocol applications and development tools. LDAP is a set of protocols for accessing directory services usually phone book style information, but other information is possible over the Internet, similar to the way DNS Domain...