RedHat Security Advisory RHSA-2009:1694

The remote host is missing updates announced in advisory RHSA-2009:1694. The IBM 1.6.0 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. This update fixes several vulnerabilities in the IBM Java 2 Runtime Environment and the IBM Java 2 Software...

AzDGDatingMedium 1.9.3 - 'l' Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/37514/info Azerbaijan Development AzDGDatingMedium is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code...

[SECURITY] Fedora 11 Update: chmsee-1.0.1-14.fc11

A gtk2 chm document viewer. It uses chmlib to extract files. It uses gecko to display pages. It supports displaying multilingual pages due to gecko. It features bookmarks and tabs. The tabs could be used to jump inside the chm file conveniently. Its UI is clean and handy, also is well localized. ...

OpenJDK GIF processing buffer overflow vulnerability (6804998)

Buffer overflow in Java SE Development Kit JDK and Java Runtime Environment JRE 5.0 Update 17 and earlier; 6 Update 12 and earlier; 1.4.219 and earlier; and 1.3.124 and earlier allows remote attackers to access files or execute arbitrary code via a crafted GIF image, aka CR 6804998...

OpenJDK: Type1 font processing buffer overflow vulnerability

Integer signedness error in Java SE Development Kit JDK and Java Runtime Environment JRE 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via crafted glyph descriptions in a Type1 font, which bypasses a signed comparison and...

JDK: XML parsing Denial-Of-Service (6845701)

Previously, a denial-of-service flaw was found in Java which allowed the creation of an inifinte loop in XML headers that would consume all CPU resources. This issue was patched and Java is no longer vulnerable to a denial-of-service flaw due to the initiation of an infinte loop by means of XML...

JDK: XML parsing Denial-Of-Service (6845701)

Previously, a denial-of-service flaw was found in Java which allowed the creation of an inifinte loop in XML headers that would consume all CPU resources. This issue was patched and Java is no longer vulnerable to a denial-of-service flaw due to the initiation of an infinte loop by means of XML...

Q&A: Ed Bellis on Web-based Business and Software Security

Dennis Fisher: Okay, welcome back to this CSO series podcast, also known as Real World Security. My guest today is Ed Bellis, the CISO of Orbitz Worldwide, one the top travel sites in the world. Ed’s got a pretty broad range of experience in the technology industry, having worked as a web archite...

RHEL 4 / 5 : java-1.5.0-ibm (RHSA-2009:1647)

Updated java-1.5.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. The IBM 1.5.0 Java release includes the IBM Java 2...

Critical: Red Hat Security Advisory: java-1.4.2-ibm security update

Updated java-1.4.2-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 3 Extras, Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response...

PHP tempname()函数绕过safe_mode安全限制漏洞

BUGTRAQ ID: 36555 CVE ID: CVE-2009-3557 PHP是广泛使用的通用目的脚本语言，特别适合于Web开发，可嵌入到HTML中。 PHP的tempnam中的错误可能允许绕过safemode限制。以下是ext/standard/file.c中的有漏洞代码段： PHPFUNCTIONtempnam char dir, prefix; int dirlen, prefixlen; sizet plen; char openedpath; char p; int fd; if zendparseparametersZENDNUMARGS TSRMLSCC, "ss"...

Steve Lipner on the Microsoft SDL and Windows 7 Security

Dennis Fisher talks with Steve Lipner of Microsoft about the Security Development Lifecycle, changes in the threat modeling process and the security of Windows 7. Podcast audio courtesy of sykboy65 Subscribe to the Digital Underground podcast on...

ASP code encrypt hide webshell-vulnerability warning-the black bar safety net

In order to your webshell and more covert! The following will tell you how the ASP code encryption! First of all ASP code is generally plain text, very few encryption, MS have a tool Script Encoder can be encrypted, this stuff can be the official Microsoft site for free download, and there are...

Cisco VPN Client Integer Overflow (DOS)

No description provided by source. / Cisco VPN client version 5.0.03.0560 Cisco VPN client Version 5.0.04.0300 Cisco VPN client Version 5.0.05.0290 Cisco VPN client Version 4.8.02.0010 / / Cisco VPN Client 0day Integer overflow DOS Proof Of Concept Code By Alex Hernandez aka alt3kx c November 200...

Cisco VPN Client - Integer Overflow Denial of Service

/ Cisco VPN client version 5.0.03.0560 Cisco VPN client Version 5.0.04.0300 Cisco VPN client Version 5.0.05.0290 Cisco VPN client Version 4.8.02.0010 / / Cisco VPN Client 0day Integer overflow DOS Proof Of Concept Code By Alex Hernandez aka alt3kx c November 2009 This POC is only for test. If an...

java security update

CentOS Errata and Security Advisory CESA-2009:1584 Updated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. These packages provide th...

Unisys Business Information Server Detection

Unisys Business Information Server BIS, a highly scalable, multimode, enterprise-level, rapid-application development and information access tool, is listening on the remote host. C Tenable Network Security, Inc. include"compat.inc"; ifdescription scriptid42843; scriptversion"1.8";...

RedHat Security Advisory RHSA-2009:1571

The remote host is missing updates announced in advisory RHSA-2009:1571. The Sun 1.5.0 Java release includes the Sun Java 5 Runtime Environment and the Sun Java 5 Software Development Kit. This update fixes several vulnerabilities in the Sun Java 5 Runtime Environment and the Sun Java 5 Software...

RedHat Security Advisory RHSA-2009:1571

The remote host is missing updates announced in advisory RHSA-2009:1571. The Sun 1.5.0 Java release includes the Sun Java 5 Runtime Environment and the Sun Java 5 Software Development Kit. This update fixes several vulnerabilities in the Sun Java 5 Runtime Environment and the Sun Java 5 Software...

OpenJDK JRE AWT setDifflCM stack overflow (6872357)

Stack-based buffer overflow in the setDiffICM function in the Abstract Window Toolkit AWT in Java Runtime Environment JRE in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.127, and SDK and JRE 1.4.x before 1.4.224 allows remote...