Scientific Linux Security Update : evolution-data-server on SL5.x i386/x86_64

A flaw was found in the way evolution-data-server processed certain APOP authentication requests. By sending certain responses when evolution-data-server attempted to authenticate against an APOP server, a remote attacker could potentially acquire certain portions of a user's authentication...

Scientific Linux Security Update : evolution and evolution-data-server on SL4.x i386/x86_64

Evolution Data Server provides a unified back-end for applications which interact with contacts, task and calendar information. Evolution Data Server was originally developed as a back-end for Evolution, but is now used by multiple other applications. Evolution did not properly check the...

Scientific Linux Security Update : evolution on SL3.x i386/x86_64

It was discovered that evolution did not properly validate NTLM NT LAN Manager authentication challenge packets. A malicious server using NTLM authentication could cause evolution to disclose portions of its memory or crash during user authentication. CVE-2009-0582 An integer overflow flaw which...

Scientific Linux Security Update : evolution on SL4.x, SL5.x i386/x86_64

A format string flaw was found in the way Evolution displayed encrypted mail content. If a user opened a carefully crafted mail message, arbitrary code could be executed as the user running Evolution. CVE-2008-0072 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text is C...

Scientific Linux Security Update : evolution on SL4.x, SL3.x i386/x86_64

A flaw was found in the way Evolution processed certain APOP authentication requests. A remote attacker could potentially acquire certain portions of a user's authentication credentials by sending certain responses when evolution-data-server attempted to authenticate against an APOP server...

Scientific Linux Security Update : evolution on SL5.x i386/x86_64

A flaw was found in the way evolution-data-server processes certain IMAP server messages. If a user can be tricked into connecting to a malicious IMAP server it may be possible to execute arbitrary code as the user running the evolution-data-server process. CVE-2007-3257 Evolution crushed in...

Scientific Linux Security Update : evolution on SL3.x, SL4.x i386/x86_64

A flaw was found in the way Evolution parsed iCalendar timezone attachment data. If mail which included a carefully crafted iCalendar attachment was opened, arbitrary code could be executed as the user running Evolution. CVE-2008-1108 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...

Scientific Linux Security Update : libsoup on SL4.x, SL5.x i386/x86_64

An integer overflow flaw which caused a heap-based buffer overflow was discovered in libsoup's Base64 encoding routine. An attacker could use this flaw to crash, or, possibly, execute arbitrary code. This arbitrary code would execute with the privileges of the application using libsoup's Base64...

Scientific Linux Security Update : evolution28 on SL4.6 i386/x86_64

A flaw was found in the way Evolution parsed iCalendar timezone attachment data. If the Itip Formatter plug-in was disabled and a user opened a mail with a carefully crafted iCalendar attachment, arbitrary code could be executed as the user running Evolution. CVE-2008-1108 Note: the Itip Formatte...

Scientific Linux Security Update : evolution-data-server on SL5.x i386/x86_64

Evolution Data Server did not properly check the Secure/Multipurpose Internet Mail Extensions S/MIME signatures used for public key encryption and signing of e-mail messages. An attacker could use this flaw to spoof a signature by modifying the text of the e-mail message displayed to the user...

Scientific Linux Security Update : evolution on SL4.x, SL3.x i386/x86_64

A flaw was found in the way Evolution processes certain IMAP server messages. If a user can be tricked into connecting to a malicious IMAP server it may be possible to execute arbitrary code as the user running evolution. CVE-2007-3257 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...

Scientific Linux Security Update : evolution on SL5.x i386/x86_64

A flaw was found in the way Evolution parsed iCalendar timezone attachment data. If the Itip Formatter plug-in was disabled and a user opened a mail with a carefully crafted iCalendar attachment, arbitrary code could be executed as the user running Evolution. CVE-2008-1108 Note: the Itip Formatte...

Three Baltic Men Jailed After Using SpyEye Malware

Two men found using the SpyEye Trojan to swindle users out of their banking information were jailed last week after violating the United Kingdom’s Computer Misuse Act. Pavel Cyganok, 28, a Lithuanian, along with Ilja Zakrevski, 26, an Estonian, were jailed for four years while a third man, Latvia...

Web Evolution 1.0 => 1.6 XSS Presistent Vulnerability

Exploit for php platform in category web applications 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 +...

Trojan Mimics Chrome Installer to Steal Banking Information

Malware impersonating a Google Chrome Installer is actually stealing data while stripping software used to protect online banking transactions. The Trojan at present appears to target users in Brazil and Peru. Trend Micro researchers report in a blog post that they have discovered a malicious fil...

[SECURITY] Fedora 17 Update: evolution-mapi-3.4.1-3.fc17

This package allows Evolution to interact with MS Exchange 2007 servers...

A CISO's Guide To Application Security – Part 3: Toward an AppSec Center of Excellence

This post is the third in a 4-part series on Application Security, or “AppSec”. The series will define the components of a sound AppSec program, delineate the growing threats to software, weigh the costs of a data breach, and outline the CISO’s responsibility in managing software security risk...

From Elk Cloner to Flashback

With the recent glut of high profile Mac-based malware like MacDefender and Flashback, it’s easy to forget that Macintosh computers and Mac malware have been kicking around for more than thirty years – longer, even, than Windows malware. In fact, the first documented Mac virus actually predated...

[SECURITY] Fedora 17 Update: tremulous-1.2.0-0.5.beta1.fc17

Tremulous is a free, open source game that blends a team based FPS with ele ments of an RTS. Players can choose from 2 unique races, aliens and humans. Players on both teams are able to build working structures in-game like an RTS. These structures provide many functions, the most important being...

Slideshow: Ten Weird Biometrics In Your Future

VIEW SLIDESHOW: Weird Science: 10 Forms of Biometric Authentication In the past twenty years, we’ve gone from using amber-tinted dumb terminals connected to refrigerator-sized mainframe computers to sleek tablet computers and smart phones tucked into our pockets. Despite those changes, one...