bind: heavy DNSSEC validation load can cause assertion failure

ISC BIND 9.4.x, 9.5.x, 9.6.x, and 9.7.x before 9.7.6-P2; 9.8.x before 9.8.3-P2; 9.9.x before 9.9.1-P2; and 9.6-ESV before 9.6-ESV-R7-P2, when DNSSEC validation is enabled, does not properly initialize the failing-query cache, which allows remote attackers to cause a denial of service assertion...

bind: heavy DNSSEC validation load can cause assertion failure

ISC BIND 9.4.x, 9.5.x, 9.6.x, and 9.7.x before 9.7.6-P2; 9.8.x before 9.8.3-P2; 9.9.x before 9.9.1-P2; and 9.6-ESV before 9.6-ESV-R7-P2, when DNSSEC validation is enabled, does not properly initialize the failing-query cache, which allows remote attackers to cause a denial of service assertion...

Google Hardens Chrome To Block Malicious Extensions

Google says it has taken extra steps to counter the threat posed by malicious extensions to its Chrome Web browser, after incidents in which malicious extensions were used to power online scams. The search giant announced on its Web page that it has changed the way users can add third party brows...

php: zend_strndup() NULL pointer dereference may cause DoS

PHP 5.3.8 does not always check the return value of the zendstrndup function, which might allow remote attackers to cause a denial of service NULL pointer dereference and application crash via crafted input to an application that performs strndup operations on untrusted string data, as demonstrat...

Apple QuickTime - QuickTime.util.QTByteObject Initialization Security Checks Bypass

Apple QuickTime - QuickTime.util.QTByteObject Initialization Security Checks Bypass / c SECURITY EXPLORATIONS 2012 poland / / http://www.security-explorations.com / / Apple QuickTime Java extensions / / quicktime.util.QTByteObject initialization security checks bypass / In order to test the POC...

Apple QuickTime - QuickTime.util.QTByteObject Initialization Security Checks Bypass

/ c SECURITY EXPLORATIONS 2012 poland / / http://www.security-explorations.com / / Apple QuickTime Java extensions / / quicktime.util.QTByteObject initialization security checks bypass / In order to test the POC code for the reported Issue 22, manually add Vuln22Setup.class and Vuln22Setup$1.clas...

RedHat Update for net-snmp RHSA-2012:0876-04

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

OpenJDK: CRL and certificate extensions handling improvements (Security, 7143872)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.237 and earlier allows remote attackers to affect availability via unknown vectors related to Security...

RHEL 5 : java-1.6.0-openjdk (RHSA-2012:0730)

The remote Redhat Enterprise Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2012:0730 advisory. - OpenJDK: improper protection of CORBA data models CORBA, 7079902 CVE-2012-1711 - OpenJDK: fontmanager layout lookup code memory corruption...

OpenJDK: CRL and certificate extensions handling improvements (Security, 7143872)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.237 and earlier allows remote attackers to affect availability via unknown vectors related to Security...

OpenJDK: CRL and certificate extensions handling improvements (Security, 7143872)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.237 and earlier allows remote attackers to affect availability via unknown vectors related to Security...

OpenJDK: CRL and certificate extensions handling improvements (Security, 7143872)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.237 and earlier allows remote attackers to affect availability via unknown vectors related to Security...

phpAcounts v. 0. 5. 3 SQL injection and fix-vulnerability warning-the black bar safety net

Author: loneferret Affected version: 0.5.3 Developer address: http://phpaccounts.com/ Test platform: Ubuntu Server 11.10 Old app, still fun. Auth. Bypass: http://www.xxx.com /phpaccounts/index.php Username: x' or '1'='1' Password: whatever Upload php shell in preferences Letterhead image upload...

[SECURITY] Fedora 17 Update: python-feedparser-5.1.2-2.fc17

Universal Feed Parser is a Python module for downloading and parsing syndicated feeds. It can handle RSS 0.90, Netscape RSS 0.91, Userland RSS 0.91, RSS 0.92, RSS 0.93, RSS 0.94, RSS 1.0, RSS 2.0, Atom 0.3, Atom 1.0, and CDF feeds. It also parses several popular extension modules, including Dubli...

Microsoft FrontPage Server Extensions MS-DOS Device Name DoS Vulnerability (Aug 2000)

Microsoft FrontPage Server Extensions is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Like Those Wikipedia Ads? They Mean You're Infected With Malware!

The Wikimedia Foundation is warning its millions of visitors that if they’re seeing ads appearing on any of the Foundation’s Web sites, then their computer is probably infected with malware. The Foundation issued a statement on Monday clarifying that it never runs ads on the Web site for Wikipedi...

[ MDVSA-2012:065 ] php

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2012:065 http://www.mandriva.com/security/ Package : php Date : April 27, 2012 Affected: 2010.1, 2011. Problem Description: Multiple vulnerabilities has been identified and fixed in php: The PDORow implementation...

Important: Red Hat Security Advisory: rhev-hypervisor6 security and bug fix update

An updated rhev-hypervisor6 package that fixes three security issues and one bug is now available. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are availabl...

Mandriva Linux Security Advisory : php (MDVSA-2012:065)

Multiple vulnerabilities has been identified and fixed in php : The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service application crash via a crafted application that uses a PDO driver for a...

Veeam Management Pack for Microsoft System Center Collector Error: "Proxy Authentication Required"

Challenge Despite there being no internet proxy between the collector and the monitored targets, and connection to the monitored targets is stable i.e., the Test Connection utility shows "Success", the following problems occur: No data is displayed in the Operations Manager console. The log shows...