Malicious Git and Mercurial HTTP Server For CVE-2014-9390

This module exploits CVE-2014-9390, which affects Git versions less than 1.8.5.6, 1.9.5, 2.0.5, 2.1.4 and 2.2.1 and Mercurial versions less than 3.2.3 and describes three vulnerabilities. On operating systems which have case-insensitive file systems, like Windows and OS X, Git clients can be...

[SECURITY] Fedora 20 Update: lsyncd-2.1.4-4.fc20.1

Lsyncd watches a local directory trees event monitor interface inotify. It aggregates and combines events for a few seconds and then spawns one or more processes to synchronize the changes. By default this is rsync. Lsyncd is thus a light-weight live mirror solution that is comparatively easy to...

NSA-Approved Samsung Knox Stores PIN in Cleartext

A security researcher has tossed a giant bucket of ice water on Samsung’s thumbs up from the NSA approving use of certain Galaxy devices within in the agency. The NSA’s blessing, given under the agency’s Commercial Solutions for Classified Program, meant that the Samsung Galaxy 4, 5 and Galaxy No...

Unrestricted file upload

FileUploadsFilter.php in X2Engine 4.1.7 and earlier, when running on case-insensitive file systems, allows remote attackers to bypass the upload blacklist and conduct unrestricted file upload attacks by uploading a file with an executable extension that contains uppercase letters, as demonstrated...

CVE-2012-5619

The Sleuth Kit TSK 4.0.1 does not properly handle "." dotfile file system entries in FAT file systems and other file systems for which . is not a reserved name, which allows local users to hide activities it more difficult to conduct forensics activities, as demonstrated by Flame...

CVE-2012-5619

The Sleuth Kit TSK 4.0.1 does not properly handle "." dotfile file system entries in FAT file systems and other file systems for which . is not a reserved name, which allows local users to hide activities it more difficult to conduct forensics activities, as demonstrated by Flame...

CVE-2012-5619

The Sleuth Kit TSK 4.0.1 does not properly handle "." dotfile file system entries in FAT file systems and other file systems for which . is not a reserved name, which allows local users to hide activities it more difficult to conduct forensics activities, as demonstrated by Flame...

CVE-2012-5619

The Sleuth Kit TSK 4.0.1 does not properly handle "." dotfile file system entries in FAT file systems and other file systems for which . is not a reserved name, which allows local users to hide activities it more difficult to conduct forensics activities, as demonstrated by Flame...

CVE-2012-5619

Summary (CVE-2012-5619) The Sleuth Kit (TSK) 4.0.1 fails to properly handle "." (dotfile) entries on FAT and other non-reserved-name filesystems, enabling local attackers to obscure forensic activity (e.g., Flame’s demonstration). Connected documents corroborate this dotfile handling issue and it...

Moderate: Red Hat Security Advisory: kernel security and bug fix update

Updated kernel packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...

[The Sleuth Kit] Library and collection of command line tools to investigate disk images

The Sleuth Kit is a C++ library and collection of open source file system forensics tools that allow you to, among other things, view allocated and deleted data from NTFS, FAT, FFS, EXT2, Ext3, HFS+, and ISO9660 images. The Sleuth Kit® TSK is a library and collection of command line tools that...

[RHEL 7] Red Hat Enterprise Linux 7 Beta

Red Hat Enterprise Linux 7 Beta showcases hundreds of new features and enhancements, including: Linux Containers - Enabling applications to be created and deployed in isolated environments with allocated resources and permissions. Performance Management – Using built in tools, you can optimize...

APPLE-SA-2013-09-18-2 iOS 7

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2013-09-18-2 iOS 7 iOS 7 is now available and addresses the following: Certificate Trust Policy Available for: iPhone 4 and later, iPod touch 5th generation and later, iPad 2 and later Impact: Root certificates have been updated Description:...

Oracle Linux 4 : autofs5 (ELSA-2007-1177)

From Red Hat Security Advisory 2007:1177 : Updated autofs5 technology preview packages that fix a security issue are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The autofs utility controls the...

CentOS 4 : util-linux (CESA-2009:0981)

An updated util-linux package that fixes one security issue and several bugs is now available. This update has been rated as having low security impact by the Red Hat Security Response Team. The util-linux package contains a collection of basic system utilities, such as fdisk and mount. A log...

CentOS 4 : autofs5 (CESA-2007:1129)

Updated Red Hat Enterprise Linux 4 Technology Preview autofs5 packages are now available to fix a security flaw. This update has been rated as having important security impact by the Red Hat Security Response Team. The autofs utility controls the operation of the automount daemon, which...

Cross Platform Trojan builder distributed on underground forums

A Cross platform back door 'Frutas' remote access tool RAT is available for download on many forums from January 2013. This Trojan builder is completely written in Java. Recently, Symantec experts analyse that Frutas RAT allows attackers to create a connect-back client JAR file to run on a...

RHEL 5 : gfs-kmod (RHSA-2010:0521)

Updated gfs-kmod packages that fix one security issue are now available for Red Hat Enterprise Linux 5.4 Extended Update Support, kernel release 2.6.18-164.19.1.el5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System...

[SECURITY] Fedora 17 Update: sleuthkit-4.0.1-1.fc17

The Sleuth Kit TSK is a collection of UNIX-based command line tools that allow you to investigate a computer. The current focus of the tools is the file and volume systems and TSK supports FAT, Ext2/3, NTFS, UFS, and ISO 9660 file systems...

CentOS Update for quota CESA-2013:0120 centos5

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...