Cesar Cerrudo on Owning Your CEO

Dennis Fisher talks with Cesar Cerrudo of IOActive Labs about his research project that used Fortune 500 executives’ corporate email addresses as the starting point to gather data about their online activities. Cerrudo found that he was able to map executives’ activities across a wide range of...

Power Plants Are Vulnerable To Hackers with Siemens flaw

The U.S. Department of Homeland Security has issued an alert warning that hackers could exploit code in Siemens-owned technology to attack power plants and other national critical infrastructure. Justin W. Clarke, an expert in securing industrial control systems, disclosed at a conference in Los...

Clipbucket 2.5 - Blind SQL Injection

Clipbucket 2.5 - Blind SQL Injection Author: loneferret of Offensive Security Product: ClipBucket Version: 2.5 and maybe older versions Vendor Site: http://clip-bucket.com/ Software Download: http://sourceforge.net/projects/clipbucket/ Software description: ClipBucket is an OpenSource Multimedia...

Microsoft Windows Networking Components Remote Code Execution Vulnerabilities (2733594)

This host is missing a critical security update according to Microsoft Bulletin MS12-054. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

MS12-054: Vulnerabilities in Windows Networking Components Could Allow Remote Code Execution (2733594)

The remote Windows host is potentially affected by the following vulnerabilities : - A denial of service vulnerability exists in Windows networking components. The vulnerability is due to the service not properly handling specially crafted RAP requests. CVE-2012-1850 - A remote code execution...

Microsoft Remote Administration Protocol Denial of Service (MS12-054; CVE-2012-1850)

A denial of service vulnerability has been reported in the Microsoft Remote Administration Protocol RAP. The vulnerability is due to an error in the Windows networking components while handling specially crafted Remote Administration Protocol RAP responses. A remote attacker can exploit this issu...

Alleged Anonymous hacker arrested for Facebook threat

Hong Kong police said Sunday they had arrested a 21-year-old man believed to be a member of the international hacker group Anonymous, after he reportedly said on social networking site Facebook that he would hack several government websites. "The Internet is not a virtual world of lawlessness," a...

Scientific Linux Security Update : kernel on SL5.x i386/x86_64

This update fixes the following security issues : - A flaw was found in the Linux kernel's garbage collector for AFUNIX sockets. A local, unprivileged user could use this flaw to trigger a denial of service out-of-memory condition. CVE-2010-4249, Moderate - A flaw was found in the Linux kernel's...

Scientific Linux Security Update : kernel on SL3.x i386/x86_64

There were no new features introduced by this update. The only changes that have been included address critical customer needs or security issues elaborated below. Key areas affected by fixes in this update include the networking subsystem, dcache handling, the ext2 and ext3 file systems, the USB...

Scientific Linux Security Update : kernel on SL5.x i386/x86_64 (20120529)

The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue : - It was found that the datalen parameter of the sockallocsendpskb function in the Linux kernel's networking implementation was not validated before use. A local...

Scientific Linux Security Update : kernel on SL5.x i386/x86_64

These new kernel packages contain fixes for the following security issues : A memory leak was found in the Red Hat Content Accelerator kernel patch. A local user could use this flaw to cause a denial of service memory exhaustion. CVE-2007-5494, Important A flaw was found in the handling of IEEE...

Scientific Linux Security Update : kernel on SL5.x i386/x86_64

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security fixes : - The maximum file offset handling for ext4 file systems could allow a local, unprivileged user to cause a denial of service. CVE-2011-2695, Important - IPv6 fragment identification value...

Scientific Linux Security Update : kernel on SL6.x i386/x86_64

The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : - Multiple buffer overflow flaws were found in the Linux kernel's Management Module Support for Message Passing Technology MPT based controllers. A local,...

CentOS Update for kernel CESA-2011:1386 centos5 x86_64

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

CentOS Update for avahi CESA-2011:0436 centos5 x86_64

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Important: Red Hat Security Advisory: kernel security and bug fix update

Updated kernel packages that fix one security issue and multiple bugs are now available for Red Hat Enterprise Linux 5.6 Extended Update Support. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System CVSS base score,...

CVE-2012-3073

The IP implementation on Cisco TelePresence Multipoint Switch before 1.8.1, Cisco TelePresence Manager before 1.9.0, and Cisco TelePresence Recording Server 1.8 and earlier allows remote attackers to cause a denial of service networking outage or process crash via 1 malformed IP packets, 2 a high...

Code injection

The IP implementation on Cisco TelePresence Multipoint Switch before 1.8.1, Cisco TelePresence Manager before 1.9.0, and Cisco TelePresence Recording Server 1.8 and earlier allows remote attackers to cause a denial of service networking outage or process crash via 1 malformed IP packets, 2 a high...

CVE-2012-3073

The CVE-2012-3073 issue affects Cisco TelePresence products via the IP stack: TelePresence Multipoint Switch (before 1.8.1), TelePresence Manager (before 1.9.0), and TelePresence Recording Server (1.8 and earlier). The vulnerability allows remote attackers to trigger a DoS (network outage or proc...

ORing Industrial Networking IDS-5042/5042+ Hard-Coded Credential Vulnerability

Overview Independent researcher Reid Wightman of Digital BondKorenix and ORing Use Crypto, http://www.digitalbond.com/2012/06/13/korenix-and-oring-insecurity/, Web site last accessed September 19, 2012. identified hard-coded credentials in the operating system of the ORing Industrial DIN-Rail...