MyBB < 1.6.10 Multiple Vulnerabilities

According to its version number, the MyBB install hosted on the remote web server is affected by multiple vulnerabilities : - A SQL injection vulnerability exists due to improper sanitization of user-supplied input during database optimization. - A SQL injection vulnerability exists due to improp...

K10905 : NTP vulnerability - CVE-2009-3563

Security Advisory Description Note: Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of F5...

Clues About Flashback Creator Come Together

Nearly a year since the Flashback Trojan surfaced and ultimately infected more than 600,000 Apple OS X computers, the author of the malware may haven been discovered. After some sleuthing by security bloggers Brian Krebs over the past year – documented today on the Krebs on Security blog – the...

[SECURITY] Fedora 18 Update: libwebp-0.2.1-1.fc18

WebP is an image format that does lossy compression of digital photographic images. WebP consists of a codec based on VP8, and a container based on RIFF. Webmasters, web developers and browser developers can use WebP to compress, archive and distribute digital images more efficiently...

The Novel Practice of DevOps Stars in The Phoenix Project

After a long 2.5 years Gene Kim, Kevin Behr, George Spafford, the authors of the awesome Visible Ops series, have just launched their latest book, The Phoenix Project. I was fortunate enough to get to read some early drafts, so I am extra excited that it is finally shipping. When Gene first...

postgresql DoS via infinite loop in regex NFA optimization code

The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows context-dependent attackers to cause a denial of service infinite loop via a crafted regular expression...

WordPress SEO Plugin 1.3.11 Cross Site Script Vulnerability

WordPress out of the box is already technically quite a good platform for SEO, this was true when I wrote my original WordPress SEO article in 2008 and it's still true today, but that doesn't mean you can't improve it further! This plugin is written from the ground up by WordPress SEO consultant...

Microsoft .NET Framework远程权限提升漏洞（MS12-074)

BUGTRAQ ID: 56464 CVE ID: CVE-2012-4777 .NET就是微软的用来实现XML，Web Services，SOA（面向服务的体系结构service-oriented architecture）和敏捷性的技术。.NET Framework是微软开发的软件框架，主要运行在Microsoft Windows上。 Microsoft .NET Framework 4、4.5的代码优化功能在反射实现中没有正确执行对象权限，通过特制的XAML浏览器应用或特制的.NET Framework应用，可允许远程攻击者执行任意代码。 0 Microsoft .NET...

Design/Logic Flaw

The code-optimization feature in the reflection implementation in Microsoft .NET Framework 4 and 4.5 does not properly enforce object permissions, which allows remote attackers to execute arbitrary code via 1 a crafted XAML browser application aka XBAP or 2 a crafted .NET Framework application, a...

EUVD-2012-4702

The code-optimization feature in the reflection implementation in Microsoft .NET Framework 4 and 4.5 does not properly enforce object permissions, which allows remote attackers to execute arbitrary code via 1 a crafted XAML browser application aka XBAP or 2 a crafted .NET Framework application, a...

CVE-2012-4777

CVE-2012-4777 affects Microsoft .NET Framework 4 and 4.5. The vulnerability arises from improper enforcement of object permissions in the reflection code-optimization feature, allowing remote code execution through a crafted XAML browser application (XBAP) or a crafted .NET Framework application....

Fedora Update for optipng FEDORA-2012-16680

Check for the Version of optipng OpenVAS Vulnerability Test Fedora Update for optipng FEDORA-2012-16680 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

Mandriva Linux Security Advisory : java-1.6.0-openjdk (MDVSA-2012:169)

Multiple security issues were identified and fixed in OpenJDK icedtea6 : - S6631398, CVE-2012-3216: FilePermission improved path checking - S7093490: adjust package access in rmiregistry - S7143535, CVE-2012-5068: ScriptEngine corrected permissions - S7167656, CVE-2012-5077: Multiple Seeders are...

java-1_7_0-openjdk: Update to icedtea-2.3.3 (important)

java-170-opendjk was updated to icedtea-2.3.3 bnc785814 Security fixes - S6631398, CVE-2012-3216: FilePermission improved path checking - S7093490: adjust package access in rmiregistry - S7143535, CVE-2012-5068: ScriptEngine corrected permissions - S7158796, CVE-2012-5070: Tighten properties...

CVE-2012-2876

Buffer overflow in the SSE2 optimization functionality in Google Chrome before 22.0.1229.79 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors...

[SECURITY] Fedora 18 Update: optipng-0.7.3-1.fc18

OptiPNG is a PNG optimizer that recompresses image files to a smaller size, without losing any information. This program also converts external formats BMP, GIF, PNM and TIFF to optimized PNG, and performs PNG integrity checks and corrections...

Potential for signature integrity compromise in Intel® Integrated Performance Primitives (Intel® IPP) Cryptography Domain

Summary: The cryptography CP domain in Intel’s newest version of Intel® Integrated Performance Primitives Intel® IPP v7.1 has been enhanced to improve its security and customers are strongly urged to update to this release. Description: Intel IPP v7.1 introduces Intel® AVX & Intel® AVX2 performan...

CVE-2012-2117

The CVE concerns the Gigya - Social optimization module for Drupal 6.x (prior to 6.x-3.2). The vulnerability arises from insufficient escaping of URL elements printed back to the user, enabling cross-site scripting (XSS). Affected software is the Gigya module for Drupal 6.x versions before 6.x-3....

eGlibc Signedness Code Execution

Exploit Title: eGlibc Signedness Vulnerability Date: November 2011 Exploit Author: c0ntex Vendor Homepage: http://www.eglibc.org Software Link: http://www.eglibc.org/home Version: eGlibc supplied by Ubuntu 10.4 LTS Tested on: Ubuntu 10.4 LTS CVE : CVE-2011-2702 A delicious, yet slightly cold...

Joomla Movm Extension (com_movm) SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Joomla commovm SQL Injection Date: 31-07-2012 Author: Daniel Barragan "D4NB4R" Twitter: @D4NB4R site: http://poisonsecurity.wordpress.com/ Vendor: http://www.movm.net/ Version: 1.0 Date Added 28 July 2012 License: Commercial $...