[SECURITY] Fedora 13 Update: cyrus-imapd-2.3.16-5.fc13

The cyrus-imapd package contains the core of the Cyrus IMAP server. It is a scaleable enterprise mail system designed for use from small to large enterprise environments using standards-based internet mail technologies. A full Cyrus IMAP implementation allows a seamless mail and bulletin board...

Forged Certificates: Five Steps To Secure Your Enterprise

The high profile compromise of Comodo, a Certificate Authority, has raised the spectre of a security compromise in one of the Internet’s few security pillars: SSL Secure Sockets Layer encryption that secures a dizzying array of Internet- and Web based transactions. With news that forged SSL...

Ashton Kutcher's Twitter Account Hacked By Geek Activist !

Hey, look: Ashton Kutcher's Twitter account was hacked in the name of Internet justice. Someone broke into his account and tweeted the messages above. Judging from their message, they probably used the notorious "Firesheep" application, which makes it easy for anyone to hijack other people's...

SuSE 10 Security Update : pidgin (ZYPP Patch Number 6709)

This update of pidgin fixes the following issues : - Allowed to send confidential data unencrypted even if SSL was chosen by user. CVE-2009-3026: CVSS v2 Base Score: 5.0 - Remote denial of service in yahoo IM plug-in. CVE-2009-3025: CVSS v2 Base Score: 4.3 - Remote denial of service in MSN plug-i...

[SECURITY] Fedora 14 Update: perl-IO-Socket-SSL-1.37-1.fc14

This module is a true drop-in replacement for IO::Socket::INET that uses SSL to encrypt data before it is transferred to a remote server or client. IO::Socket::SSL supports all the extra features that one needs to write a full-featured SSL client or server application: multiple SSL contexts, ciph...

[SECURITY] Fedora 13 Update: perl-IO-Socket-SSL-1.37-1.fc13

This module is a true drop-in replacement for IO::Socket::INET that uses SSL to encrypt data before it is transferred to a remote server or client. IO::Socket::SSL supports all the extra features that one needs to write a full-featured SSL client or server application: multiple SSL contexts, ciph...

Group Publishes Database of Embedded Private SSL Keys

A new project has produced a large and growing list of the private SSL keys that are hard-coded into many embedded devices, such as consumer home routers. The LittleBlackBox Project comprises a list of more than 2,000 private keys right now, each of which can be associated with the public key of ...

4) "S" stands for Safe(r)

Browsing a Web site for offers is one thing. Actually buying merchandise is another matter entirely. Online transactions should be carried out securely, using encryption to scramble the sensitive financial data you’re sending to the merchant’s Web site and that they’re sending to you. Before...

Oracle Secure Backup Administration property_box.php Command Injection (CVE-2010-0899)

Oracle Secure Backup is a backup solution allowing for centralized tape backup management. The server allows for single point of management of data present on network attached storage NAS devices and distributed hosts which may have different operating systems. The data in transit is kept secure ...

File Access Vulnerability in Easy File Sharing Web Server

File Access Vulnerability in Easy File Sharing Web Server Discovered by: Timothy "Thor" Mullen Testing by Steve "Raging Haggis" Moffat, Hammer of God, Bermuda Labs Product: Easy File Sharing Web Server, current versions, default installation Vendor: http://www.sharing-file.com/ Vendor Notificatio...

[SECURITY] Fedora 10 Update: cyrus-imapd-2.3.14-2.fc10

The cyrus-imapd package contains the core of the Cyrus IMAP server. It is a scaleable enterprise mail system designed for use from small to large enterprise environments using standards-based internet mail technologies. A full Cyrus IMAP implementation allows a seamless mail and bulletin board...

[SECURITY] Fedora 10 Update: perl-IO-Socket-SSL-1.26-1.fc10

This module is a true drop-in replacement for IO::Socket::INET that uses SSL to encrypt data before it is transferred to a remote server or client. IO::Socket::SSL supports all the extra features that one needs to write a full-featured SSL client or server application: multiple SSL contexts, ciph...

Sun Java System Identity Manager多个安全漏洞

BUGTRAQ ID: 34191 Sun Java System Identity Manager是一个完整的端到端的保护敏感数据和管理标识配置文件与许可的解决方案。 Sun Java System Identity Manager（IdM）受多个安全漏洞影响，具体如下： 由于没有使用SSL加密某些连接，远程非特权用户可以非授权访问客户端与IdM服务器之间所传输的数据（17763）。 本地或远程非特权用户可以判断是否存在有效的IdM帐号名（18052，18104）。 在IdM服务器上拥有帐号的用户可以更改其他IdM帐号的口令（18578）。...

[ GLSA 200808-08 ] stunnel: Security bypass

Gentoo Linux Security Advisory GLSA 200808-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity:...

stunnel: Security bypass

Background The stunnel program is designed to work as an SSL encryption wrapper between a remote client and a local or remote server. OCSP Online Certificate Status Protocol, as described in RFC 2560, is an internet protocol used for obtaining the revocation status of an X.509 digital certificate...

TPTI-08-02: Cisco Call Manager CTLProvider Heap Overflow Vulnerability

TPTI-08-02: Cisco Call Manager CTLProvider Heap Overflow Vulnerability http://dvlabs.tippingpoint.com/advisory/TPTI-08-02 January 16, 2008 -- CVE ID: CVE-2008-0027 -- Affected Vendor: Cisco -- Affected Products: Cisco Call Manager 4.13 -- Vulnerability Details: This vulnerability allows remote...

Debian: Security Advisory (DSA-896-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

JVN#19445002 APOP password recovery vulnerability

Impact APOP passwords may be compromised. When the same password is used for other systems, those systems could be compromised as well. Solution Products Affected Mail clients with an APOP implementation As this is a protocol issue, software fixes cannot solve the issue essentially. Encrypted...

Debian DSA-896-1 : linux-ftpd-ssl - buffer overflow

A buffer overflow has been discovered in ftpd-ssl, a simple BSD FTP server with SSL encryption support, that could lead to the execution of arbitrary code. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Securi...

CVE-2006-2461

BEA WebLogic Server before 8.1 Service Pack 4 does not properly set the Quality of Service in certain circumstances, which prevents some transmissions from being encrypted via SSL, and allows remote attackers to more easily read potentially sensitive network traffic...