Mozilla Plugs Firefox Pwn2Own Security Hole

Mozilla is the first browser vendor to fix a vulnerability exploited at this year’s CanSecWest Pwn2Own contest. Just one week after a U.K.-based hacker known as “Nils” broke into a 64-bit Windows 7 machine with a Firefox vulnerability, the open-source group shipped Firefox 3.6.3 to plug the...

Microsoft Security Bulletin MS10-018 - Critical Cumulative Security Update for Internet Explorer (980182)

Microsoft Security Bulletin MS10-018 - Critical Cumulative Security Update for Internet Explorer 980182 Published: March 30, 2010 Version: 1.0 General Information Executive Summary This security update resolves nine privately reported vulnerabilities and one publicly disclosed vulnerability in...

curl: zlib-compression causes curl to pass more than CURL_MAX_WRITE_SIZE bytes to write callback

contentencoding.c in libcurl 7.10.5 through 7.19.7, when zlib is enabled, does not properly restrict the amount of callback data sent to an application that requests automatic decompression, which might allow remote attackers to cause a denial of service application crash or have unspecified othe...

[SECURITY] Fedora 12 Update: fcron-3.0.5-1.fc12

Fcron is a scheduler. It aims at replacing Vixie Cron, so it implements most of its functionalities. But contrary to Vixie Cron, fcron does not need your system to be up 7 days a week, 24 hours a day: it also works well with systems which are not running neither all the time nor regularly contrar...

[SECURITY] Fedora 11 Update: tar-1.22-5.fc11

The GNU tar program saves many files together in one archive and can restore individual files or all of the files from that archive. Tar can also be used to add supplemental files to an archive and to update or list files in the archive. Tar includes multivolume support, automatic archive...

Google Chrome Multiple File Type Security Bypass

Google Chrome is a web browser developed by Google Inc. It provides rich web browsing similar to other web browsers such as Firefox, Opera, and Internet Explorer. Chrome is unique from other browsers because it follows a multi-process architecture: by default, a separate process is allocated to...

Adobe Plugs Critical PDF Code Execution Flaw

Adobe today released an out-of-band security update to patch a pair of gaping holes that expose hundreds of millions of computer users to remote code execution attacks. The vulnerabilities are rated “critical” and affect Adobe Reader and Adobe Acrobat on all platforms — Windows, Mac and Linux. Th...

snmp-netstat NSE Script

Attempts to query SNMP for a netstat like output. The script can be used to identify and automatically add new targets to the scan by supplying the newtargets script argument. Script Arguments max-newtargets, newtargets See the documentation for the target library. creds.service, creds.global See...

Microsoft Security Bulletin MS10-014 - Important Vulnerability in Kerberos Could Allow Denial of Service (977290)

Microsoft Security Bulletin MS10-014 - Important Vulnerability in Kerberos Could Allow Denial of Service 977290 Published: February 09, 2010 Version: 1.0 General Information Executive Summary This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability...

Microsoft Security Bulletin MS10-006 - Critical Vulnerabilities in SMB Client Could Allow Remote Code Execution (978251)

Microsoft Security Bulletin MS10-006 - Critical Vulnerabilities in SMB Client Could Allow Remote Code Execution 978251 Published: February 09, 2010 Version: 1.0 General Information Executive Summary This security update resolves two privately reported vulnerabilities in Microsoft Windows. The...

Microsoft Security Bulletin MS10-011 - Important Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (978037)

Microsoft Security Bulletin MS10-011 - Important Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege 978037 Published: February 09, 2010 Version: 1.0 General Information Executive Summary This security update resolves a privately reported vulnerability in...

data callback excessive length

When downloading data, libcurl hands it over to the application using a callback that is registered by the client software. libcurl then calls that function repeatedly with data until the transfer is complete. The callback is documented to receive a maximum data size of 16K CURLMAXWRITESIZE. Usin...

CURL-CVE-2010-0734 data callback excessive length

When downloading data, libcurl hands it over to the application using a callback that is registered by the client software. libcurl then calls that function repeatedly with data until the transfer is complete. The callback is documented to receive a maximum data size of 16K CURLMAXWRITESIZE. Usin...

Adobe PDF Reader Gets Another Security Makeover

Adobe has released a mega-update for its Reader and Acrobat software products to fix a total of eight documented security vulnerabilities. The update comes with significant security improvements, including the on-by-default addition “Enhanced Security,” a feature that provides a set of default...

[SECURITY] Fedora 11 Update: NetworkManager-0.7.2-2.git20091223.fc11

NetworkManager attempts to keep an active network connection available at a ll times. It is intended only for the desktop use-case, and is not intended f or usage on servers. The point of NetworkManager is to make networking configuration and setup as painless and automatic as possible. If using ...

Citrix Program Neighborhood Agent Arbitrary Shortcut Creation (CVE-2004-1077)

Citrix Presentation Server, formally known as Citrix MetaFrame, is designed for central application deployment. This package allows applications to be deployed and managed by a farm of dedicated servers and allow client machines to access these applications remotely. There exists an arbitrary...

Design/Logic Flaw

CQWeb aka the web interface in IBM Rational ClearQuest before 7.1.1 does not properly handle use of legacy URLs for automatic login, which might allow attackers to discover the passwords for user accounts via unspecified vectors...

CVE-2009-4357

CQWeb aka the web interface in IBM Rational ClearQuest before 7.1.1 does not properly handle use of legacy URLs for automatic login, which might allow attackers to discover the passwords for user accounts via unspecified vectors...

Design/Logic Flaw

Sun Ray Server Software 4.1 on Solaris 10, when Automatic Multi-Group Hotdesking AMGH is enabled, responds to a logout action by immediately logging the user in again, which makes it easier for physically proximate attackers to obtain access to a session by going to an unattended DTU device...

CVE-2009-4314

Sun Ray Server Software 4.1 on Solaris 10, when Automatic Multi-Group Hotdesking AMGH is enabled, responds to a logout action by immediately logging the user in again, which makes it easier for physically proximate attackers to obtain access to a session by going to an unattended DTU device...