7133 matches found
Microsoft Internet Explorer 9 STYLE Object Parsing Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
GFI SandBox - Powerful automated malware analysis
GFI SandBox - Powerful automated malware analysis GFI SandBox™ formerly CWSandbox is an industry leading dynamic malware analysis tool. It gives you the power to analyze virtually any Windows application or file including infected: Office documents, PDFs, malicious URLs, Flash ads and custom...
GFI SandBox - Powerful automated malware analysis
GFI SandBox - Powerful automated malware analysis GFI SandBox™ formerly CWSandbox is an industry leading dynamic malware analysis tool. It gives you the power to analyze virtually any Windows application or file including infected: Office documents, PDFs, malicious URLs, Flash ads and custom...
SuSE 10 Security Update : coreutils (ZYPP Patch Number 7655)
This update of coreutils fixes the following security issue : - 697897: coreutils: when running 'su -c' to execute commands as different user the target user could inject command back into the calling users terminal via the TIOCSTI ioctl. This update also fixes the following non-security issues :...
PT-2011-1121 · Red Hat · Fuse +4
Name of the Vulnerable Software and Affected Versions: fuse versions 2.8.3 through 2.8.5 fuse-devel versions 2.8.3 fuse-libs versions 2.8.3 fuse-debuginfo versions 2.8.3 Description: The issue concerns multiple vulnerabilities in the fuse package of Red Hat Enterprise Linux, which can lead to...
Solar FTP 2.1.1 PASV Buffer Overflow
!/usr/bin/python Title: Solar FTP 2.1.1 PASV Command PoC Authors: Craig Freyman @cd1zz and Gerardo Iglesias @iglesiasgg Tested: Windows XP SP3 Vendor Contacted July 11, 2011 Vendor Response: July 12, 2011 - Will fix ASAP, approved release of PoC. Notes: We found different offsets depending on the...
Fedora 15 : feh-1.14.1-1.fc15 (2011-8750)
Changes since 0.10.1 : - Bug fixes Make zoomdefault key work properly with --geometry Only create caption directory when actually writing out a caption. read directory contents sorted by filename instead of 'randomly' as returned by readdir by default. Thanks talisein! Show certain warnings in th...
inappropriate GSSAPI delegation
When doing GSSAPI authentication, libcurl unconditionally performs credential delegation. This hands the server a copy of the client's security credentials, allowing the server to impersonate the client to any other using the same GSSAPI mechanism. This is obviously a sensitive operation, which...
Win32k. sys keyboard layout file to mention the right vulnerability analysis-vulnerability warning-the black bar safety net
Author: Sebastien Renaud Translator: riusksk(springs brother: the http://riusksk.blogbus.com) This article will give you shed some light on the Stuxnet Virus the technical details, mainly aimed at the about the author is how to use 0day vulnerabilities to achieve code versatility. Discussed below...
Fedora 15 : asterisk-1.8.3-1.fc15 (2011-2360)
The Asterisk Development Team has announced the release of Asterisk 1.8.3. This release is available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk/ The release of Asterisk 1.8.3 resolves several issues reported by the community and would have not been possible...
SAUSAGE Con Delves into IT Security's 'Human Problem'
‘Why is security so hard?’ That’s the question that a new conference focused on “useable security” will attempt to answer by bringing together experts on security, software development and human-computer interaction. DEK: ‘Why is security so hard?’ That’s the question that a new conference will...
[SECURITY] [DSA-2154-1] exim4 security update
------------------------------------------------------------------------ Debian Security Advisory DSA-2154-1 [email protected] http://www.debian.org/security/ Stefan Fritsch January 30, 2011 http://www.debian.org/security/faq -...
Rootkit Being Used in Attacks on Exim Bug
Attackers have begun using the bug in the Exim mailer that was disclosed earlier this week to install a rootkit on machines running vulnerable versions of the software. The vulnerability in Exim, which is a mail transfer agent used on Unix-based machines, came to light on Monday and can result in...
New Trojan Targets User Credentials on Popular Sites
A new information-stealing Trojan, believed to be of Chinese origin, has been identified by Avira researchers. This malware targets usernames and passwords for a variety of popular websites, including YouTube, Google, and PayPal, as well as Chinese sites like Youku, Tudou, Sogou, and Soho. The...
Researcher Releases JavaSnoop Java-Analysis Tool
Java has long been one of the more widely used–and widely criticized–technologies on the Web. It’s used virtually everywhere and roundly panned by security researchers for its security shortcomings. Now, a researcher has released a new tool, called JavaSnoop, that’s designed to help people better...
SuSE 11 Security Update : MySQL (SAT Patch Number 2317)
Updated MySQL packages fix the following bugs : - upstream 47320 - checking server certificates. CVE-2009-4028 - upstream 48291 - error handling in subqueries. CVE-2009-4019 - upstream 47780 - preserving nullvalue flag in GeomFromWKB. CVE-2009-4019 - upstream 39277 - symlink behaviour fixed...
What is Information Security?
Recently, I’ve heard some bits and pieces about how Information Security InfoSec can be “threat-centric” or “vulnerability-centric”. This stuck me funny for a number of reasons, mainly it showed a basic bias towards what InfoSec is. And to me, InfoSec is too complex to be described as...
Ubuntu Update for libvirt regression USN-1008-4
Ubuntu Update for Linux kernel vulnerabilities USN-1008-4 OpenVAS Vulnerability Test $Id: gbubuntuUSN10084.nasl 7965 2017-12-01 07:38:25Z santu $ Ubuntu Update for libvirt regression USN-1008-4 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH,...
Ubuntu 10.04 LTS : libvirt regression (USN-1008-4)
USN-1008-1 fixed vulnerabilities in libvirt. The upstream fixes for CVE-2010-2238 changed the behavior of libvirt such that the domain XML could not specify 'hostdevice' as the qemu sub-type. While libvirt 0.8.3 and later will longer support specifying this sub-type, this update restores the old...
Uncovering Covert Command-and-Control Channels
As the line between securely hosted and controlled enterprise applications and cloud-based applications continues to blur, there’s more “legitimate” traffic between corporate networks and the Internet than ever before. This opens up new vectors for attack by hackers and cybercriminals as more...