[SECURITY] Fedora 23 Update: python-tornado-4.2.1-1.fc23

Tornado is an open source version of the scalable, non-blocking web server and tools. The framework is distinct from most mainstream web server frameworks and certainly most Python frameworks because it is non-blocking and reasonably fast. Because it is non-blocking and uses epoll, it can handle...

[SECURITY] Fedora 23 Update: squid-3.5.9-7.fc23

Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DN...

Regular Expression Denial of Service

Overview The jadedown package is affected by a regular expression denial of service vulnerability when certain types of user input are passed in. Proof of concept var jadedown = require'jadedown'; var genstr = function len, chr var result = ""; for i=0; i=len; i++ result = result + chr; return...

jre8-openjdk-headless: multiple issues

CVE-2015-4734 information disclosure It was discovered that the JGSS component of OpenJDK did not properly hide Kerberos realm information from all error exceptions when running under Security Manager. An untrusted Java application or applet could use this flaw to obtain certain information about...

jre7-openjdk: multiple issues

CVE-2015-4734 information disclosure It was discovered that the JGSS component of OpenJDK did not properly hide Kerberos realm information from all error exceptions when running under Security Manager. An untrusted Java application or applet could use this flaw to obtain certain information about...

jre8-openjdk: multiple issues

CVE-2015-4734 information disclosure It was discovered that the JGSS component of OpenJDK did not properly hide Kerberos realm information from all error exceptions when running under Security Manager. An untrusted Java application or applet could use this flaw to obtain certain information about...

Apple Removes Apps That Expose Encrypted Traffic

Apple has purged its App Store of a number of apps that expose encrypted traffic via the installation of root certificates. Apple has declined to name the apps. “Apple has removed a few apps from the App Store that install root certificates that could allow monitoring of data,” Apple said today i...

Apple OS X System Boot Blocking Vulnerability

Apple OS X is an operating system developed by Apple Inc. Apple OS X EFI has a security vulnerability that allows attackers to build malicious applications that can render certain systems unbootable...

FTGate 7 - Cross-Site Request Forgery

Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-FTGATE-V7-CSRF.txt Vendor: ================================ www.ftgate.com www.ftgate.com/ftgate-update-7-0-300 Product: ================================ FTGate v7 Vulnerability Type:...

MediaWiki Special:Contributions Page Information Disclosure Vulnerability

MediaWiki is a free and free web-based Wiki engine developed and maintained by the Wikimedia Foundation and MediaWiki volunteers, which can be used to deploy in-house knowledge management and content management systems. A security vulnerability exists in the Special:Contributions page of MediaWik...

pam: DoS/user enumeration due to blocking pipe in pam_unix module

It was discovered that the unixrunhelperbinary function of PAM's unixpam module could write to a blocking pipe, possibly causing the function to become unresponsive. An attacker able to supply large passwords to the unixpam module could use this flaw to enumerate valid user accounts, or cause a...

pam security update

1.1.1-20.1 - fix CVE-2015-3238 - DoS due to blocking pipe with very long password...

FireFox file stealing 0day vulnerability has been hacked“real”use, the official emergency release to fix patch-bug warning-the black bar safety net

In Russia a web site, the researchers found a Firefox serious 0day exploits program Exp code, you can steal Windows and Linux users on the computer file. This security event is forcing Mozilla to the official emergency release patch. Vulnerability description The vulnerability is caused by the...

kernel: denial of service (DoS) attack against IPv6 network stacks due to improper handling of Router Advertisements.

It was found that the Linux kernel's TCP/IP protocol suite implementation for IPv6 allowed the Hop Limit value to be set to a smaller value than the default one. An attacker on a local network could use this flaw to prevent systems on that network from sending or receiving network packets...

[SECURITY] Fedora 21 Update: python-tornado-3.2.2-1.fc21

Tornado is an open source version of the scalable, non-blocking web server and tools. The framework is distinct from most mainstream web server frameworks and certainly most Python frameworks because it is non-blocking and reasonably fast. Because it is non-blocking and uses epoll, it can handle...

[SECURITY] Fedora 22 Update: python-tornado-3.2.2-1.fc22

Tornado is an open source version of the scalable, non-blocking web server and tools. The framework is distinct from most mainstream web server frameworks and certainly most Python frameworks because it is non-blocking and reasonably fast. Because it is non-blocking and uses epoll, it can handle...

Seagate Central unauthenticated file upload

Added: 06/09/2015 Background Seagate Central is a personal cloud storage device which can be connected to a wireless router. Problem Seagate Central has no root password, allowing unauthenticated users to upload arbitrary files via PHP. This can be leveraged to execute arbitrary commands by...

Design/Logic Flaw

The Firewall component in Apple OS X Server before 4.1 uses an incorrect pathname in configuration files, which allows remote attackers to bypass network-access restrictions by sending packets for which custom-rule blocking was intended...

CVE-2015-1150

The Firewall component in Apple OS X Server before 4.1 uses an incorrect pathname in configuration files, which allows remote attackers to bypass network-access restrictions by sending packets for which custom-rule blocking was intended...

'Net neutrality' — Save The Internet Before It's Too Late

Perhaps you have heard about "Net Neutrality," and the recent controversies over it in India. But first let’s understand What does Net Neutrality mean? Net Neutrality is simply the Internet Freedom — Free, Fast and Open Internet for all. Net Neutrality is the principle that Internet service...