CVE-2015-2233

Lenovo System Update formerly ThinkVantage System Update before 5.06.0034 does not properly validate CA chains during signature validation, which allows man-in-the-middle attackers to upload and execute arbitrary files via a crafted certificate...

Beijing, Shanghai, including hundreds of hotel chains InnGate wireless router there are serious security vulnerabilities-vulnerability warning-the black bar safety net

Latest survey report shows that Beijing, Shanghai, including hundreds of Inn of the InnGate wireless router there are serious security vulnerabilities, an attacker would be able to get the hotel to monitor and document data, to the hotel customers spread computer viruses, and even can access the...

ysoserial

ysoserial !GitHub releasehttps://img.shields.io/github/do...

Fedora 20 : claws-mail-3.11.1-2.fc20 / claws-mail-plugins-3.11.1-1.fc20 / libetpan-1.6-1.fc20 (2014-14234) (POODLE)

SSLv3 server connections are now disabled by default, in response to the POODLE vulnerability, see https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014- 3566. - Several PGP/Core plugin improvements - A new version of the RSSyl plugin, completely redesigned and rewritten. - The results of TAB...

IBM DB2 10.1 < Fix Pack 3a Multiple Vulnerabilities

According to its version, the installation of IBM DB2 10.1 running on the remote host is prior to Fix Pack 3a. It is, therefore, affected by one or more of the following vulnerabilities : - The included version of GSKit contains an error related to CBC-mode and timing that could allow an attacker...

IBM DB2 9.7 < Fix Pack 9a Multiple Vulnerabilities

According to its version, the installation of DB2 9.7 running on the remote host is prior to Fix Pack 9a. It is, therefore, affected by one or more of the following vulnerabilities : - An unspecified error exists related to handling malformed certificate chains that allows denial of service...

Adobe Flash Player Integer Underflow Remote Code Execution

This module exploits a vulnerability found in the ActiveX component of Adobe Flash Player before 12.0.0.43. By supplying a specially crafted swf file it is possible to trigger an integer underflow in several avm2 instructions, which can be turned into remote code execution under the context of th...

CVE-2014-0363

The ServerTrustManager component in the Ignite Realtime Smack XMPP API before 4.0.0-rc1 does not verify basicConstraints and nameConstraints in X.509 certificate chains from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted...

CVE-2014-0363

The ServerTrustManager component in the Ignite Realtime Smack XMPP API before 4.0.0-rc1 does not verify basicConstraints and nameConstraints in X.509 certificate chains from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted...

CVE-2014-0363

CVE-2014-0363 affects Ignite Realtime Smack XMPP API: ServerTrustManager fails to verify basicConstraints and nameConstraints in X.509 certificate chains from SSL servers, enabling MITM spoofing of servers and potential data leakage. The vulnerability is in the Smack API prior to 4.0.0-rc1. Remed...

CVE-2014-0628

The server in EMC RSA BSAFE Micro Edition Suite MES 4.0.x before 4.0.5 does not properly process certificate chains, which allows remote attackers to cause a denial of service daemon crash via unspecified vectors...

CVE-2014-0628

The server in EMC RSA BSAFE Micro Edition Suite MES 4.0.x before 4.0.5 does not properly process certificate chains, which allows remote attackers to cause a denial of service daemon crash via unspecified vectors...

On the use of Adobe 0day – CVE-2 0 1 4-0 5 0 2 attack behavior analysis-vulnerability warning-the black bar safety net

The other day FireEye released a use AdobeFlash new 0day attack report, and Adobe has been based on vulnerabilities released a security update. According to FireEye report, many sites will redirect visitors to the following contain a Trojan the malicious Server: Peterson Institute for...

Photodex ProShow Producer 5.0.3297 Buffer Overflow

Inshell Security Advisory http://www.inshell.net 1. ADVISORY INFORMATION ----------------------- Product: Photodex ProShow Producer Vendor URL: www.photodex.com Type: Stack-based Buffer Overflow CWE-121 Date found: 2013-02-16 Date published: 2013-02-16 CVSSv2 Score: 6,8 AV:N/AC:M/Au:N/C:P/I:P/A:P...

IP Theft, Supply Chain Security Major Worries for Government, Former Cybersecurity Czar Says

ANAHEIM, CALIF.–The theft of intellectual property through attacks on U.S. networks, both government-owned and private, has become one of the major concerns for officials at the top level of the federal government, not just among security staffs, but at the upper echelons of the White House and...

Google Fixes SSL Certificate Error in Chrome

Google has released an update for Chrome that repairs a problem when users attempt to connect to sites over HTTPS. In some instances, the browser will return an error messages that tells the user that the requested site’s server certificate is invalid even when that’s not the case. Some users hav...

Wireshark 1.4.4 DECT Dissector Buffer Overflow

!/usr/bin/env python -- coding: iso-8859-15 -- a = """ \n\t-- CVE: 2011-1591 : Wireshark = 2.5 For any comments, remarks, news, please mail me : ipv at team . net \n""" import sys, struct if sys.versioninfo = 2, 5: from scapy.all import else: from scapy import align def xv: return struct.pack"I",...

Wireshark 1.4.4 - DECT Dissector Remote Buffer Overflow

Wireshark 1.4.4 - DECT Dissector Remote Buffer Overflow !/usr/bin/env python -- coding: iso-8859-15 -- a = """ \n\t-- CVE: 2011-1591 : Wireshark = 2.5 For any comments, remarks, news, please mail me : ipv at team . net \n""" import sys, struct if sys.versioninfo = 2, 5: from scapy.all import else...

Wireshark 1.4.4 - DECT Dissector Remote Buffer Overflow

!/usr/bin/env python -- coding: iso-8859-15 -- a = """ \n\t-- CVE: 2011-1591 : Wireshark = 2.5 For any comments, remarks, news, please mail me : ipv at team . net \n""" import sys, struct if sys.versioninfo = 2, 5: from scapy.all import else: from scapy import align def xv: return struct.pack"I",...

[SECURITY] Fedora 16 Update: rsyslog-5.8.5-1.fc16

Rsyslog is an enhanced, multi-threaded syslog daemon. It supports MySQL, syslog/TCP, RFC 3195, permitted sender lists, filtering on any message part, and fine grain output format control. It is compatible with stock sysklogd and can be used as a drop-in replacement. Rsyslog is simple to set up,...