545 matches found
Unreal Engine 'UnChan.cpp' Failed Assertion Remote Denial of Service Vulnerability
漏洞成因: 没有正确处理内存分配异常,导致拒绝服务漏洞 下列使用了该引擎的应用存在漏洞: Unreal Tournament 3.1.3 Unreal Tournament 2003 Unreal Tournament 2004 Dead Man's Hand Pariah WarPath Postal 2 Shadow Ops exp: http://www.securityfocus.com/data/vulnerabilities/exploits/31205.zip 参考: http://www.securityfocus.com/bid/31205/exploit source...
Microsoft Windows NT 4/2000 NetBIOS Name Conflict Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/1514/info An attacker can send the NetBIOS name service a NetBIOS Name Conflict message even when the receiving machine is not in the process of registering its NetBIOS name. The target will then not attempt to use that...
Mesa: Memory corruption (OOB read/write) on intel drivers
The Intel drivers in Mesa 8.0.x and 9.0.x allow context-dependent attackers to cause a denial of service reachable assertion and crash and possibly execute arbitrary code via vectors involving 3d graphics that trigger an out-of-bounds array access, related to the fsvisitor::removedeadconstants...
Unbreakable Enterprise kernel security and bugfix update
2.6.39-400.23.1 - Parallel mtrr init between cpus Zhenzhong Duan Orabug: 16777774 - Merge tag 'v2.6.39-400.21.1.16748891' of git://ca-git.us.oracle.com/linux-uek-2.6.39-ofed into uek-2.6.39-400 Maxim Uvarov Orabug: 16748891 - xen-blkfront: use a different scatterlist for each request Roger Pau...
Necurs Rootkit infect 83,427 machines in November
Rootkit named as "Necurs" infect 83,427 unique machines during the month of November 2012. It is a multi-purpose rootkits capable of posing a threat to both 32 and 64-bit Windows systems. Distributed via drive-by download on the websites that host the BlackHole exploit kit. Like other rootkits it...
New Dead drop techniques used by Security Agencies
Paul F Renda give an overview that, What and how new long distance and short distance Dead drop techniques are used by National Security Agency for secure communications. What is a dead drop? It is methods that spies use or have used to communicate with associates who have information for them. T...
Scientific Linux Security Update : openswan on SL5.x i386/x86_64
Gerd v. Egidy discovered a flaw in the Dead Peer Detection DPD in Openswan's pluto IKE daemon. A remote attacker could use a malicious DPD packet to crash the pluto daemon. CVE-2009-0790 It was discovered that Openswan's livetest script created temporary files in an insecure manner. A local...
Key Stuxnet LNK Spreading Mechanism Stops Working
One of the key infection methods for the Stuxnet worm was hard-coded to stop working on June 24, removing one of its techniques for propagation. Researchers say that the date, which is found in coded form in the worm’s instructions, is nearly three years to the day from the date that the first...
CentOS Update for openswan CESA-2009:0402 centos5 i386
Check for the Version of openswan OpenVAS Vulnerability Test CentOS Update for openswan CESA-2009:0402 centos5 i386 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...
CentOS Update for openswan CESA-2009:0402 centos5 i386
The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
Anonymous, LulzSec Dump 10 Gigs of Sensitive Law Enforcement Data
Hacker collectives, LulzSec and Anonymous claim to have compromised the servers of the Missouri Sheriff’s Association, posting some 10GB of sensitive data online. According to a statement posted online, the leaked information includes more than 300 email accounts from some 56 law enforcement...
Hacktivism: From Here to There
The current controversy regarding WikiLeaks and the attacks against the organizations that have opposed the group has sparked a large and complex conversation about the meanings of free speech, freedom of the press and online activism. As new as all of this may seem to some, this is by no means t...
Unreal Engine - ReceivedRawBunch() Denial of Service
Unreal Engine - ReceivedRawBunch Denial of Service source: https://www.securityfocus.com/bid/41737/info Unreal Engine is prone to a denial-of-service vulnerability. An attacker can exploit this issue to crash the affected server, resulting in denial-of-service conditions. The following games whic...
Unreal Engine - 'ReceivedRawBunch()' Denial of Service
source: https://www.securityfocus.com/bid/41737/info Unreal Engine is prone to a denial-of-service vulnerability. An attacker can exploit this issue to crash the affected server, resulting in denial-of-service conditions. The following games which are developed with Unreal Engine are affected:...
kernel: keyrings: find_keyring_by_name() can gain the freed keyring
Race condition in the findkeyringbyname function in security/keys/keyring.c in the Linux kernel 2.6.34-rc5 and earlier allows local users to cause a denial of service memory corruption and system crash or possibly have unspecified other impact via keyctl session commands that trigger access to a...
kernel: keyrings: find_keyring_by_name() can gain the freed keyring
Race condition in the findkeyringbyname function in security/keys/keyring.c in the Linux kernel 2.6.34-rc5 and earlier allows local users to cause a denial of service memory corruption and system crash or possibly have unspecified other impact via keyctl session commands that trigger access to a...
Sql injection
SQL injection vulnerability in player.php in Left 4 Dead L4D Stats 1.1 allows remote attackers to execute arbitrary SQL commands via the steamid parameter...
CVE-2010-0980
SQL injection vulnerability in player.php in Left 4 Dead L4D Stats 1.1 allows remote attackers to execute arbitrary SQL commands via the steamid parameter...
CVE-2010-0980
SQL injection vulnerability in player.php in Left 4 Dead L4D Stats 1.1 allows remote attackers to execute arbitrary SQL commands via the steamid parameter...
CVE-2010-0980
The CVE-2010-0980 entry concerns Left 4 Dead (L4D) Stats 1.1. The vulnerability is a SQL injection in player.php that allows remote attackers to modify or exfiltrate data via the steamid parameter. This is supported by multiple sources (NVD entry and related references) which indicate arbitrary S...