CentOS 5 : java-1.7.0-openjdk (CESA-2014:0407)

Updated java-1.7.0-openjdk packages that fix various security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

OpenJDK: missing randomization of JNDI DNS client query IDs (JNDI, 8030731)

Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality and integrity via vectors related to JNDI...

OpenJDK: missing randomization of JNDI DNS client query IDs (JNDI, 8030731)

Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality and integrity via vectors related to JNDI...

OpenJDK: incorrect caching of data initialized via TCCL (JAXB, 8025030)

Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAXB...

Important: Red Hat Security Advisory: java-1.7.0-openjdk security update

Updated java-1.7.0-openjdk packages that fix various security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

[SECURITY] Fedora 19 Update: mingw-openssl-1.0.1e-6.fc19

The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. This package contains Windows MinGW libraries and development tools...

[SECURITY] Fedora 20 Update: ImageMagick-6.8.6.3-4.fc20

ImageMagick is an image display and manipulation tool for the X Window System. ImageMagick can read and write JPEG, TIFF, PNM, GIF, and Photo CD image formats. It can resize, rotate, sharpen, color reduce, or add special effects to an image, and when finished you can either save the completed wor...

Web Application Security Begins with Programming Language

When building an enterprise Web application, the most foundational decision your developers make will be the language in which the app is written. But is there a barometer that measures the security of the programming languages developers have at their disposal, or are comfortable with, versus...

First Phase of TrueCrypt Audit Turns Up No Backdoors

A initial audit of the popular open source encryption software TrueCrypt turned up fewer than a dozen vulnerabilities, none of which so far point toward a backdoor surreptitiously inserted into the codebase. A report on the first phase of the audit was released today by iSEC Partners, which was...

Exploits for Two-Year-Old PHP Security Vulnerability Found

Close to two years ago, a serious vulnerability in PHP was accidentally disclosed after it was discovered months prior during a hacking contest. A patch was released in relatively short order, and one would assume that given PHP’s prevalence as a web development framework, the fix would have been...

udisks security update

1.0.1-7.el65 - Make sure doc subpackage is noarch 1.0.1-6.el65 - Put devel-docs in a separate package related: rhbz1070145 . 1.0.1-5.el65 - Related: rhbz1070145...

Dexter, Project Hook Point of Sale Malware Still Prevalent

While the Target data breach may be in the rear view mirror, research this week shows it’s clear that many attackers are still using point of sale malware, namely Dexter and Project Hook, in active attacks. Researchers at Arbor Networks’ Security Engineering & Response Team ASERT looked at severa...

IBM Rational Quality Manager Jazz Team Server未明远程代码执行漏洞

Bugtraq ID:65900 CVE ID:CVE-2014-0862 IBM Rational Quality Manager是一款为完整的软件开发生命周期提供集成的测试计划和测试资产的协作的，基于Web的质量管理软件。 IBM Rational Quality Manager所包含的Jazz Team服务器存在未明错误，允许远程攻击者利用漏洞执行任意代码。 0 IBM Rational Quality Manager 2.x IBM Rational Quality Manager 3.x IBM Rational Quality Manager 4.x 厂商补丁： IBM...

SA-CONTRIB-2014-023 - Project Issue File Review - XSS

The Project Issue File Review PIFR module provides an abstracted client-server model and plugin API for performing distributed operations such as code review and testing, with a focus on supporting Drupal development. Two scenarios were identified where the module does not sufficiently sanitize...

[GoLismero v2.0] Merge results of security tools (OpenVas, Wfuzz, SQLMap, DNS recon, robot analyzer...)

GoLismero is an Open Source security tools that can run their own security tests and manage a lot of well known security tools OpenVas, Wfuzz, SQLMap, DNS recon, robot analyzer... take their results, feedback to the rest of tools and merge all of results. And all of this automatically. Changelog...

3S CODESYS Development System V2 Installed (Windows)

Binary data scadaappcodesys2detect.nbin...

[Charles] Web Debugging Proxy Application

Charles is a web proxy HTTP Proxy / HTTP Monitor that runs on your own computer. Your web browser or any other Internet application is then configured to access the Internet through Charles, and Charles is then able to record and display for you all of the data that is sent and received. In Web a...

Access Bypass in extensions "Yet Another Gallery" (yag) and "Tools for Extbase development" (pt_extbase)

It has been discovered that the extensions "Yet Another Gallery" yag and "Tools for Extbase development" ptextbase are susceptible to Access Bypass Release Date: February 12, 2014 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected...

RHEL 5 / 6 : java-1.6.0-ibm (RHSA-2014:0135)

Updated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System CVSS base scores, which give...

JDK: unspecified vulnerability fixed in 6u71 and 7u51 (Deployment)

Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5898 and CVE-2014-0375...