[SECURITY] Fedora 13 Update: mingw32-openssl-1.0.0-0.7.beta4.fc13

The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. This package contains Windows MinGW libraries and development tools...

Chrome Stable Update

The Google Chrome team is happy to announce the arrival of Chrome 11.0.696.57 to the Stable Channel for Windows, Mac, Linux, and Chrome Frame. Chrome 11 contains some really great improvements including speech input through HTML. Security fixes and rewards: Please see the Chromium security page f...

[SECURITY] Fedora 14 Update: perl-Mojolicious-0.999929-2.fc14

Back in the early days of the web there was this wonderful Perl library called CGI, many people only learned Perl because of it. It was simple enough to get started without knowing much about the language and powerful enough to keep you going, learning by doing was much fun. While most of the...

Fedora Update for geeqie FEDORA-2011-5200

Check for the Version of geeqie OpenVAS Vulnerability Test Fedora Update for geeqie FEDORA-2011-5200 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the term...

PT-2011-1148 · Kde +1 · Kdenetwork +5

Name of the Vulnerable Software and Affected Versions: KDE SC versions 4.6.2 and earlier kdenetwork versions 4.3.4 kdenetwork-devel versions 4.3.4 kdenetwork-debuginfo versions 4.3.4 kdenetwork-libs versions 4.3.4 Description: The issue is related to a directory traversal vulnerability in the...

Report: Application Security Still Mostly Sucks

The third State of Software Security SOSS report finds that software developers are still doing a poor job of making applications secure. Application testing firm Veracode, which compiled the report, found that 58% of almost 5,000 applications failing a security audit on the first pass – about th...

CentOS 5 : java-1.6.0-openjdk (CESA-2011:0214)

Updated java-1.6.0-openjdk packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

Wireshark 1.5.1 Development Release !

Wireshark 1.5.1 Development Release ! Wireshark 1.5.1 has been released. Installers for Windows, OS X, and source code are now available. New and Updated Features The following features are new or have been significantly updated since version 1.4: 1. Wireshark can import text dumps, similar to...

CVE-2011-1671

Cross-site scripting XSS vulnerability in app/controllers/todoscontroller.rb in Tracks 1.7.2, 2.0RC2, and 2.0devel allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to todos/tag/. NOTE: some of these details are obtained from third party information...

Making An Application Security Program Succeed

After winning the attention, and hopefully the backing of executives, as we covered in The Challenge of Starting an Application Security Program, it becomes much more straightforward to win the funding needed for the right tools, services, and training needed for secure application development. N...

[SECURITY] Fedora 13 Update: php-5.3.6-1.fc13

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

PT-2011-1087 · Gnu +1 · Glibc-Devel +7

Name of the Vulnerable Software and Affected Versions: glibc versions 2.3.4 glibc-utils versions 2.3.4 glibc-common versions 2.3.4 glibc-devel versions 2.3.4 glibc-profile versions 2.3.4 glibc-headers versions 2.3.4 nptl-devel version 2.3.4 glibc versions prior to 2.15-r3 Description: The issue...

Microsoft Cites Progress in SDL Report, Advocates More Adoption of ASLR, DEP

In the more than nine years since Bill Gates’s Trustworthy Computing email kicked off Microsoft’s comprehensive, company-wide security initiative, the company has not only committed a tremendous amount of money and resources to the project but also has been quite open and public about the process...

PT-2011-1091 · Gnu +1 · Nptl-Devel +7

Name of the Vulnerable Software and Affected Versions: glibc versions 2.3.4 and earlier glibc-utils versions 2.3.4 and earlier glibc-common versions 2.3.4 and earlier glibc-devel versions 2.3.4 and earlier glibc-profile versions 2.3.4 and earlier glibc-headers versions 2.3.4 and earlier nptl-deve...

[SECURITY] Fedora 15 Update: php-5.3.6-1.fc15

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

The Challenge of Starting an Application Security Program

Since organizations started opening their internal applications to the Web, a little more than a decade ago, it became clear that the security of those connected applications would be more complex – and critical to get right – than before. Unfortunately, through complacency, perhaps a feeling tha...

HP OpenView Network Node Manager ovwebsnmpsrv.exe Unrecognized Option Buffer Overflow

$Id: hpnnmovwebsnmpsrvuro.rb 12095 2011-03-23 15:43:25Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

HP OpenView Network Node Manager (OV NNM) - 'ovwebsnmpsrv.exe' Unrecognized Option Buffer Overflow (Metasploit)

$Id: hpnnmovwebsnmpsrvuro.rb 12095 2011-03-23 15:43:25Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

Mc.Graw Hill – Hacking Exposed 3rd Edition 2011

The latest Web app attacks and countermeasures from world-renowned practitioners. Protect your Web applications from malicious attacks by mastering the weapons and thought processes of today's hacker. Written by recognized security practitioners and thought leaders, Hacking Exposed Web...

PHP "substr_replace()"释放后重用远程内存破坏漏洞

BUGTRAQ ID: 46843 CVE ID: CVE-2011-1148 PHP是广泛使用的通用目的脚本语言，特别适合于Web开发，可嵌入到HTML中。 PHP的"substrreplace"函数在实现上存在释放后重用远程内存破坏漏洞，远程攻击者可利用此漏洞在网络服务器中执行任意代码，造成拒绝服务。 此漏洞源于在将同一个变量多次发送到"substrreplace"函数时，PHP会使该函数中的三个变量使用同一个指针，所以当函数中的类型转换更改了该指针，该指针也会使其他变量无效。 PHP PHP 5.3.x PHP PHP 5.2.x 厂商补丁： PHP ---...