OpenJDK: non-constant time GCM authentication tag comparison (JCE, 8143945)

It was discovered that the GCM Galois/Counter Mode implementation in the JCE component in OpenJDK used a non-constant time comparison when comparing GCM authentication tags. A remote attacker could possibly use this flaw to determine the value of the authentication tag...

Critical: Red Hat Security Advisory: java-1.6.0-ibm security update

An update for java-1.6.0-ibm is now available for Red Hat Enterprise Linux 5 Supplementary and Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a...

Critical: Red Hat Security Advisory: java-1.7.0-ibm security update

An update for java-1.7.0-ibm is now available for Red Hat Enterprise Linux 5 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

nspr, nss security update

CentOS Errata and Security Advisory CESA-2016:0684 An update for nss and nspr is now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

RedHat Update for java-1.7.0-openjdk RHSA-2016:0676-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

OpenJDK: incorrect handling of surrogate pairs in XML attribute values (JAXP, 8143167)

It was discovered that the JAXP component in OpenJDK failed to properly handle Unicode surrogate pairs used as part of the XML attribute values. Specially crafted XML input could cause a Java application to use an excessive amount of memory when parsed...

OpenJDK: unrestricted deserialization of authentication credentials (JMX, 8144430)

It was discovered that the RMI server implementation in the JMX component in OpenJDK did not restrict which classes can be deserialized when deserializing authentication credentials. A remote, unauthenticated attacker able to connect to a JMX port could possibly use this flaw to trigger...

OpenJDK: incorrect handling of surrogate pairs in XML attribute values (JAXP, 8143167)

It was discovered that the JAXP component in OpenJDK failed to properly handle Unicode surrogate pairs used as part of the XML attribute values. Specially crafted XML input could cause a Java application to use an excessive amount of memory when parsed...

Critical: Red Hat Security Advisory: java-1.8.0-openjdk security update

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

WPN-XM Serverstack 0.8.6 - Cross-Site Request Forgery

Exploit for php platform in category web applications + Credits: hyp3rlinx Vendor: =========== wpn-xm.org Product: ============================================== WPN-XM Serverstack for Windows - Version 0.8.6 WPN-XM is a free and open-source web server solution stack for professional PHP...

GEF - Multi-Architecture GDB Enhanced Features for Exploiters & Reverse-Engineers

GEF is aimed to be used mostly by exploiters and reverse-engineers. It provides additional features to GDB using the Python API to assist during the process of dynamic analysis or exploit development. GEF fully relies on GDB API and other Linux specific source of information such as /proc/pid . A...

[SECURITY] Fedora 23 Update: php-5.6.20-1.fc23

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

[SECURITY] Fedora 22 Update: php-5.6.20-1.fc22

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

Google may adopt Apple's Swift Programming Language for Android

Almost two years back, Apple introduced Swift programming language at its World Wide Developers Conference WWDC to the developers who build software applications for Apple devices. Swift was designed to make it easier for developers to create apps for Apple's mobile platform. Usually developers...

[SECURITY] [DSA 3544-1] python-django security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3544-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 07, 2016 https://www.debian.org/security/faq -...

'Hacking Team' Loses License to Sell Surveillance Malware Outside Europe

Hacking Team – the infamous Italy-based spyware company that had more than 400 GB of its confidential data stolen last year – is facing another trouble. This time not from other hackers, but from its own government. Hacking Team is infamous for selling surveillance spyware to governments and...

Important: Red Hat Security Advisory: graphite2 security, bug fix, and enhancement update

An update for graphite2 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

Child Development - Dangerous filesystem permissions, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Child Development published at the 'play' market has multiple vulnerabilities...

Patron Info System SQL Injection

Document Title: =============== Patron Info System - SQL Injection Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1784 Release Date: ============= 2016-03-21 Vulnerability Laboratory ID VL-ID: ==================================== 1784 Comm...

Rack-Bug - Debugging Toolbar For Rack Applications Implemented As Middleware

Rack::Bug adds a diagnostics toolbar to Rack apps. When enabled, it injects a floating div allowing exploration of logging, database queries, template rendering times, etc. Features Password-based security IP-based security Rack::Bug instrumentation/reporting is broken up into panels. Panels in...