[SECURITY] Fedora 22 Update: tomcat-7.0.68-3.fc22

Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participator...

java security update

CentOS Errata and Security Advisory CESA-2016:0511 An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detaile...

Security Issue with multimedia playback on Mac OSX

Currently your multimedia playback method uses an older and insecure method. I had to reinstate old plugins to make it work, and I would like to be able to disable these plugins as soon as possible. Can you please update your code for this as outlined here: https://support.apple.com/en-au/HT20508...

Security Issue with multimedia playback on Mac OSX

panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Cloud. Using Confluence Server? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFSERVER-41124. panel Currently your multimedia playback method uses an older and insecure method. I had to reinstate old plugins to mak...

Linux/x86-64 - Reverse Shell Shellcode

/ Exploit Title: Shellcode Linux x8664 Reverse Shell Date: 19/03/2016 Shellcode Author: Sudhanshu Chauhan LinkedIn: https://in.linkedin.com/in/sudhanshuchauhan Tested on: Ubuntu 14.04.1 x8664 global start start: ;Socket xor rax, rax xor rdi, rdi xor rsi, rsi xor rdx, rdx add rax, 41 add rdi, 2 ad...

[SECURITY] Fedora 23 Update: python-django-1.8.11-1.fc23

Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY Don't Repeat Yourself principle...

The vulnerability of the Oracle Sun Systems Product Suite software allows a perpetrator to compromise accessibility.

The vulnerability of the Oracle Sun Systems Product Suite is related to errors in the code. Exploiting this vulnerability can allow a malicious individual to compromise accessibility by manipulating DevFS-related operations...

nss security update

CentOS Errata and Security Advisory CESA-2016:0370 Updated nss-util packages that fix one security issue are now available for Red Hat Enterprise 6 and 7. Red Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System CVSS base score, whic...

Monkey race ray! RSA conference badge scanning application broke vulnerability-vulnerability warning-the black bar safety net

Recently, the BLUE BOX company's security researchers found: RSA 2 0 1 6 The General Assembly on the use of badge scanning APP there is a hard-coded default passwords. This year, RSA 2 0 1 6 The participants will get a unique surprise: the General Assembly, as many manufacturers offer a Samsung...

NSA's Rogers Quiet on Apple-FBI Debate at RSA

SAN FRANCISCO—National Security Agency and U.S. Cyber Command director Admiral Michael S. Rogers stood before tens of thousands of RSA Conference attendees on Tuesday and asked for help. In what has almost become a speaking slot reserved for the government to use as a recruiting pitch of some sor...

stlouis-mo.gov XSS vulnerability

Vulnerable URL: https://www.stlouis-mo.gov/government/departments/information-technology/web-development/ Details: Description| Value ---|--- Patched:| Yes, at 01.03.2016 Latest check for patch:| 01.03.2016 00:14 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank|...

[SECURITY] Fedora 23 Update: qt-creator-3.6.0-6.fc23

Qt Creator is a cross-platform IDE integrated development environment tailored to the needs of Qt developers...

Using EMET to Disable EMET

UPDATE July 7: This post has been updated in advance of a Black Hat 2016 presentation. Microsoft’s Enhanced Mitigation Experience Toolkit EMET is a project that adds security mitigations to user mode programs beyond those built in to the operating system. It runs inside “protected” programs as a...

How Often Should You Scan Websites and Web Applications for Vulnerabilities?

Web Applications and Websites Exist in a Dynamic Environment There is no questioning the fact that the web application security landscape is in a constant state of flux. The pace of change is not only rapid but resembles a constant game of cat and mouse between hackers and security professionals...

Modern Defenders Share, Visualize and Succeed

TENERIFE, Spain – Network defenders who rely solely on lists of assets to protect are running a fool’s errand. Instead, it’s crucial to think in graphs to not only visualize threats, but also to understand network edges, and dependencies between assets and accounts in order to be able to capture...

Maru OS — Android ROM that Turns into Debian Linux When Connected to a PC

Good News for Linux Techno Freaks! Do you usually mess with your Android smartphone by trying out the continual ins and outs of various apps and custom ROMs? Then this news would be a perfect pick for you! What If, you can effectively carry a Linux computer in your pocket? Hereby introducing a ne...

OpenJDK: incorrect boundary check in JPEG decoder (AWT, 8139017)

An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK. A specially crafted JPEG image could cause a Java application to crash or, possibly execute arbitrary code. An untrusted Java application or applet could use this flaw to bypass Java sandbox...

OpenJDK: PBE incorrect key lengths (Libraries, 8138589)

It was discovered that the password-based encryption PBE implementation in the Libraries component in OpenJDK used an incorrect key length. This could, in certain cases, lead to generation of keys that were weaker than expected...

OpenJDK: insufficient enforcement of totalEntitySizeLimit (JAXP, 8133962)

It was discovered that the JAXP component in OpenJDK did not properly enforce the totalEntitySizeLimit limit. An attacker able to make a Java application process a specially crafted XML file could use this flaw to make the application consume an excessive amount of memory...

OpenJDK: insufficient enforcement of totalEntitySizeLimit (JAXP, 8133962)

It was discovered that the JAXP component in OpenJDK did not properly enforce the totalEntitySizeLimit limit. An attacker able to make a Java application process a specially crafted XML file could use this flaw to make the application consume an excessive amount of memory...